For many companies, security threats are all theoretical, but they are required to have the positions to meet some compliance requirement. They need to have them, but don’t really want them, which would explain the lack of enthusiasm (as demonstrated by the low salaries) in getting the jobs actually filled.
Also, a lot of infosec positions are just chugging through audits and ticking boxes to say whether you have some control in place or not. Those are more clerical positions that don’t require deep technical knowledge that could command a higher salary.
Also, a lot of infosec positions are just chugging through audits and ticking boxes to say whether you have some control in place or not. Those are more clerical positions that don’t require deep technical knowledge that could command a higher salary.