Logo Rob Buckley – Freelance Journalist and Editor

Tracking down and retaining the right security people poses problems for companies

Tracking down and retaining the right security people poses problems for companies

If there's one thing almost everyone seems to agree on, it's that, despite the recession, few are going to be cutting back on security expenditure.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Getting someone and keeping them, when skilled people are at a premium, isn't easy. Generally, says Hutchon, most security professionals are motivated by self-development and the content of the job - and to a lesser extent by money - so giving employees the chance to work on new things and developing a suitable training package can not only keep an employee but attract a new one to the job. With flatter management structures in IT meaning promotions are rare, recognition among peers that they have sector expertise can be a rewarding alternative, as can the chance to speak at conferences. Developing this training package in conjunction with the employee lets them expand their career the way they want and helps with morale.

Cox highlights one graduate employee who left dns after three years to get more money. However, he returned within a year, Cox says, since the new firm didn't value security in the same way as dns.

The expanding market for IS skills means that experienced, talented professionals are as hard to find as ever, despite the recession. However, with the right techniques, they can be found and with the right package and nurturing they can be hired and enticed to stay.

Ten reasons why ISO 27001 can make you a better IS security professional

1. ISO 27001 is internationally recognised, both the standard and associated auditing qualifications, so your experience will be too.

2. It is best practice: it is a distillation of genuine experience and thought, so you benefit from others' experience.

3. It is risk-based: it looks at what security a company actually needs rather than imposing a standard set of measures; it allows you to give appropriate, justified and cost-effective advice.

4. It is a management standard, not a technical standard: it provides a model for the management of security and so allows you to demonstrate decision-making skills.

5. It is holistic: it considers all aspects of information security, not just technical measures, so it demonstrates breadth as well as depth.

6. Organisations can be independently certified: it provides an external, independent benchmark for your security management.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Interested in commissioning a similar article? Please contact me to discuss details. Alternatively, return to the main gallery or search for another article: