EP 01: The Twenty-One Biggest Cybersecurity Threats, Trends, Predictions for 2021 – #1. Cybersecurity Skills Shortage
If recent years have seen a tight labor market, then expect 2021 to be even tighter. According to a Forbes magazine report, they had this to say. “The labor market is tight right now, and this is the biggest challenge business leaders face today. And I’ve got bad news for you: It’s not going to get better anytime soon.” That, according to Bill Conerly, contributing editor to Forbes, who also had this to say; “As I go around the country speaking about the economy and labor markets, I’m also listening to business leaders as well as managers of non-profits and government agencies. They are telling me that hiring is hard and turnover is high. This is a problem you’ll be living with for years.”
Here’s more alarming information. FireEye’s publication, Facing Forward, Cyber Security in 2019 and Beyond, states that “According to various industry estimates, there are two or three million cyber security jobs that will go unfilled by the year 2020. While the numbers vary by study, the point is that if you take every single person in every computer science major in the U.S., that’s still not enough to fill every open cyber security position. And we know most of those people will choose another field and won’t end up working in cyber security.”
The 2020 predictions for unfilled cyber jobs has essentially held true at the time of this printing, so how bad will it get for 2021? Experts point to a staggering 3.5 million unfilled cybersecurity jobs by 2021. There’s simply not enough talent to keep up with the massive growth in the industry, that, according to various experts. As the world becomes more connected, we’re going to need more cybersecurity professionals to secure the seemingly endless networks and devices that bridge our lives together, but we simply don’t have enough of them. The results are cybersecurity jobs going unfilled for months, leaving businesses highly exposed to security threats. What’s worse, whatever IT personnel an organization may have on staff, they often lack the necessary technical expertise for building a true cybersecurity program.
Technology professionals know that they can command heavy salaries. They also know they can find a job within weeks – even a few days – if they decide to jump ship for any number of reasons. Some companies are getting very creative in hiring, and most importantly – retaining employees. Stock options, significant bonuses, expanded pay – whatever it takes to get the right employee on board, and keep them – is now the new norm for many companies. “If you’re finding the job market a bit tight these days, you must not be in cybersecurity. As hackers ramp up attacks with increasingly sophisticated methods and tools that are readily available for purchase on the dark web, the “white hats” need all the help they can get,” according to Brian NeSmith, co-founder of Arctic Wolf Networks.
How bad? The industry will see a whopping gap of 3.5 million positions unfilled. According to Cybersecurity Ventures Founder Steve Morgan, “With this huge growth in cybercrime, the world is just not able to keep up…we just don’t have the cybersecurity talent.” Additionally, says Morgan, “If you look at healthcare, or any vertical, companies up and down the food chain… would like to outsource security if they can. They don’t have the staff.”
Davide Shearer, former CEO of (ISC)², one of the world’s leading cybersecurity professional organizations, had this to say, “The volume of attacks and sophistication of attacks from around the world continue to increase…We have nation-state types of attacks, criminal activity types of attacks and individuals that are just trying to do fraud and cybercrime. And so as these activities on the web continue to grow, there continues to be less and less of the qualified people that we need to conquer those attacks.”
Word to the wise for all of you. Number one, as a business, do all you can to hold on to whatever cyber talent you currently have, because replacing that person will be increasingly difficult, and expensive. Number two, if you’re in the field, or considering a career in cybersecurity, make sure to check out certifications that, in my opinion, are worth their weight in gold. I’m talking about the following four:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
Now, as to the in-demand jobs for 2021 in cybersecurity, here’s my list:
1. Penetration Tester: With cybersecurity attacks on the rise, organizations are being required to undergo annual penetration tests, courtesy of today’s growing regulatory compliance world. From PCI DSS assessments to SOC audits, HITRUST certification, FISMA compliance – and more – a penetration test is a must. But more than just compliance, performing a penetration test is a best practice that every organization should be doing. If you’ve got the skills to be a penetration tester, you’ve got a six-figure income coming your way, no question about it.
2. Software Developer: Society lives, eats, and breathes on the web. Almost everything we do – paying bills, ordering groceries, scheduling medical appointments – and more – all happens online. That’s because companies are busier than ever launching web enabled services for the consumer market. This in turn means that these very companies are also looking hard and fast for software developers. If you’ve got the skills to write code and develop web-facing software applications, you’ve got a six-figure income coming your way, no question about it.
3. Network Engineer: The role – and title – of Network Engineer can be quite expansive indeed, but generally speaking, this an individual with the skills needed to manage an organization’s I.T. infrastructure in terms of firewalls, routers, switches, and almost anything else related to the network. Equally important is the ability of this individual to build out, monitor, and maintain a network in the cloud, such as with Amazon AWS, Microsoft Azure, and Google GCP. If you’ve got the skills to maintain an I.T. network – especially in the cloud – you’ve got a six figure income coming your way, no question about it.
4. Internal Compliance Officer: Organizations are being confronted with an onslaught of what I call security, governance, and compliance requirements. Audits have to be performed annually. Security policies and procedures need to be written and regularly updated. Incident response testing and security awareness training has to be undertaken each year. Just a few examples of the dozens of tasks required by an internal compliance officer. If you’re organized, can manage projects, and have a basic, yet sound knowledge of information security, you’ve got a six-figure income coming your way, no question about it.
5. External Compliance Auditor: Audits are a mainstay in today’s cybersecurity world. Name the industry, and there’s an almost 100% chance of a regulation in force requiring an audit. CPA firms and consulting organizations are hot on the search for auditors who can perform assessments. If you’re into auditing, have a fair knowledge of I.T. and cybersecurity, and are willing to travel, you’ve got a six-figure income coming your way, no question about it.
6. Data Privacy Officer: Cybersecurity threats are placing immense pressures on organizations to get serious about data privacy. Laws and regulations such as the GDPR and CCPA are just the beginning of what’s sure to be a massive tidal wave of privacy mandates heading our way.
7. Chief Information Security Officer (CISO): Overseeing all things cyber is essential for today’s businesses, and to know surprise, companies are looking for Chief Information Security Officers (CISO). A CISO was somewhat of a foreign concept just a few short years ago, but that’s all changed as cybersecurity threats continue to grow. As a C level executive, a CISO will ultimately find themselves at the discussion table with the CEO, CFO and other senior leaders. These are six-figure jobs – and in the world of publicly traded companies – often seven-figure salaries.
8. Cybersecurity Consultant: A well-skilled cybersecurity consultant is absolutely invaluable when it comes to helping organizations deal with all things related to cyber. From architecting cloud solutions, writing policies and procedures, offering guidance on regulations, and so much more. a cybersecurity consultant is in hot demand. If you’re an individual with a wide-range of cybersecurity skillsets, have excellent communication skills, then you’ve got a six-figure income coming your way, no question about it.
To learn more about cybersecurity and how to protect your organization, visit charlesdenyer.com today and get access to a wide range of world-class resources on all things cyber. Additionally, my companies offer comprehensive cybersecurity, data privacy, and regulatory compliance services & solutions for businesses all across the globe. Book a call with me today at charlesdenyer.com/contact and let’s discuss your needs.