Way back in November 2011, Mathew J. Schwartz wrote an article about the expected growth in the information security industry. He based the article on data provided by Robert Hall Technology’s “2012 Salary Guide”, which looked at salary and employment trends in IT. Fast-forward to March 2013 when Jaikumar Vijayan wrote an article on a report from Burning Glass Technologies, which said that demand for information security experts exceeds supply. The data is based on figures in the United States, but considering that there is a general dearth of IT experts globally, it’s not unreasonable to assume that the trend is echoed elsewhere.
Data security is a big concern for all businesses. Unfortunately, many companies (small, medium, and large) are woefully underprepared when it comes to data protection systems and data back-up and recovery plans. The good news is that managing directors and executives are at least becoming more aware of the need for good plans and systems. This is one of the reasons why demand for information security specialists is booming.
Where is the demand?
The industries which demonstrate the highest demand for IT security include defence, financial services, retail, healthcare, and professional services. According to Robert Hall Technology, the most in-demand job of all the in-demand security jobs was expected to be data security analyst. Not only are data security analysts in great demand, but they can also (almost) name their price. Salaries average between $89,000 and $121,000.
Other information security jobs that are in great demand and which earn enviable salaries include network security administrator, systems security administrator, information systems security manager, and network security engineer.
Other areas showing growth, according to Hord Tipton, include application security, mobile security, security in cloud and virtual environments, privileged identity management, and enterprise security administration.
It takes more than one
It takes more than one expert to manage a company’s data security needs, especially in medium to large enterprises. That’s why Steve Ragan writes about the importance of having a skilled security team. You can’t just have anyone on the team, however, as Ragan cites EMC’s Security for Business Innovation Council (SBIC), which says that diversity is the way to go.
One of the reasons why diverse skills are necessary is that the industry constantly changes, as new and more sophisticated threats evolve. According to SBIC, new information security has to include technical and business skills, like asset valuation, supply chain integrity, analytics, and, of course, cyber intelligence. The good news for businesses is that they can include existing personnel on the security team because not all of the skills are exclusively IT-related.
SBIC calls it a “cross-organisational endeavour”, as security needs to be embedded in all business processes. However, there is no getting around the fact that companies will need to hire at least one information security expert.
What makes a good team?
Talent, good management, reliable resources – these are the things that make teams successful, but there is more, like trust, mutual respect, and healthy working relationships. A good team doesn’t develop overnight, so SBIC has provided some recommendations to help businesses grow their teams into efficient, effective well-oiled machines.
- Build on and expand core competencies, especially in cyber risk intelligence, data analytics and management, and controls design and assurance.
- Delegate where possible. The team should not get caught up in the drudgery of daily operations. The members are there to perform a specific, highly-specialised job and that is just what they should do. Regular IT activities should be handled by the IT department, or by outsourcing.
- Outsource when necessary. As mentioned, it takes time for a team to develop, so rather than trying to fill a position quickly with the first reasonably experienced person that comes along, rather outsource those particular skills (get a consultant) and wait for the right match for the team. This is also a good idea for smaller businesses that may not have the resources to field a full team. There is no shame in hiring consultants to help with certain key processes.
- Educating management. One of the reasons that companies have data security problems is that upper management and executives don’t fully understand the risks or the responses required. When the powers-that-be are aware of the risks, they are more likely to take or support the appropriate action.
- Nurture talent. The supply of data security specialists is limited, yes? One way around this is for companies to look for, recognise, and nurture talent among existing staff members. Not only does this save them costly recruitment processes, but it also helps develop the company from within. SBIC recommends that you don’t limit yourself to people with an obvious background in information security, but that you expand your search to include those with experience in database admin, software development, business analysis, and data science.
As more businesses are starting to wake up to the risks of data loss in the cyber world, there is greater demand for expert data recovery and protection services. This has led to massive demand in niche areas of specialisation. Supply is lacking all around the world, which means that if you have a knack for protecting, managing, and rescuing virtual data, you can take your pick of employment opportunities.
License: Creative Commons
Jemima Winslow doesn’t have a brain that deals with the machinations of the cyber world. The fact that the internet works when she switches her modem on is enough for her. Fortunately, as a freelancer, she doesn’t have the big data worries of other businesses, but she has the backups in place to protect what she’s got – and has the number of expert recovery services in case things go wrong.