Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

What's Really Happening in Infosec Hiring Now?

As the pandemic continues, security teams still need help they can't get. But the "skills shortage" is only part of the story.

Joan Goodchild, Contributing Writer

October 14, 2020

5 Min Read
(image by SUPERMAO, via Adobe Stock)

In April, at the start of the pandemic, The Edge asked which security roles were most likely to survive a pandemic. Six months later, we've decided to check in with hiring managers and find out what is happening now. Is it just as tough to fill open security positions as it was pre-pandemic? Have the events of recent months moved the needle at all on infosec hiring? 

Figure 1: (image by SUPERMAO, via Adobe Stock) (image by SUPERMAO, via Adobe Stock)

Although the cybersecurity profession has been spared the widespread layoffs and unemployment that many others have experienced during COVID-19, the pandemic has had an impact on infosec jobs. In a survey released in late April by infosec professional organization (ISC)2, 47% of respondents said they'd been taken off some or all of their typical security duties to assist with other IT-related tasks. In an informal Dark Reading flash poll last month, while 30% of respondents said their security teams are hiring now, 45% said they need additional staff but are restricted by hiring freezes or spending limits, and 12% said they were recently forced to cut security staff.

We spoke to several people responsible for filling security job roles and found out a variety of perspectives. Here's what they had to say.

We can’t find the help we need

It's become a years-old story: Infosec workers are hard to come by. It typically takes eight months to replace a security analyst and almost four months to train a replacement, according to CyberVista. Some say it is because there is a shortage of appropriately skilled workers. Others claim it is an unreasonable set of expectations among employers and job listings that are difficult to decipher.

A DevOps engineer with an API management company says his firm is building out a team based on an increased need for infosecurity pros, but it is proving difficult because experience isn't matching up with the firm's needs.

"Hiring is slower than our expectations because as employers we want the right skill set and experience among candidates, which may not be possible at this point of time," he said. "So instead we're thinking about how future roles will need to be adapted and filled according to software and application development needs."

The firm is also looking at the possibility of upskilling current staff with on-job certifications and training opportunities.

COVID has accelerated our need for security staff

Anonymously, a developer relations specialist working in a firm focused on data enrichment says the pandemic has only made hard-to-find infosec staff even more elusive as they seek to hire due to rising security threats from widespread remote work arrangements.

"Our organization is seeing the amount of threats growing and demand rising, increasing the need for hiring for cybersecurity professionals, especially in the field of behavioral biometrics as a novel way to combat fraud.”

People are afraid to make a move

Patrick Foxhoven, CIO and EVP of Emerging Technologies at cloud security vendor Zscaler says he wants to hire new talent in order to keep pace with today’s hyper-competitive market, but while he is finding interest out there, there is reluctance among candidates.

"We are still noticing less movement as people are worried about job security and assume their current role is safer than a new opportunity," he said. "But we've changed our policies to accommodate and encourage what used to be traditionally in-office roles to now be remote beyond the pandemic, because ensuring we are evolving how we work is a major key to remain competitive and attractive."

In government, they are still playing catch up

Maria McGregor, manager for external communications with BAE Systems Intelligence & Security, a large government contractor, says the uptick in remote access needs during COVID has strained government agencies that were simply not prepared.

('government' continued on page 2 of 2)

(continued from page 1)

That is reflected in government agencies' cybersecurity hiring needs now.

"We are seeing more need for cyber jobs because of insufficient cybersecurity staffing within the government compared to the increased cyber risk profiles and an expansion of the threat vector," she says. "Hiring more cyber pros will ensure the government gets ahead of the curve on the implementation of Risk Management Framework and cybersecurity."

...And because they are behind, there are many job openings in government

McGregor says BAE's government customers are beginning to utilize commercial IT infrastructure and systems traditionally off the table in agencies, including cloud tools, and virtual desktop infrastructure. And that's led to a massive need for skilled talent for implementing, architecting, delivering, and securing these solutions. As a result, they are also looking for applicants with appropriate security clearance.

And another trait government agencies are more interested in now is leadership – and an understanding of the "soft skills" needed to work on security projects, says McGregor.

"We're also looking for those with experience developing external customer relationships and ability to communicate cybersecurity concepts and requirements with senior leaders; and have effective organizational, time management, and communications skills, written and verbal."

Infosec may no longer be a 'hot career'

Despite the need for skilled security pros, the career is apparently not attractive to many who are pursuing a change in career paths. New research from (ISC)2 finds attitudes toward infosec as a career are lukewarm. A survey of 2,500 outsiders to the field in the US and UK found 29% say they are looking for a career change, but infosec is not on their radar.

The poll was "conducted during a period of high unemployment created by the COVID-19 pandemic," according to the (ISC)2 description.

"Even though a solid majority of respondents view cybersecurity as a good career path, they are not drawn to it," the report states.

Instead, respondents say they are more interested in careers in other fields, including education (24%), healthcare (22%), general technology and IT (22%) and finance (21%).

 

About the Author

Joan Goodchild

Contributing Writer, Dark Reading

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights