It’s like the Wild West out there for companies trying to protect their data and systems from cyber criminals. Data breaches, with multi-million dollar consequences are happening every day. Cyber criminals are becoming savvier, and their costs are going down. C-Levels are being held accountable for damaging and costly hacks and executives are scrambling to recruit the best security talent to protect their business.
The challenge for many companies is the lack of qualified, experienced security talent in the workforce, which is creating a “cybersecurity labor epidemic”, whether this epidemic is real or perceived, it’s something to take into consideration when you are looking to fill open security positions. Over the next few years, the estimates of security-related positions open on the job market are over a million.
According to a Network World article from earlier this year, the turning point was the TJX breach in 2006, which led to data-breach disclosure legislation and increased scrutiny of corporate data-handling practices. From then on, demand for security pros accelerated rapidly.
In the past, security was typically within IT’s realm, a process you did in conjunction with infrastructure or networking. Today, more companies have a chief security officer (CSO) or a chief information security officer (CISO) who is explicitly responsible for security. On the technical side, system complexity has created a need for security admins. Years of accumulating different security products have left companies with dozens of products to support, oftentimes from vendors that have gone out of business or been acquired by other companies. Security personnel are needed to maintain those systems and secure the infrastructure.
All this is good news if you're a seasoned security professional with “real-world” skills. According to Robert Half Technology’s annual salary guide, five out of six security titles are getting larger-than-average bumps in pay for new hires.
If you are a company seeking security talent, take a look at your IT processes, education, and awareness programs before making any hiring decisions. Many organizations can provide education to their current staff to fix the basic things that are being done wrong – not keeping up with patches and misconfiguring things. Next step, get to work on recruiting talent form other organizations or importing talent from outside the US.
If the cost in time or money is too great for your company to hire in-house talent, explore Security as a Service. Placing your security processes with specialists who have a 24X7 security operations capability can be a good way to go.
For more information on Security-as-a-Service (SECaaS), here is an easy-to-read infographic that covers the cyber attack landscape, SECaaS attributes, and what to look for in a provider.