The Bright Horizon For Information Security Jobs

Uploaded on 2015-06-15 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

ss_2015_security_pros_in_the_catbird_seat-100580890-large.idge.png

With graduation season upon us, new graduates entering the workforce are understandably anxious about their future employment. However, at least one group is poised to take advantage of a market suffering from a massive skills shortage: cybersecurity professionals.

The Bureau of Labor Statistics’ Occupational Outlook Handbook projects the demand for information security professionals will increase by 100,000 jobs in the next seven years. That need will only increase in the coming years as cybercrime continues to prove more lucrative.

The outlook for this fortunate group of new college graduates is promising. However, organizations planning to hire from this talent pool should fully understand the associated challenges.

Any effective security team requires technical members with a broad set of backgrounds and skill sets, often delineated into “Tier 1” and “Tier 2” groups. Tier 1 members generally provide a first line of review or response, and handle the most basic functions from the security team’s task lists. These tend to include following pre-determined response procedures such as virus removal, automated system restoration, or escalating the more suspicious events for further review.
Tier 2 members have more real-world experience with those escalations – the events that don’t meet pre-determined conditions. Their practical background helps to quickly weed out a false positive event or determine whether a particular observation is “wrong.”

This real-world experience is the core differentiation between a Tier 1 and Tier 2 team member – and it can only be gained over time. Granted, advanced degrees and sound technical certifications can help to establish professional credibility, but there is no substitute for real-world experience.

Unfortunately, Tier 2 team members are becoming increasingly difficult to hire and retain. The federal government announced its intent to fill 3,000 cybersecurity positions, but the talent pool they share with industry is a finite resource that is already under-filled. Many of these governmental positions are at the top of the federal pay ranges, further driving salary expectations for an experienced security professional to a level that is not viable for many organizations.

Organizations are faced with several options — none of which are ideal. They may attempt to hire a large group of Tier 1 team members, but considering the pending talent shortage, this is a challenge at best. Even if they manage to outfit their teams with a large group of new hires, such a team requires the guidance and tutelage of more experienced technical team members at Tier 2 to be effective.

Another method some organizations use to alleviate the strain on personnel is to use so-called automated solutions to supplement a sparse security team. Despite bold vendor claims, such solutions require trained professionals to effectively deploy and operate. Many also prefer to over-notify the operators to avoid “missing” a critical event. This often leads to alert fatigue, in which too many alerts lead to missing the small fraction that actually require attention.

Retaining top talent is the simplest solution but can be the most expensive. As demand grows across the employment force, competitive salaries will rise faster than most organizations can support. Management must find creative ways to encourage retention without relying solely on salary and other easy perks.

Job progression opportunities are a key mechanism. An employee who sees a future with their current company is less likely to seek employment elsewhere. Investment in workforce development is another method. Establishing a fair and practical training budget shows employees they can continue career progression in a company that values their professional development. There are many other options in this area, but salary alone is rarely a practical solution to foster retention.
Whether building a team from scratch, back-filling vacancies left through attrition, or supporting a broader security mission by augmenting an existing team, hiring talent is a necessity for any organization. Bringing any new talent onto the team is a challenge. Recruiters and hiring managers must effectively screen candidates for technical skills and placement onto an existing team.

Evaluating Tier 1 candidates has recently been eased somewhat by the establishment of undergraduate degree programs that focus specifically on information security. Many of these programs are still in their infancy, and have yet to be proven in the workplace.

After selecting a candidate, there is an acclimation period before a new employee is contributing at their full potential. This may involve formal and on-the-job training, a gradual ramp-up period for the new hire’s workload, and other production-limiting factors.

The demand for top security talent will continue to increase for the foreseeable future. While this is certainly welcome for recent graduates in security-focused degree programs, the need for real-world experience can only be acquired over time.

Techcrunch:  

« Europol: Dozens Arrested in Cybercrime Sweep
UK Web Snooping Powers Are 'Undemocratic' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

RiskSmart

RiskSmart

RiskSmart empower risk, compliance, and legal teams with a tech-led and data-driven platform designed to save time, reduce costs and add real value to businesses.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.