IT Security in Today’s Environment
If the constant, news about ransomware attacks and security breaches is not enough to highlight the critical importance of cybersecurity roles today, nothing will. The world is full of bad actors intent on doing harm to businesses, governments, and individuals. Only good actors, intent on thwarting these insidious and damaging intruders, can stand in the way. Cybersecurity is both a noble profession and a greenfield of opportunities for individuals seeking to do good, to frustrate those who seek digital upheavals, and to help commerce and government-operated unimpeded by enemy attacks. Add to this the ever-increasing salaries and benefits for skilled IT security professionals and one finds a wholly “secure” career path, pun intended.
Understanding the Inherent Need for Security
Exploring Maslow’s Hierarchy of Needs, the need of humans for security and safety is second only to food, air, and shelter. It’s no surprise then that this human motivation oozes to businesses as well, especially given the mounting evidence of the damage and extreme costs that cybersecurity intrusions can exact. According to CyberSecurity Ventures, the estimated costs to businesses globally for cyber intrusions will exceed $6 trillion by 2021, up from $3 trillion in 2015. We are conditioned both as humans and as business professionals to secure ourselves and our corporate resources. When faced with these inescapable economic realities we become doubly motivated to take action and secure our surroundings. Sadly, however, the need to take action against cyber threats and intrusions is highly dependent on qualified and skilled individuals to manage and parry them. And therein lies a core, undeniable issue staring down nearly every business: the lack of talented cyber professionals globally.
How Large is the Skills Gap?
In a word, huge! Astonishing as it may seem, analysts suggest that by the end of 2018 there will be up to two million unfilled cybersecurity jobs. Approximately six million cyber professionals will be needed with only four million available. By 2021 according to CyberSecurity Ventures, that gap will increase to 3.5 million unfilled positions. Security vendor, McAfee, dug in even deeper and found that 82% of surveyed IT and cybersecurity decision-makers had a shortage of cyber skills in their companies. According to a report from Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), 22% of survey respondents said their cyber team was not large enough and 18% said they could not keep up with the cyber workload. Such a state of affairs does not bode well for enterprises as their understaffed teams face an onslaught of ever-more nefarious schemes.
Robert Herjavec, star of TV show Shark Tank and founder and CEO at Herjavec Group, a Managed Security Services Provider with offices globally, says, ”Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the Black Hats.”
While this cybersecurity talent gap presents a very pressing challenge for businesses on the short end of the stick, it is a boon for cybersecurity professionals wanting to either enter the field or expand their footprint in the field. Though the market in the U.S. is tight for cyber talent, it’s even worse in other parts of the world where for every three vacancies there is only one candidate.
Where Cyber Demand is Highest
Recognizing its rapid growth and massively changing environment, the APAC region has the greatest demand for cyber professionals globally. Transitioning from its historical industrial economy to more high-value digital venues is not without its challenges and has made this part of the world most susceptible to cybercriminals. China, in fact, accounted for the largest share of more than 31% of the APAC cybersecurity market in 2016.
Big Bucks for Skilled Cybersecurity Professionals
With talent shortages come rising salaries, expanded benefits and other perks. Data from the U.S. Department of Labor’s Bureau of Labor Statistics indicates that the median pay for cybersecurity professionals in 2016 was $92,000 annually, which is expected to cross the $100,000 threshold by the end of 2018. When considered in context with other, less in demand IT jobs, cybersecurity pay is expected to command at least a 10% premium.
Cyber Roles That are Most in Demand
Individuals considering a career in cybersecurity would be wise to consider the following roles as they represent the most in-demand, including:
- Security Analyst
- Security Engineer or Architect
- Security/IT Director or Manager
- CISO/CSO, Systems Administrator
- Network Architect or Engineer
- Forensics Investigator
- Systems Engineer or Integrator
Functionally, the skills that are most in-demand include:
- Incident handling and response
- Audit and compliance
- Firewall/IDS/IPS skills
- Intrusion detection
- Analytics and intelligence
- SIEM management
- Access/identity management
- Application security development
- Advanced malware prevention
- Cloud computing/virtualization
With advice for IT workers and new professionals in the field, Herjavec said, “There is a zero-percent unemployment rate in cybersecurity and the opportunities in this field are endless. Gone are the days of siloed IT and security teams. All IT professionals need to know security – full stop. Given the complexity of today’s interconnected world, we all have to work together to support the protection of the enterprise.”
Further indications that businesses recognize the need to take seriously the ever-evolving threat from cyber intrusions and disruptions, approximately 65% of large U.S. companies have a Chief Information Security Officer position, up from 50 percent in 2016, according to ISACA, an independent, nonprofit, global association. While this uptick is not surprising, Cybersecurity Ventures predicts that 100% of large companies globally will have a CISO position by 2021. Fifteen years ago, the CISO position didn’t even exist.
The Internet of Things as Game Changer
Importantly, cyber challenges are not limited to the enterprise. Indeed, as the proliferation of the Internet of Things (IoT) continues its global spread, securing devices, appliances, cars, screens, and even toasters has become of paramount importance. The enterprise no longer has four walls, a server room and a set of physical security boundaries. Today, penetrations can occur anywhere and anytime on any device, with each intrusion or disruption causing potentially millions in damages. Skilled and entry-level security professionals thus have an even greater opportunity both to protect the current roadmaps of companies and to chart the future. Much like our universe continued to expand after the big bang, so too is the edge of our known networks, pushing boundaries further and further out from the center.
Future Considerations for Finding, Training and Building Cyber Talent
Given the shortage of talent and the daunting need to address cyber issues immediately, many companies are turning to third-party managed service providers. No slouch when it comes to finding and retaining top talent, Microsoft estimated that 75 percent of infrastructure will be under third-party control (i.e., cloud providers or Internet Services Providers) by 2020. While leveraging outside security providers in the short term can alleviate some of the most pressing issues, the longer-term dearth of talent will not abate. Smart companies — and smart employees — recognize this and are undertaking efforts to utilize and re-train existing, on-site talent to address cybersecurity issues. According to PwC’s “Global State of Information Security Survey 2018,” many companies are resorting to a combination of third party managed services and talent retraining and redeployment. Help Net Security reports that many companies are actually taking employees from non IT departments and training them in cybersecurity from scratch, believing that starting from a clean slate avoids any entangling alliances with or pesky baggage from other parts of the IT department. Part of any comprehensive initiative to address cyber issues involves training, both for IT professionals and line employees. Online courses like ITPro.TV’s “CyberPartriot and Cybersecurity” are a good place to start.
Cybersecurity is and will remain a hot area for businesses of all types, large and small. As bad cyber actors become more and more sophisticated in their attempts to undermine systems, companies, governments, and individuals, it’s incumbent on businesses to respond forcefully and without delay. Because of this utterly unavoidable fact, individuals interested in cybersecurity careers will be in the catbird seat for many years to come.