It’s hard to believe now, but just a few years ago, only the largest organizations were concerned with the need for network security. Now, of course, even smaller organizations are seeing the importance of security.

According to a just-released report from Global Information Security Workforce, there’s been a 10% annual growth rate for the information security profession, despite the projected economic slowdown. Over the next couple of weeks, we’ll be covering other notable findings/trends from the report, including hiring outlook for IT security pros and the increase in the number of security professionals reporting directly to senior management or the board of directors (almost half).

Today, I’ll cover one aspect of the report: the recognition and appreciation by hiring managers of information security as a specific skill set.

Since the need for this expertise is relatively new, there weren’t that many people out there with hands-on security experience until a few years ago. Hiring managers tended to depend on certifications as a criterion for hiring an employee in lieu of experience. According to the report:

Attaining a security certification made an important statement to potential employers that an individual had sought out the knowledge, skills, and abilities to defend an organization against possible breaches and build up defenses. This achievement placed candidates ahead of their peers, as additional metrics beyond certification were not available.

Although candidates are gaining hands-on experience, the importance of security certificates still ranked high among hiring managers, with 78% of them citing certs as “very important” or “somewhat important.”

The current issue is that today there are more than 40 vendor-neutral certs and more than 25 vendor-specific certs available. Frost and Sullivan, a firm hired to provide detailed insight into the report, maintains that this issue may “cause a dilution effect in the marketplace, which will make it a challenge for all certifications to differentiate themselves in the future” and that the onus will fall onto the sponsors and providers of security certs.

Bottom line for IT pros

Information is a hot field right now and getting hotter, so much so that you will need to differentiate yourself from the crowd. One way is to carefully choose which security cert you attain and to get as much experience in the trenches as you can.