Hays’ James Milligan outlines why roles in cybersecurity are in such high demand right now and what professionals in this area can expect.
Cybersecurity breaches have recently made global headlines, many of which have been attributed to a rapidly expanded online world because of the Covid-19 pandemic. Consequently, there is a heightened push not only to prevent such attacks from happening, but to develop IT and security infrastructure that can deal with these differing and increased online demands.
Therefore, there has never been a better time to be a cybersecurity professional or to think about the cybersecurity needs within your business. But how is the function evolving? What are the key skills that these professionals need to have in the new era of work? And what are the most exciting roles available today?
Why is demand so high?
Pre-pandemic, data security was a primary focus of the IT industry. General Data Protection Regulation (GDPR), from its inception in 2016 through to its mandatory implementation in 2018 and beyond, became the primary concern for those within the EU especially.
This was the first large-scale platform for cybersecurity professionals to demonstrate their importance to businesses and enabled the function to receive increased investment in the digital era. In fact, 91pc of European, Middle East, African and Russian companies that suffered a breach in 2017 made significant improvements to security in preparation for GDPR’s roll-out in 2018.
After GDPR was imposed, cybercriminals quickly found new ways to target data. This resulted in yet more investment in IT security, even before the Covid-19 crisis impacted us all.
Since the advent of the pandemic, security has taken on even greater importance as entire business processes and models shifted online. Where businesses have implemented remote working models for their employees, for example, security breaches have occurred in several ways:
- Valuable data has been left exposed, with many remote networks via VPNs hastily set up prior to local lockdowns
- Employees logged into company programmes using their own Wi-Fi or devices, and then downloaded new video conferencing tools and apps that could breach security systems
- Employees have become prone to lapses in adhering to security guidelines in general
Threats, enhanced by the impact of Covid-19, will continue with online and offline worlds set to collide more and more in the future. More widely available smart IoT products, such as smart kettles, doorbells and driverless cars, will ensure that cybersecurity professionals will continue to be in great demand to create secure infrastructures around these technologies.
What are the key cybersecurity skills?
Cybersecurity roles have traditionally fallen into one of two categories: specific technical roles around the prevention of and reaction to cyberattacks, such as security engineers or security architects, or more business-focused positions such as security analysts and compliance business analysts, which are concerned with the mitigation of risk in lieu of business objectives and projects.
However, the line between tech and business roles for those within security is blurring. More roles now require someone who is not only responsible for the technical implementation, maintenance and development of security systems and the reaction to any breaches that occur, but someone who is capable of analysing incidents, processes and procedures as well. These professionals need to act as a bridge between IT security and the business; to be a consultant that looks at the risks associated with different business projects and the effect they may have on security infrastructure.
These roles, such as information security officers, span more than just the IT departments. So, certain key skills and traits are required.
In terms of technical skills, this includes:
- An understanding of current and emerging IT and security technologies, security standards, threats and trends
- Knowledge of security, risk-management and assessment methodologies and standards (such as ISO 27000 series, NIST, OWASP, PCI DSS) and the application of them, often in large enterprise environments
- Professional certificates in IT and security from CISA or CISM, for example
Professional skills and competencies are also needed, including:
- Communication skills and the ability to work closely with those who are not from an IT background
- Analytical capabilities
- The ability to work in complex matrix organisations that may transcend borders
- An attitude to learn quickly
These skills and competencies should be on the checklist of any potential employer when looking to hire a full-service cybersecurity role, and cybersecurity professionals should be looking to upskill in these areas where necessary.
What can cybersecurity professionals expect to work on?
Hays has been placing candidates in numerous functions related to cybersecurity – in technical positions across network security, GRC (governance, risk and compliance) and penetration testing roles, along with more analytical roles and chief information security officer positions – in both contract and permanent markets.
Sectors that have traditionally required high-level security systems, such as financial institutions, remain popular employers for cybersecurity professionals, as do specific cybersecurity businesses.
In addition to this, the surge in popularity of e-commerce sites and online retail since the Covid-19 pandemic ensued has opened up a greater number of opportunities in the global fast-moving consumer goods (FMCG) sector.
For example, Hays has been working with a FMCG client and their cybersecurity hub in Warsaw, creating more than 20 new jobs for cybersecurity specialists with niche areas of specialisation such as cloud security solution architects and roles specifically focused on the security of manufacturing processes. This hub has grown faster throughout the pandemic and it, like many other cybersecurity projects, shows little sign of slowing down in its need for quality cybersecurity personnel.
James Milligan is the global head of technology at Hays. A version of this article previously appeared on the Hays Viewpoint blog.