Three Most In-Demand Cybersecurity Jobs

Uploaded on 2017-07-27 in NEWS-News Analysis, JOBS-Careers, FREE TO VIEW

Cybersecurity roles rank among the most difficult to fill in the enterprise, with the talent gap in this field expected to reach 1.8 million jobs by 2022.

This is a major problem, as threats such as ransomware are at an all-time high, according to Stephen Zafarino, senior director of recruiting at Mondo, a US based national staffing agency specialising in niche IT, tech, and digital marketing talent.

"It definitely can be a challenge, demand is extremely high, and supply is very low, so it's a candidate's market," Zafarino said. "Companies see the benefit of making sure they are investing in the right talent from the best places, and are definitely paying a heavy price as a result."

The average salary for a cyber-security engineer is between $110,000 and $160,000, Zafarino said. And skilled candidates are more able to negotiate salary, benefits, and perks such as working remotely than in the past, he added.

Here are the three most in-demand cybersecurity jobs this year, according to Mondo:

1. Penetration testers

Ransomware is on the rise. After the Petya attack, Zafarino said he received "plenty of phone calls about how to achieve higher security, and who can come evaluate it."

Penetration testers are often a good way to do that, as they go into your system and find vulnerabilities. From there, they will either correct the issue, or offer a detailed report of the flaws in the system so a company can bring in cyber-security engineers or analysts to fix them, and make sure no outside source can break in.
 
2. Cyber-security engineers

Cybersecurity engineers often come from a technical background within development, usually with knowledge of Python and Java. "They are able to get behind the code, and take a deep dive in to see what performance issues might occur from vulnerabilities, and what tweaks they can make," Zafarino said. They also make sure employees are up to date on security best practices.

3. CISOs

The chief information security officer (CISO) helms a company's cybersecurity strategies. "With all of these changes happening, it's important for companies to make sure they have the right leadership in place, and bring in people who are experts in the field," Zafarino said.

In the past, a networking engineer or programmer might have handled cybersecurity on the side. Today, companies want an experienced CISO or security director to lead their efforts. "They are able to come in and give the right strategy because they have gone through the gambit and seen what happens," Zafarino said.

"They have worked their way up to the top, and know the needs and how to address issues and the best tech to use. They are true subject matter experts. Clients are making sure they have these people in place so they are getting the right strategy and staying ahead of the curb."

Companies are also looking for leaders who aren't afraid to point out issues and offer solutions to fix them. They also need to be future-minded, and always looking into how they will continuously grow their approach to security and add new functions, be they tools or employees.

Looking to the Future

Zafarino predicted that we will see these same positions in demand going forward into 2018. "We may see a heavier focus on engineering and analysts, and a lot of companies are probably going to be looking for designated leadership with cyber-security," he said. "They'll also be making sure the right infrastructure is in place, as companies are starting to realize that everyone is a potential threat and taking measures as a result."
 
However, with so few available cybersecurity engineers, many companies are taking inexperienced people and training them, Zafarino said.

"For lower-level professionals, companies need to consider if they want to pay a premium for an analyst to get every skillset they're looking for, or if they want to invest in trainings and seminars," Zafarino said. If you chose the latter, it's key to bring in a consultant for a short amount of time to help get the employee up to speed. "In the long term, that person is probably perfect, especially if you don't have the money at hand," he said. "If you do, you absolutely want to go with the more senior resource, and you can bring in lower-level people along the way."

Zafarino said he commonly sees two paths to becoming a cyber-security professional.

In the first, a person comes from a computer science background, and can usually command a higher salary.

In the second, a person comes from a networking or helpdesk background, and works their way up to systems administrator by taking basic security courses. Those tend to hold lower level security analyst positions, as opposed to security engineers, which usually have a computer science background.

If you need to fill a hole immediately, Zafarino recommended hiring a consultant, which may be more readily available and cost effective.

"Since the threats keep coming more frequently, if you're looking to hire somebody, you probably want to do it sooner rather than later," Zafarino said.

Tech Republic:

You Might Also Read:

Want A Career In Cybersecurity?:

Cybersecurity Threats Are Changing Recruitment:

« Trump Tells US Cyber Command To Get More Aggressive
Cybersecurity Is More Difficult Than 2 Years Ago »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

Inspectiv

Inspectiv

Inspectiv offers a turn-key solution to continuously identify security vulnerabilities and provide security assurance.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.