Cybersecurity has progressed rapidly in recent years. Necessity is the overriding force in its evolution, as the IT sector has seen cyberattacks become more common and more harmful than ever before.
The fear of Y2K hackers has, since 2000, transformed into real-time prevention and understanding of advanced persistent threats (APTs). The bankers, brokers and healthcare institutions that have been concerned with cybersecurity since its early days have now been joined by a much wider demographic.
Many tasks of everyday life are completed online. And, if there is a presence online, there is a risk online. As such, reducing security vulnerabilities across infrastructure and software has become a mammoth division in the IT world.
Managing a firewall is a routine task today compared to what it was ten years ago. Performance tuning and reinforcing an IPS system from attack proves to be a more challenging job in the current security landscape.
At Hays, we are seeing a growing number of companies from a variety of industries seeking InfoSec skills. That demand is driving salaries up, both for permanent and contract-based roles.
According to Michael Brown, CEO at Symantec, “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million”.
Growth is driven by the rapid rise of the internet of things (IoT), bring your own device (BYOD) and artificial intelligence, each of which exposes a company and their data to costly breaches.
The lack of equivalent growth in the skills required to protect them contributes to the skills shortage on this thriving specialist market.
Keeping up with demand
So how do we keep up with the demand? A few options are available:
- Cross-training IT workforce
- Getting more young people into cybersecurity or related courses
- Training and retaining top talent
Cybersecurity is defined as protection of information systems from theft or damage to hardware, software and the information on them, as well as from disruption or misdirection of the services they provide.
Cybersecurity is not just about computers. It also involves mathematics, and there is a significant legal element to it as well. This is why InfoSec professionals often come from other fields, such as engineering and mathematics – the more support that can be facilitated in this area, the greater the potential yield.
The US has certainly been leading the way when it comes to addressing the growing skills shortage, but Ireland has also taken some encouraging actions. Virtually all third-level institutions in Ireland now offer cybersecurity degree courses for both undergraduates and postgraduates.
However, cybersecurity professionals are needed right now and it will take some years to grow this talent.
Retaining top talent is arguably the simplest solution, but can also be the most expensive one. Competitive salaries will rise faster than most organisations can support. Management must find creative ways to retain its valuable employees without relying solely on compensation and other common perks.
‘One thing is for sure: the market is there, it’s varied and it’s only just beginning’
Traditional organisations – such as banks and insurance companies – have to create a compelling value proposition to become an employer of choice in the area of InfoSec, as they will be competing for talent against boutique providers in this sector.
Outsourcing has become a notable part of the information security landscape in recent years.
While this is often an attractive option for organisations that find retaining or hiring to be difficult, it is not without risk. Instead of a personnel-management challenge, organisations that prefer outsourcing may incur challenges of quality and loss of control.
Although tasks such as call-out handling can be easily outsourced, security can be at risk if not executed properly.
The outsourcing option is often ideal to support short-term tasks or unexpected work surges, but flexibility comes at a cost, which is often much higher over the long-term than hiring and retaining a qualified in-house team.
A variety of solutions exist. However, the progress will be slower than the threats and breaches they seek to remedy.
One thing is for sure: the market is there, it’s varied and it’s only just beginning.
Deirdre Kelleher is a senior manager at Hays IT.
Main image via Shutterstock