IT and Business Insights for SMB Solution Providers

The Costs and Challenges of Hiring IT Security Professionals

Cloud and IT security have a lot in common. You simply can’t ensure the performance of virtual technologies without effective network and data protection. And with cloud making up an increasingly large portion of corporate infrastructure each year, concerns for the provider community continue to grow. After all, they are often charged with addressing businesses’ vulnerabilities and calming their anxieties.

With a growing number of unsupported devices on their networks, someone needs to make it all work. And that job gets harder for MSPs and solution providers every year as the demand for skilled security professionals continues to grow. It’s hard to find and keep good people. At their joint meeting at ChannelCon, Members of the Cloud and IT Security Communities discussed that issue, kicking it off with a presentation by Eric Pinto, Director of Business Development & Client Services for VAR Staffing.

How much should you pay for quality security expertise? Quite a bit more than standard technical experience, according to Pinto, also an Executive Council Member of the IT Security Community. "Increasing demand is pushing people into specialized sectors, so your company has to be willing and able to pay the price to get certified talent." You can't cut corners.

For example, IT services firms that are looking to hire a quality IT security professional in New York City typically compete with heavy hitters for that talent, including financial institutions, deep-pocket corporations, and government agencies. Where demand is hot for those skills and supply is low, those costs are substantially higher. In New York, for example, the average salary of a certified IT security professional is $119,000 per year.

Investments in this area are never cheap. Nor should they be when trying to bring in the right person with the proper level of expertise. With a national average salary of $93,000 (which equates to more than $44.00 per hour), channel firms need to proceed with some caution in this area and carefully execute on their IT security recruiting strategy. It's easy to get into a bidding war with multiple suitors, which usually leads to over paying for someone they hadn't had time to properly investigate and screen ‒ a risky and potentially costly venture properly.  

Pinto points out that MSPs and MSSPs need to know what we're looking for before building a job description or talking to prospective employees. "What are your clients' specific security needs? Create a baseline of technical needs and requirements, then focus on finding individuals with those skills."

Can you groom existing personnel and help them acquire the needed certifications? HR specialists suggest that's the best approach, but there are downsides. Providers often end up investing their limited training dollars in team members with little or no commitment to the company, who then use their newly acquired skills to earn more money elsewhere. Watch out for resume builders who seek certifications just to improve their marketability.

Pay a Premium for Performers

On the flip side, all employees enjoy incentives. Have you budgeted bonus cash for those who complete the needed certification and training programs? Money is still a major motivator, but younger team members may prefer extra vacation days or a more flexible work schedule as a reward. Employers need to be incredibly creative today if they wish to motivate their employees.

Smaller IT services firms are typically reluctant to promote from within when building out a security practice. Backfilling key positions can be difficult, suggests Pinto. "Can you afford to lose an employee from their current position?" Of course, when the best-qualified individuals are passed over based on their value in current roles, they may feel limited and end up leaving anyway. Good companies nurture ambition and reward success.

When it comes to IT security, there are no simple answers when it comes to hiring. The first objective should always involve building a long-term IT security strategy, followed by a complete skills gap assessment to identify areas of need. With the right lead time and goals, the recruiting and training process should be a lot easier.  


Lisa Person is Director of Member Communities at CompTIA

About the Author

With more than 2,000 members, 3,000 academic and training partners and tens of thousands of registered users spanning the entire information communications and technology (ICT) industry, CompTIA has become a leading voice for the technology ecosystem.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.