Is now a good time to get a job and develop a career in cyber security?
As reported in Continuity, Insurance and Risk magazine, the Annual Allianz Risk Barometer shows that “businesses are less concerned about the impact of traditional industrial risks such as natural catastrophes or fire” and are “increasingly worried about... cyber incidents”. These are “cited as the most important long-term risk for companies in the next 10 years”.
In turn, Forbes magazine reported that there are over one million cybersecurity job openings in 2016, some with eye watering salaries. For example, recently published figures for chief information security officer (CISO) salaries reveal an average CISO salary is $204,000. Forbes quotes Veronica Mollica, founder and executive information security recruiter at US-based Indigo Partners saying: “The cybersecurity job market is on fire.”
But the Forbes report cautions that “if you are an ambitious IT worker thinking about your next move... 35% of cyber security jobs call for an industry certification, compared to 23% of IT jobs overall”.
This is a reflection of the increasing importance of cyber security and its place in ensuring business resilience after a number of high-profile breaches over the past 18 months which have had major business and reputational impacts for those under attack.
The breaches have shown how vulnerable businesses can be to cyber-attacks which is gradually leading to a growing interest and concern at board level. As a result there is a willingness to invest in doing the right thing, and hiring the right people, in an attempt to make sure they are not the next business in the news headlines for the wrong reasons.
As cyber risk has a potentially high impact on a business, it needs a clearly-defined role and responsibility for managing that risk. It also provides the perfect opportunity for someone capable of responding to changing needs and maintaining protection against a continually changing threat to develop a strong and successful career.
Having said that, there are many businesses still grappling to identify the skills they need to respond to the relatively new phenomenon of cyber resilience. While recognizing that having certain levels of technical ability is an initial guide to the suitability of a candidate, in reality there is a great deal more to managing the risk.
An individual can stand above their peers by demonstrating that they are flexible and adaptable. They have to show how they can help win this ‘arms race’ by using knowledge and experience to try, where possible, to be one step ahead of the attackers. Achieve this and there is a highly successful career waiting to be built.
For those that achieve success, their adaptability means they can bridge the gap within organizations between IT operations, IT security and the wider business. While there is a level of technological knowledge needed, the stand-out cyber security professional is the one who also understands the human element to cyber resilience and maintaining data security. Equally, the ability to apply this to overall business goals and strategies is essential.
Not only that, but they have the skills to explain to a non-technical audience, at all levels of an organization, the approaches needed to manage real world risks. They can show that cyber resilience is much more than just a technical issue and that everybody has a role to play in the development and delivery of solutions.
However, the levels of risk and reward in these roles dictate that with a higher profile comes increased expectations and the potential that – should a cyber breach occur – the senior cyber security person is likely to become the ‘fall-guy’.
This is where their communications skills are vital in conveying that that there is no silver bullet in cyber security. However, it’s possible to respond to and recover from a cyber attack and thus remain resilient by ongoing awareness and learning that helps organizations achieve their goals while remaining cyber secure.
For the right person, the challenges related to cyber security can be a highly rewarding personal and professional career choice.
For more information about cybersecurity and cyber resilience, see our RESILIA™ section.
More AXELOS Blog Posts by Mark Logsdon
SMEs, cyber risk and resilience – to invest or not to invest?
Cyber risk and young employees
Is this a Phishing email?
Hands up who doesn't understand cyber risk?
Building cyber education for all
The War on Cyber: Protecting Ourselves Against Weaponization
Cyber resilience: protecting the network or the data?
The perils of cyber-attack – and the new solution
Have you heard the one about the three judges...? A Cyber story to be aware of
Preventing cyber attacks - it's a people thing as much as IT