InfoSec Connect founder and cybersecurity recruiting expert Domini Clark shared her insights into the cybersecurity talent shortage with GoodCall in a recent article.
Excerpts from the article:
That there is a shortage of information technology professionals is no secret. Any list of most in-demand jobs and hardest to fill positions will include IT workers. That’s why these workers enjoy some of the highest starting salaries and job offer rates. However, the specific need for cybersecurity professionals has reached a fever pitch.
High profile breaches and the recent election cyber threats have actually spurred interest in cybersecurity careers, and according to Domini Clark, director of strategy at InfoSec Connect and senior recruiter at national recruiting firm Decision Toolbox, cyber breaches are increasing in quantity and impact. “The most recent Ponemon Institute Breach Report indicates that the average cost per breach over a period of three years for U.S. organizations has reached an all-time high of $7 million in 2016,” Clark says.
As these breaches are exposed to the public, companies are taking a hit. “The same report indicates that U.S. businesses suffered the greatest business losses — $3.97 million — due to higher than global average customer turnover and reputation losses post-breach,” Clark says.
ORGANIZATIONS LOOKING FOR CYBERSECURITY PROFESSIONALS
Another reason for the high demand is that various types of companies need cybersecurity professionals. “If an organization is connected to the internet – which nearly all of them are – then they need to keep cybersecurity in mind,” Yuan warns.
While he believes that companies with sensitive information – such as healthcare organizations and also those in the industrial fields that have the ability to affect large segments of the populations – have a particular need for cybersecurity, Yuan says, “Almost all types of businesses and organizations need to staff cybersecurity professionals to protect their business operations.”
Clark agrees that both large and small companies need these experts. “While large businesses often have more to protect, they also have stronger defenses in place, and this has created a ‘low hanging fruit’ situation for many small to medium-sized businesses with fewer internal security resources,” Clark says.
In fact, hackers tend to consider these types of organizations easier targets, assuming they won’t have the best defense mechanisms in place. “Phishing campaigns targeted small businesses 43 percent of the time, up 9 percent from the year before,” Clark reveals. And while small and mid-sized companies expect managed security providers to defend them, Clark says these providers are often experiencing the same talent shortages as everyone else.
EDUCATION AND CERTIFICATIONS
As indicated in the report most companies want employees with a bachelor’s degree, but since the talent gap is growing, Clark says some of them may have to relax their standards. She warns that companies may miss out on qualified talent if they’re too rigid in their educational requirements. “Many cyber professionals have chosen to skip the university track all together and are finding new ways to get hacking experience,” Clark says.
Certifications are also important to employers, and there are a lot of certifications that cybersecurity professionals can obtain. “The most common, including the CISSP (Certified Information Systems Security Professional), are offered through (ICS)2,” Clark says. According to the report, other certifications popular among employers include Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), SECURITY+, and Certified Information Privacy Professional (CIPP).
Read the full article here.