Salaries for federal information security workers are beginning to lag behind those received by their private sector counterparts, an issue that could impact agencies that already are facing challenges in recruiting, hiring and retaining in-demand cyber talent, according to a new report.
The government-specific results of the Global Information Security Workforce Study, released Tuesday by (ISC)2 and Frost & Sullivan, found that federal cyber workers earn an average salary of $106,430, quite a bit less than the average private sector salary of $111,376. The lag in federal salaries is likely due to federal budget restraints and nearly three years of a continuing resolution, the study noted.
Contractors also have the highest annual salaries among information security workers involved in government projects, earning $113,676 per year on average, according to the survey.
The study, which was conducted in the fall of 2012, polled 1,931 workers from state, local or federal government; contractor organizations; or independent consultants. The majority of respondents (1,100) were from federal agencies.
In addition, federal salaries are losing their competitive edge at a time when most federal cyber workers (60 percent) report that their organizations are understaffed, the study found. Security analysts (46 percent), security engineers (38 percent), security auditors (34 percent) and security systems administrators (33 percent), were the most in-demand fields cited by federal respondents.
Surprisingly, however, federal respondents cited business conditions -- not the lack of qualified personnel -- as the top reason for staffing shortages. For example, when asked about the reason for staffing shortages, 58 percent of federal respondents said business conditions could not support additional personnel, while 42 percent said it is difficult to find qualified personnel.
For agencies that are able to find qualified talent, most are hiring internally (22 percent), military veterans (22 percent), or from the private sector (19 percent). The Scholarship for Service program provided just 4 percent of new hires, the study found. Eighty-five percent of federal respondents said it was important for the job candidate to have information security certifications, while 56 percent said it was important for the candidate to have an information-security degree.
But despite the heightened awareness about the need for greater cybersecurity measures to combat cyber threats, all government respondents noted that hiring and retaining qualified cyber personnel is by far the most important factor in securing an organization’s infrastructure, even more important than improved funding, development of a national cyber response capability, and expanded cyber coordination capabilities.