Cybersecurity is a growing concern for any organization. Thanks to the vast development of communication networks and technology that enables firms to track and store data more easily, every enterprise is vulnerable to the possibility that their data could be hacked — a risk that could come at a high cost.
The rise of such a threat has created a new market for jobs related to cybersecurity. According to a report from technology company Cisco Systems Inc. cited in Forbes earlier this year, global demand for jobs in the field is projected to grow by six million by 2019. Moreover, the U.S. Bureau of Labor Statistics shows that the annual median pay for an information security analyst, a common cybersecurity role, is $88,890. Earnings in the top 10 percent of the field surpass $140,460.
Most firms are unprepared for the cybersecurity threat. According to DHR International, an executive search firm based in Chicago, 75 percent of U.S. organizations are not ready to respond to a threat, even though there was a 64 percent increase in security incidents just in 2015. “The trends in this business are getting forever more technical and forever more important,” said Pete Metzger, DHR’s vice chairman. “No one is immune to this stuff.”
For companies interested in building out their cybersecurity teams, there are a few different roles that experts say they should consider:
- Chief Information Security Officer: This high-level role is for someone who thinks broadly about risk and who has the technology acumen and communication skills to convey technical concepts in business language to an organization’s board or audit committee, according to Joyce Brocaglia, president and CEO of Alta Associates Inc., an executive search firm specializing in cybersecurity and IT risk.
- Threat Intelligence and Security Operations Center, or SOC, Professionals: According to DHR International’s Metzger, these workers make sense of a cyberthreat. SOCs are centers for mitigating threats.
- Product Development and Security Software Developers: These roles develop new products to defeat a cyberthreat, Metzger said.
- Cybersecurity Policy Roles: These roles can be found in think tanks and research institutions, according to Jennifer McArdle, assistant professor of cybersecurity at Salve Regina University in Newport, Rhode Island, and nonresident fellow at the Potomac Institute for Policy Studies. People who work in cybersecurity policy aim to build awareness or provide guidance for the industry.
- Digital Forensics Roles: When a breach occurs in a network, people in digital forensics roles identify how the access happened and gather additional evidence to mitigate against similar attacks in the future, McArdle said.
Despite the rise in demand for cybersecurity roles, supply remains tepid. This means executives looking to staff a team in the field should be prepared for a competitive recruiting process. “Those that can do [cybersecurity] well can kind of call their own shots in terms of executive roles and next assignments,” DHR International’s Metzger said.
Metzger offered executives three pieces of advice to remain competitive when hiring for cybersecurity roles:
- Identify the organization’s unique and most significant cybersecurity threats.
- Be prepared to define the specific qualities needed for cybersecurity jobs.
- Be prepared to offer generous compensation. The investment is likely to be at a lower cost than that of a cybersecurity breach.
For more on the background and history of cybersecurity, visit NATO’s website, which has a detailed timeline of the field.
Lauren Dixon is an associate editor at Talent Economy.