Three Most In-Demand Cybersecurity Jobs

Uploaded on 2017-07-27 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Cybersecurity roles rank among the most difficult to fill in the enterprise, with the talent gap in this field expected to reach 1.8 million jobs by 2022.

This is a major problem, as threats such as ransomware are at an all-time high, according to Stephen Zafarino, senior director of recruiting at Mondo, a US based national staffing agency specialising in niche IT, tech, and digital marketing talent.

"It definitely can be a challenge, demand is extremely high, and supply is very low, so it's a candidate's market," Zafarino said. "Companies see the benefit of making sure they are investing in the right talent from the best places, and are definitely paying a heavy price as a result."

The average salary for a cyber-security engineer is between $110,000 and $160,000, Zafarino said. And skilled candidates are more able to negotiate salary, benefits, and perks such as working remotely than in the past, he added.

Here are the three most in-demand cybersecurity jobs this year, according to Mondo:

1. Penetration testers

Ransomware is on the rise. After the Petya attack, Zafarino said he received "plenty of phone calls about how to achieve higher security, and who can come evaluate it."

Penetration testers are often a good way to do that, as they go into your system and find vulnerabilities. From there, they will either correct the issue, or offer a detailed report of the flaws in the system so a company can bring in cyber-security engineers or analysts to fix them, and make sure no outside source can break in.
 
2. Cyber-security engineers

Cybersecurity engineers often come from a technical background within development, usually with knowledge of Python and Java. "They are able to get behind the code, and take a deep dive in to see what performance issues might occur from vulnerabilities, and what tweaks they can make," Zafarino said. They also make sure employees are up to date on security best practices.

3. CISOs

The chief information security officer (CISO) helms a company's cybersecurity strategies. "With all of these changes happening, it's important for companies to make sure they have the right leadership in place, and bring in people who are experts in the field," Zafarino said.

In the past, a networking engineer or programmer might have handled cybersecurity on the side. Today, companies want an experienced CISO or security director to lead their efforts. "They are able to come in and give the right strategy because they have gone through the gambit and seen what happens," Zafarino said.

"They have worked their way up to the top, and know the needs and how to address issues and the best tech to use. They are true subject matter experts. Clients are making sure they have these people in place so they are getting the right strategy and staying ahead of the curb."

Companies are also looking for leaders who aren't afraid to point out issues and offer solutions to fix them. They also need to be future-minded, and always looking into how they will continuously grow their approach to security and add new functions, be they tools or employees.

Looking to the Future

Zafarino predicted that we will see these same positions in demand going forward into 2018. "We may see a heavier focus on engineering and analysts, and a lot of companies are probably going to be looking for designated leadership with cyber-security," he said. "They'll also be making sure the right infrastructure is in place, as companies are starting to realize that everyone is a potential threat and taking measures as a result."
 
However, with so few available cybersecurity engineers, many companies are taking inexperienced people and training them, Zafarino said.

"For lower-level professionals, companies need to consider if they want to pay a premium for an analyst to get every skillset they're looking for, or if they want to invest in trainings and seminars," Zafarino said. If you chose the latter, it's key to bring in a consultant for a short amount of time to help get the employee up to speed. "In the long term, that person is probably perfect, especially if you don't have the money at hand," he said. "If you do, you absolutely want to go with the more senior resource, and you can bring in lower-level people along the way."

Zafarino said he commonly sees two paths to becoming a cyber-security professional.

In the first, a person comes from a computer science background, and can usually command a higher salary.

In the second, a person comes from a networking or helpdesk background, and works their way up to systems administrator by taking basic security courses. Those tend to hold lower level security analyst positions, as opposed to security engineers, which usually have a computer science background.

If you need to fill a hole immediately, Zafarino recommended hiring a consultant, which may be more readily available and cost effective.

"Since the threats keep coming more frequently, if you're looking to hire somebody, you probably want to do it sooner rather than later," Zafarino said.

Tech Republic:

You Might Also Read:

Want A Career In Cybersecurity?:

Cybersecurity Threats Are Changing Recruitment:

« Trump Tells US Cyber Command To Get More Aggressive
Cybersecurity Is More Difficult Than 2 Years Ago »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

The CyberWire

The CyberWire

The CyberWire gets people up to speed on cyber quickly and keeps them a step ahead in a continually changing industry.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.

Repello AI

Repello AI

Repello - making AI safe to trust. We help you continuously red-team your GenAI applications against ever-evolving AI threat landscape.