Cybersecurity CEO: As COVID-19 Surged, So Did Demand for Cybercrime Fighters
June 22, 2020
The cybersecurity labor market bucks the trend.
Los Angeles, Calif. – June 17, 2020
With unemployment rates plummeting globally, it’s hard to fathom a spike in demand for talent. But that’s exactly what the cybersecurity industry witnessed in the first half of 2020.
A recent study by Gartner revealed that as the number of cases of COVID-19 spiked globally, so did cyberattacks. From February 1 to April 10 of this year, there was a 65 percent increase in demand for cybersecurity professionals in the U.S., and a 5 percent uptick in the U.K.
Herjavec Group sponsors a report from Cybersecurity Ventures which predicts there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million openings in 2014. I’ll admit I assumed that stat would need a mid-year update - but by all accounts, that doesn’t seem to be the case.
Dozens of media stories have confirmed that the cybersecurity market remains stuck in a talent crunch. So what does this mean for our industry? Read my advice below for today’s cybersecurity candidates and employers.
I get a lot of questions about how I got into cybersecurity. It was a little bit of luck and timing but a LOT of hard work and taking advantage of opportunities as they come. I’ll say it again - there are tremendous career opportunities in our space for entry-level job seekers, including recent college graduates. Did you know that IT workers with security certifications tend to have significantly higher average salaries? Around 15 percent more than those without them.
Not only that – the security training market is hyper-competitive, which means a lower barrier to entry for valuable programs. Whether you’re unemployed, furloughed, or have some time on your hands - now is the time to study for the hottest cybersecurity credentials! This includes CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), and more.
I also recommend reading Herjavec Group’s blog on how candidates can get started in a career for cybersecurity here. There’s some great advice from our HR team and one of our technical team leads.
Over the past few years, it’s been great to see CISOs and CIOs get a seat at the board table. As a result, CEOs are increasing their spending on cybersecurity – including finding the right people. After all – when (not if) your organization experiences a cyber incident, you need talented security professionals on your side.
Still don’t believe me? In an interview with the Atlantic Council, Kurt John, Chief Cybersecurity Officer at Siemens USA, said, “It’s impossible to overstate our need for human talent. There are approximately 174 million unemployed people worldwide. Say one percent are in the pool of potential candidates; that fills fifty percent of the need.”
Of course, I also get a lot of questions on when to outsource vs. hire security talent internally. Depending on the size and the individual needs of your organization, it may be cost-effective to outsource your security.
Employers, here’s what I urge you to consider first:
- Leverage staff augmentation. Some of Herjavec Group’s bigger Managed Services customers may need to outsource their security, but they also want someone on-site. Staff augmentation is a great middle ground for organizations that don’t want to hire their own in-house talent but need someone to stay on-site on a long-term basis.
- Hire for analytical and creative thinking over formal education. It’s great to have formal cybersecurity or computer science background, but I’ve seen many successful candidates who have entered cybersecurity after switching from another career. The benefit of hiring these candidates is they often think creatively when solving problems.
- Look for candidates who are self-starters. This seems obvious but you won’t believe how many candidates my hiring managers have seen who simply wait to be told which training certifications to go for or credentials to have. Instead, look for candidates who look at your corporate goals and use that knowledge to dictate their professional development.
- Balance highly specialized candidates with generalists. The cybersecurity industry is filled with certifications, but you also need engineers and developers who will succeed with any technology you have. Sure, they may need to escalate beyond a certain point, but ultimately your specialized engineers are working on the really tough problems.
- Lastly – leverage automation. If your team is restricted, use SOAR technology to reduce the repetitive tasks that end up taking up 80% of your team’s time. This way, you can hire 1-2 highly trained security professionals instead of spreading a team of 3-4 people because you can’t keep up with all the alerts & tickets coming in.
At the end of the day, I cannot stress the importance of finding the right people, however challenging it may be. Cybersecurity is one of the most innovative fields out there and whether you’re an employer or a candidate, if you make the right hiring decisions, there will be a way to curb the cybercrime epidemic.
To Your Success,
Originally posted on cybersecurityceo.com