The cybersecurity industry is a booming sector that promises technology growth and multiple career opportunities. This industry has proven its ability to grow even in challenging times of the global pandemic was contrary to other sectors that had shown a significant decline. The senate RPC report has stated that there is a 29% of skill gap for cybersecurity in the U.S., and with cybersecurity being the number one risk and finding the right talent is a concern for businesses. The gap between skill demand and supply is increasing day by day. Hence, it is imperative for the infosec community to discuss and spread awareness among the aspirants about various career options available and its demand.
By Rajiv Sharma, Vice President, EXL Service
Building a Strong Cybersecurity Workforce
Raising public awareness about cybersecurity career starts with understanding the new skill requirements and demand to build a strong cybersecurity workforce by the organizations. With the rise in sheer volume and diversity of cyberattacks, organizations are looking to bring effectiveness and efficiency in securing, testing, and continuously monitoring their digital assets. Automation of processes and up-skilling the task force are the need of the hour. This has led to a sharp increase in the demand for cybersecurity skills. Emerging technologies such as cloud computing and storage, IoT, blockchain, etc., have further increased skill demand due to the integration of technologies with the business processes, leading to a new attack surface for malicious users and hackers to target. Hence, hiring the talent to maintain and manage security posture has become equally important as having a robust architecture in place for information security.
For organizations building a workforce involves planning, implementing, and assessing the cybersecurity readiness of their security workforce. Prior to establishing a workforce, organizations need to determine their risk exposure and risk tolerance, which influences the need to address their cybersecurity workforce gaps. The NICE framework for the cybersecurity workforce provides guidance to organizations on how to recruit cyber talent and develop professional opportunities for their cyber workforce.
Cybersecurity Career Demand and Opportunities
Cybersecurity roles are among the fastest-growing career opportunities available in the STEM field. The U.S. Bureau of Labor Statistics (BLS) jobs will grow 31% by 2029, which is seven times greater than the U.S. average growth rate for jobs. Hence, indicating that information security will be in demand as technologies keep evolving alongside the growth in cyberthreat. It could be safely assumed that the growth of cybersecurity jobs will be proportional to the increase in volume and diversity of the cyberattacks, which by the way, have grown over 50% since 2020 and are estimated to cost the world $6 trillion annually in 2021.
Hundreds of breaches each year and the loss of millions of records have tremendously increased the demand for information security posture and professionals to maintain it. The global pandemic has further boosted threat incidents, with reports highlighting the rise in cybercrime by 600% in the Asia Pacific alone due to its impact. This displays the fragile nature of the current security posture that is susceptible to different threat factors. To combat such malicious cyber intent, businesses need the assistance of professional expertise. Hence, making it is imperative for organizations to foster cybersecurity skills and talent alongside efforts for implementation of rigorous cybersecurity awareness programs, prevention and detection controls, and best practices. Multiple studies have indicated that security job roles and skills related to application development, cloud computing, incident handling, threat intelligence, risk management, security compliance and governance, data privacy, identity and access management, etc., are expected to grow the fastest in the near future.
Cybersecurity Career Pathways
There exist multiple job roles and career pathways for cybersecurity aspirants to choose from and pursue. In the era of Digital Transformation, emerging technologies and the constantly evolving digital security industry further add to these pathways that could be roughly be categorized in broad skillsets viz management, technical, and leadership.
- Management: The security management category deals with tasks and roles associated with compliance and governance within the security posture. This area tends to be less technical, but it is, nonetheless, important for professionals in these positions to know the technicality behind cybers risk in order to manage them better. The roles and responsibilities in this domain call for the need to be business savvy and got skills programmatically manage the organization’s security posture. Awareness training, audits, compliance, IT risk management, including third-party risk management, project management, etc., are some of the functions involved with these roles.
- Technical: As suggested, this pathway covers more technical roles such as diving deep into technicalities of systems, data, tools, networks, hardware, software programming, etc., with an aim to detect, prevent, respond, and mitigate cyber threats. These skills are essential in deploying cybersecurity solutions in an organization. Some of the prime roles of pathways could be listed as in the figure below.
- Leadership: This position is of extreme importance as this connects security goals to that of business processes, hence playing a critical role in the success of the business. Some of the widely popular roles in this domain include CISO (Chief Information Security Officer), directors and managers, which includes thorough leadership skills at all levels.
The career pathway listed could be an exciting journey for aspirants as the entry to the security domain could be considered as interdisciplinary, i.e., any pathway or combination of roles could be adopted based on the market demand. As there is no set pathway, choosing accordingly helps individuals gain exposure to various technologies and processes, hence allowing them to work with what they are most comfortable to adopt rather than what is available in the mainstream. One skill set which is need of the hour and common to the above-listed areas is the aptitude to adopt automation i.e., to automate manual or repetitive processes through deploying Artificial Intelligence, BOTs, ML, or BIG Data.
The Untapped Potential of an Underrepresented Population
Diversity is the need of the hour, as a diverse team is most likely to make better business and security decisions compared to a non-diverse one. Workforce development frameworks should accommodate and promote increased participation from women, veterans, persons with disabilities, minorities, and other underrepresented populations. Diversity is purposeful and should be voluntarily worked upon and be committed to by organizations aligned to their business goals. Organizations should be mindful that any security initiative or operation should involve equitable representation of the underrepresented groups. A number of organizations are running with various diversity programs and conscious efforts have been made to tap cyber talent, to name a few WiCyS, NCI’s IWICS, Palo Alto, Purdue, EC-Council, Fortinet, Facebook, etc. Such organizations aim to increase the representation of women and veterans in cybersecurity, through various training and sponsorship opportunities.
With cybercrimes growing multifold in volume, the demand for corresponding cybersecurity skills is also increasing exponentially. The statistics suggest that cybersecurity careers will be in high demand in the upcoming decade, and may grow by 31% in the U.S alone. This provides individuals in both STEM and other fields to pursue a career in cybersecurity.
About the Author
Rajiv Sharma is currently the Vice President of EXL Service and has more than 25 years of experience in information technology, cybersecurity, information security governance and compliance, and disaster recovery and business continuity planning. His wide range of experience involves the identification of cybersecurity risks in an ever-changing cyber threat landscape, as well as designing/recommending, and implementing/establishing control environments to mitigate the risks. Rajiv has in-depth, hands-on experience in the field of cybersecurity risk and implementation across multiple industries like fast-moving consumer goods (FMCG), automobile, telecom, manufacturing, retail financial services (banking and capital market), insurance, and ITeS.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.