- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Page 2 of 2
"There's certainly a great need in the market, with cybersecurity breaches costing U.S. companies upwards of $400 billion annually in intellectual property theft alone," says Don Hanson, senior vice president with Yoh, an IT staffing agency.
Hanson sees demand for developers who can build secure applications, network engineers with security certifications, and architects who understand how to secure systems and processes. He says there is also a need for IT professionals to be involved with security monitoring, information assurance and regulatory compliance.
"The biggest need is for folks that are working in security with cutting-edge technologies,'' Hanson says. "There are so many mobile devices out there, it's important to add the layer of mobile device management and to understand how that additional layer works."
Hanson says companies are looking to hire IT professionals with experience in security information event management, intrusion detection, data loss prevention and logging systems, as well as those with certifications related to ethical hacking and digital forensics. However, they prefer to hire IT professionals with a big-picture perspective on security issues rather than expertise in only one type of security device.
"It's not so much about any one technology or any one point product," Hanson says. "It's more about a holistic approach to security that companies are taking that includes their policies and assets across their entire information architecture."
The titles for open cybersecurity jobs vary, with the most popular being security engineers, security analysts and security architects. Other organizations favor the terms cybersecurity analysts and information assurance analyst.
"We're looking now for cybersecurity intelligence analysts and information assurance analysts who understand how to look at information not only from a technical and logical security standpoint, but who can relate that back to risk management and business process risk," says Jacob Braun, president and COO of Waka Digital Media Corp., a Boston-based IT security consulting firm. "We're looking for people who can look at attacks in progress and can find occurrences that are symptomatic of attacks and...can help mitigate potential for future attacks."
Most of these high-paying cybersecurity jobs are not for recent computer science graduates; instead companies are looking to hire IT professionals with five to 15 years of experience with security systems and processes as well as related certifications. [See sidebar with tips for landing a cybersecurity job.]
"A cybersecurity analyst is someone who has nine to 15 years of professional experience, preferably has a master's degree and possesses a variety of information security certifications," Braun says. "Salary depends on geography and industry. It can range anywhere from $80,000 to $150,000. If an individual has a unique set of experience, it can be significantly higher, especially for consultants."
Last year, Unisys hired an IT security director and expanded its IT security staff. Now the company is looking for knowledge of security principals in all of its ongoing IT hires, including application developers and network engineers, says Unisys CISO Dave Frymier.
"The reason that senior application architects and senior network engineers have got to have security knowledge is because we want to bake security into the early parts of the development process," Frymier says. "I've interviewed several application architects who had sterling-looking resumes and when I asked them to describe an SQL injection attack, they couldn't do it. Needless to say, we didn't hire them."
Unisys has 15 cybersecurity professionals on staff out of an overall group of 150 IT professionals. Frymier said Unisys needs cybersecurity expertise in its IT architecture and IT operations.
"The breaches that are occurring are problems on the operational side," he explained. "Somebody who runs a security information and event management system has to have a lot of experience...so they can deal with the false positives. Those systems throw out literally gigabytes worth of data. You have to be able to filter through that and find the stuff that really shouldn't be there."
Demand for cybersecurity experts is expected to remain strong.
For example, Department of Homeland Security Secretary Janet Napolitano told a Senate committee in April that cyberattacks are her No.1 concern. She said there is a shortage of cybersecurity experts to help federal agencies thwart cyberattacks, which exceeded 106,000 last year.
Cybersecurity jobs will likely continue increasing as organizations continue to expand their online businesses.
"There's a huge non-profit in New York City, a $700 million organization, that wants to double in size -- all through marketing on the Internet," Hanson says. "They need cybersecurity expertise on the architectural level and the programming level. They're going to certainly encounter new threats as they open up their network to a whole new function."
Additionally, companies are unlikely to outsource or offshore cybersecurity jobs, Frymier says.
"There has to be a braintrust inside the company who understands what information is important for the company to safeguard and who operates in the best interest of the company," Frymier says. "What you can't get from a consulting firm is an ongoing risk management perspective of: What information do I need to protect, who is trying to steal it from me, and what is the risk of a breach."
Read more about security in Network World's Security section.