What the infosec jobs sector will look like in 2017

Security experts believe smaller IT companies will outsource parts of their security.

1 shortage

Shortage still?

Many reports touted the fact that there are not enough workers with the proper cybersecurity skills necessary to fill all the vacant jobs. Forrester suggests looking to external expertise and automation for a quarter of the work. The complexity curve facing enterprises hasn’t reached its peak yet, which leaves security stuck solving problems of capacity and capability with limited resources already burdened with too many technologies, too many alerts, and too much to do. This combined spending will include security outsourcing, managed security services, security consultants and integrators, and security automation technologies.

Read on to see security vendors’ and experts’ opinions on what a career in infosec will look like next year.

Incident response teams are in a levee about to burst
Greenway Productions (Creative Commons BY or BY-SA)

Incident response teams are in a levee about to burst

Nir Polak, Co-Founder & CEO of Exabeam, a leading provider of user and entity behavior analytics:

The security expertise shortage is not getting any better; security demands are rising, and the talent pool is not catching up. We’re seeing more CISOs shifting security responsibility outside the enterprise, but only up to a point. Outsourcing is fine for basic functions such as provisioning a new user, but falls apart for security incident response. The MSSP doesn’t have the knowledge, staff, or access to understand how to provide context and respond. As a result, low-level functions go to the MSSP, while high-skill functions such as incident response stay in-house. This leads to more pressure building on the incident-response teams, many of whom are working without a playbook on what to do when they find an incident.

Dick Thomas Johnson (Creative Commons BY or BY-SA)

Understaffing will further influence security projects

Cyber security incidents will keep rising, but the pool of qualified talent is shrinking. CISOs will put a lot more thought into security process automation, not only to improve security posture, but also to deal with the lack of skilled security staff.

incident response
California National Guard (Creative Commons BY or BY-SA)

Poor incident response will be considered a pre-existing condition

A company’s security incident response capabilities will become a measured line item in a cyber insurance policy. Insurance companies will realize that when they offer a cyber security policy, they need to take into account not only the detection and capabilities of their clients, but also measure how they deal with a security incident when it happens.

Breaches, leaks, and more leaks
Travis Isaacs (Creative Commons BY or BY-SA)

Breaches, leaks, and more leaks

Unsurprisingly, the leaks will not stop in 2017. There will be data leaks, especially from disgruntled former employees or contractors. These insiders will either gather information before they leave and use it for their own gain, or continue to harvest company resources such as code repositories after they leave due to bad credential management policies and enforcement.

SMBs turn to small MSSPs for cyber security
James Lee (Creative Commons BY or BY-SA)

SMBs turn to small MSSPs for cyber security

Corey Nachreiner, CTO at WatchGuard Technologies:

To streamline IT, many small businesses have turned to the cloud and to small, local managed service providers (MSP) to handle their IT needs. More recently, SMBs have begun to realize they need security, so they have turned to these smaller MSPs to see if they can provide security services as well. As a result, many MSPs have started adding security services to their portfolio, creating a long-tail of small managed security service providers (MSSPs). Next year, we expect at least a quarter of small businesses to turn to local MSSPs to provide their security needs, and this percentage will continue to increase each year.

New generation of CISOs and CSOs that aren’t coming from traditional locations
reynermedia (Creative Commons BY or BY-SA)

New generation of CISOs and CSOs that aren’t coming from traditional locations

Stan Black, CSO, Citrix:

Many companies have realized that while they may be in a particular vertical like finance or healthcare, the only way they can conduct their business is to come to terms with the fact that they’re an IT shop. At the end of the day, every company is an IT company and they have to accept that to maintain relevance and a competitive edge.

Specifically in healthcare and finance, companies are realizing that moving people up the ranks doesn’t make for an adequately prepared security team. Businesses across industries need to hire security experts to tackle real security business challenges. 

A wider gap between newly minted security staff and the senior security personnel will emerge
Earth Touch (Creative Commons BY or BY-SA)

A wider gap between newly minted security staff and the senior security personnel will emerge

Gunter Ollmann, Vectra Networks:

In an effort to retain security personnel, any new additions to the security team average only nine months before transitioning to “experienced” staff. Those experienced employees are suddenly twice as valuable to the global market, demanding higher pay and improved roles. CxOs, in an effort to retain them, are forced to cede to demands for “senior” titles and accompanying pay hikes. Meanwhile, the skills and job tasks between “junior” and “senior” remain unfulfilled.

9 cido
gnuckx (Creative Commons BY or BY-SA)

The need to manage identities will create the role of CIdO

Simon Puleo, Security Research, Micro Focus:

The struggle to own identity somewhere between security, operations, HR and the CIO has intensified due to industry regulations. And as organizations continue to face insider threats and persistent attacks on customer identities, the role of Chief Identity Officer, or CIdO, will develop in 2017. This new role will be the one source of truth when it comes to managing employee, customer and third-party identities. Charged with safeguarding customers, monitoring employee access and reporting to the CEO, this role will work cross-functionally across the organization to ensure integrity in every step of authentication. The CISO draws a sigh of relief as the CIdO quickly becomes the one who holds the keys to privileged systems and manages these interactions.

Security skills gap
Bernard Spragg. NZ (Creative Commons BY or BY-SA)

Security skills gap approaching Grand Canyon levels

Reuven Harrison, CTO and Co-founder of Tufin:

Increasing complexity has made protecting the enterprise network more difficult today than in the past. Compounding this issue is the expanding skills gap and staffing the right people to do the job. Since the security skills gap will pour into 2017, we expect automation to really take off in an effort to decrease manual, mundane responsibilities and regularly performed duties, and help shorthanded IT pros focus on what really matters. Skilled workers wasting time on tasks that could be done automatically are eating away at IT departments.

2017 will be the year of accountability for the C-suite
Bryan Rosengrant (Creative Commons BY or BY-SA)

2017 will be the year of accountability for the C-suite

Matt Jones, CEO, E8 Security:

Cyber risk will take its place next to financial risk and operation risk as the biggest threats to the health of a company. CIOs and CISOs will need to enhance existing capabilities to detect threats inside their organization. New strategies will need to be implemented to identify attackers’ presence and contain that activity as quickly as possible.

This operational shift will need to leverage self-learning security analytics designed to detect the early warning signs of today’s most critical cyber threats; malicious insiders, external attackers, and targeted malicious software. The result will be a continued redirection of budgets from prevent to detect and respond, ensuring the security teams have the required visibility to allow them to protect the corporate assets from growing threats.