A recent report from Dice.com shows how tech security jobs are far outpacing their IT counterparts. It is part of a bigger trend as we see demand outstrip supply for cybersecurity professionals. The cost of hiring or retaining talent continues to climb as organizations struggle in a market with depleted quantities of quality resources. In highest demand are the security leaders, managers, and skilled engineers. These roles are the anchors to a healthy security organization and critical for success. They provide the mentorship, direction, expert guidance, and skills necessary to deliver against challenging tech obstacles, meeting the expectations of concerned executives, and countering the acts of creative cyber opponents.
The rise in salaries should come as no surprise. Security experts have been predicting this for some time and there is not likely any relief for at least a few years. The increase in compensation is a result of a hiring pool which is basically dry and demand for security capabilities continues to rise quickly. The need for cybersecurity is growing in almost all industries, as attacks, breaches, and regulations continue to rise. Some estimates predict a deficit of over a million computer security jobs by the end of 2020. This is effectively driving up the salaries.
It is great news for the professionals already in the field. Job security is at an all-time high. It is commonplace for top and even medium tier talent to be pursued with enticements to change employers. They are being lured with bigger paychecks and companies are defensively responding with improved compensation to retain the talent they have. Else they will be in the unfavorable position of themselves trying to attract resources in a very competitive environment.
Human Resource departments can help by staying on top of competitive salary reviews for current security professionals to insure compensation is at the right level to retain talent. In a presentation to a Chief Human Resources organization last year, I outlined a number of different areas where HR can play an important role in cybersecurity, including overcoming the challenges of hiring of new talent. HR should be prepared to have candid discussions with managers asking to hire new security staff, as the market price may be misaligned to budgets, compensation disparity could be disruptive to current staffing expectations, and it may take an unusually long time to successfully fill a role.
This is also a great opportunity for higher education institutions to retool and prepare the next generation of security pro's to fill the needs of the industry. In May, I spoke at the International Cyber Education Workshop, hosted at Georgia Tech in Atlanta, where educators from top academic institutions were working together to figure out how to upgrade their programs to best prepare their cybersecurity graduates to take management and technical leadership roles in the industry. Additionally, I see a great direction set by the Cyber Education Project (CEP) initiative, which is a diverse group of computing professionals representing academic institutions and professional societies developing undergraduate curriculum guidelines and a case for accreditation for educational programs in the “Cyber Sciences”. Education programs are the key to increasing the capabilities and numbers of professionals entering the field.
Until the supply of security professionals can come close to meeting demands, the salaries will continue to rise. Where deficits in hiring quality staff exist, the risks of loss will remain elevated, reinforcing even greater demand. It is a vicious circle and the only way to break free is with more security talent in the field.
Matthew Rosenquist is a Cybersecurity Strategist at Intel, an Advisory Board Member of the Graduate Professional Studies for Brandis University, and contributor to the Industry Advisory Board of the Cyber Education Project organization
IT Peer Network: My Previous Posts