What is Hot in the Cybersecurity Job Market?

Maneesh Dube, Executive Director, Russell Reynolds AssociatesCybersecurity is one of the biggest concerns for most companies and boards across sectors globally. The pace at which cyber threats have evolved and engulfed much of the corporate and public domain is unprecedented. This has led to a massive demand in talent for cybersecurity professionals. We have witnessed exponential growth in demand for talent in countries following big cyber-attacks and breaches. The more public or damaging the breach, the more intense the response from corporates and governments in strengthening their cyber security program and hiring the people who can do it. This has been going on for a few years now resulting in a significant gap between the pace at which cybercrimes have increased and the talent available to respond to them.

So, while the demand for talent is increasing, lets double click on what skills are the most in demand for cyber professionals. Where do we see the demand trending in terms of skills and roles? Which areas should cybersecurity professionals specialize in to be in greater demand?

Based on the work we do with clients, conversations with CISOs and industry leaders, we have filtered the five most valued cyber skills:

1. Application Security Professionals: There is a growing appreciation that security cannot be an afterthought. Patchwork to bolster security is neither sufficient not efficient. It leads to implementation of a fragmented suit of security products, still leaves gaps, and is difficult to maintain and run. Hence, applications must have in-built security measures to minimize the chances of unauthorized code breaching them. Software developers who understand security measures like firewalls, encryption, antivirus, spyware detection etc. will be in great demand.
2. Product Security Professionals: This is a phenomenon driven by IoT. Devices connected to and accessible over the internet provide opportunities for breaches and cyber-attacks. With elementary devices such as printers to sophisticated connected cars, everything needs a secure design. Product security engineers and testers who can analyze system services, operating systems, networks and applications from a security perspective will be increasingly engaged in products. The work would involve discovering security issues, deploying security components, and recommending patches, conducting security audits, risk analysis, vulnerability assessments and penetration testing.

Availability of talent will dictate the pace of innovation & technology advancement, and the lack of adequate talent supply will be one of the biggest challenges for businesses

3. Security Architects: These are the people thinking like hackers trying to find vulnerabilities in their own environment and ways to plug them. Success of corporates and governments to protect them from intrusion will depend on how comprehensively the security architects are able to comprehend the threats and design security solutions to shield from them.

4. Forensic Investigators: Companies are investing in their forensic capabilities to ensure that they learn from the attacks. Forensic investigators can help companies demystify attacks by gathering and analyzing digital evidence. These professionals are experts in using forensic tools, know how to respond quickly when attacks happen, and understand legal requirements for taking a cyber-event to a court of law. It used to be the law enforcement agencies who had cyber forensic expertise, but now this skill is growing in demand amongst the corporates as well.

5. Behavioral Analytics: What started as a marketing theory to segment and target customers, has become a useful cybersecurity tool. Use of data analytics to identify potential bad actors can help prevent attacks. Advancements in machine learning are helping this science grow. Many professionals in cyber behavioral analytics come from traditional big data, analytics and machine learning background. Others come from threat analytics or security architecture background, who have chosen to go deep in the analytics domain.

It is a great time to be a cybersecurity expert. Unfortunately, the “dark side” is attracting a lot of great minds and talent too. This threat and menace are only going to increase. There will be continued demand for cybersecurity professionals at all levels for the next several years. Availability of talent will dictate the pace of innovation and technology advancement and the lack of adequate talent supply will be one of the biggest challenges for businesses. If they are not already, companies should be proactively managing their IT, cyber and security talent pipeline to ensure they are not only attracting the best talent but also to ensure their organizations are effectively managing risk.