April 30, 2018

Demand for cybersecurity talent soars in CT

Tim Herbert Vice President of Research and Market Intelligence, CompTIA

Top 10 employers for cybersecurity job postings in CT (2017)

1. Accenture

2. Deloitte

3. Aetna Inc.

4. Travelers

5. United Technologies Corp.

6. Cigna Corp.

7. UnitedHealth Group

8. General Dynamics

9. Webster Bank

10. Lockheed Martin Corp.

Q&A talks with Tim Herbert, vice president of research and market intelligence at CompTIA, a national IT association.

Q. More than 2,400 cybersecurity jobs have been posted in the past year in Connecticut, according to Cyberseek, a free online workforce resource developed by CompTIA and Burning Glass Technologies. What's driving that demand for cybersecurity workers?

A. There are a number of factors driving demand for cybersecurity workers. Technology continues to be used more pervasively across businesses of all sizes and across every industry sector. With the burgeoning internet-of-things trend, along with the ongoing growth of devices and cloud-based software that revolve around data, there are more points of connectivity, which means more potential points of vulnerability.

With an ever-expanding threat landscape — from phishing and ransomware to botnets and advanced persistent threats — security has moved from an IT-only issue to a C-suite and boardroom issue. Connecticut employers across a diverse range of industries seek to bolster their cyber defenses through the hiring of additional cybersecurity professionals.

Q. Is there a shortage of cybersecurity workers?

A. There are many nuances to the cybersecurity workforce supply-demand discussion, but generally, for most areas and especially for specialized cybersecurity skills, employer demand tends to exceed the supply of available cybersecurity professionals.

It should be noted, small- and medium-sized businesses, and even some large corporations, rely on IT professionals with broad responsibilities. For example, a network engineer will obviously have network architecture and administration duties, buy may also spend one-third of his/her time on cybersecurity. This is the nature of just about every IT professional today — some level of knowledge and expertise in cybersecurity is required.

Q. What types of cybersecurity jobs are in demand right now?

A. Data from CyberSeek indicates employers in Connecticut are most likely to be hiring for cybersecurity engineers and cybersecurity analysts.

One of the trends that has been building over the past couple of years is the growth of specialized cybersecurity skills that elevate a security professional's skill set beyond the generalist. This is in response to the growing sophistication of security threats, requiring a defensive posture that goes beyond the basics of firewalls and anti-virus software.

Emerging skill areas may include analytics for threat modeling and identifying anomalies on the network, penetration testing and vulnerability assessment skills to proactively identify points of risk and remedy before discovered by hackers, and information assurance to protect data wherever it may reside.

At the most senior level and primarily for larger companies, chief security officer skills require a holistic view of the cybersecurity landscape, encompassing not only the technology, but also the people, process and risk management elements.

Q. What is the industry demand expected to be like in five years?

A. Looking ahead over the next five years, cybersecurity is projected to be one of the fastest-growing categories among all IT positions. In terms of the outlook for skills, artificial intelligence will undoubtedly be used by hackers in ways that are difficult to anticipate (beyond it will be a lot worse than what we see today), which means security professionals will also need to be adept at using advanced tools, which may include artificial intelligence components.

Q. What skill sets or backgrounds are employers looking for in job candidates for cybersecurity roles?

A Employers tend to seek security professionals with a well-rounded foundation of IT skills, coupled with security-specific training, certification and experience. Common feeder roles or on-ramps for a cybersecurity career include IT support specialist, network engineer or systems engineer. Research by CompTIA also confirms the importance of soft skills, such as communications, collaboration and creative problem solving.

Q. Are colleges and other education institutions doing enough to build a cybersecurity workforce pipeline?

A. Colleges and education institutions face a number of challenges when it comes to developing tomorrow's cyber workforce. First, technology frequently moves faster than colleges can build curriculums and find instructors equipped to teach cutting-edge material (especially now when experienced cyber professionals command top dollar).

Secondly, many colleges and education institutions are not as in tune as they could be in mapping curriculums to employer needs. Granted, this can be a tricky situation for colleges and education institutions that don't want to align too closely to a single employer or a single technology due to the risk of the market changing.

The types of best practices that help ensure colleges and education institutions are best preparing students for a career in cybersecurity include: Using a council or informal sounding board of local businesses to get regular input on employer needs; incorporating industry-recognized credentials into programs, so students graduate with a degree and a certification to further validate their knowledge and skill in specific areas of security; and leveraging real-world simulations or apprenticeship-like arrangements with employers.

Q. Are companies more likely to hire a cybersecurity employee or outsource those needs?

A. It varies by company, but generally speaking, many employ a hybrid approach relying on the combined expertise of internal staff and external resources. Certain aspects of security do require very specialized knowledge, such as the forensics and investigation solutions needed after a breach occurs. For smaller firms, managed IT services provides an option to offload much of the heavy lifting of managing networks, devices and security.

Most Popular on Facebook
Copyright 2017 New England Business Media