Of all the high-demand areas in IT, security stands out at the top. According to DICE, the number of security jobs skyrocketed by more than 40% from 2014 to 2015, to 50,000 openings, compared with 16.8% growth the year before.
"Security jobs are growing at a far more rapid pace than other areas of technology, which are also growing rapidly," says Bob Melk, president at DICE.
Meanwhile, in a 2015 survey by ISC2, 62% of respondents said they lacked adequate security staff, and 45% cannot find qualified candidates. In five years, the organization says, the shortfall in the global information security workforce will reach 1.5 million.
The inability of many companies to fill these jobs is only driving up salaries - as well as IT professionals' interest in developing the skills to fill these jobs. "It pays well and is in high demand," says Julie Oates, senior technical recruiter at Mondo. "There are so many jobs out there, and there will be more and more."
Here are some insights to help IT professionals take advantage of the shortage - as well as some reasons it might not be the right move for you.
• Don't worry if you don't have specific security experience.
Much of the demand today is focused on roles that require several years of experience, such as senior security software engineers, Oates says. Such roles can demand upwards of $200,000, she says. The ISC2 study also reports that the highest job growth will be for security engineers and architects.
At the same time, there is still a wide array of security needs, says Julien Bellanger, co-founder and CEO at Prevoty, an application security monitoring and protection company. "So many different types of skillsets are in demand for security, and no single person can field all these roles," he says. "You need a very large team to cover all the bases," including people who understand what's going on with the network and network traffic, the hardware appliances, the applications and the business logic of the applications."
Tony Martin-Vegue, risk manager at a Bay Area financial services institution, agrees that information security is "a huge and widely varied field that includes programmers, risk managers, PR experts who can talk to business professionals in terms they understand, people who understand human behavior and even people with an economics background. "If you have an economics degree or understand finance, I'd hire you as a risk manager even without security expertise because that's all economics and finance is, is understanding risk."
Similarly, he says, someone with a background in psychology would have the needed insights to understand why, for example, someone would click on a phishing link and how to deter that behavior. "You need a baseline of cyber or information security knowledge, but you can still use what you already know to educate yourself," Martin-Vegue says. "You're not starting from scratch."
Sign up for CIO Asia eNewsletters.