With cyber-attacks involving a wide range of industries and organisations like the NHS, the US Department of Justice and Bangladesh Bank, through to events like the US elections, 2016 was the year that cyber security entered the minds of the general population.
As a result of these attacks, there has been a need for higher investment in cyber security infrastructure, and many businesses are looking for preventative solutions.
Terry Gager, Senior Consultant of Security and Intelligence at Cogs Agency explains how the need for candidates has surged, and that organisations are now engaged in a recruitment drive for cyber professionals.
Candidate supply needs to meet demand
Does Terry think there has been a rise in the requirement of talent off the back of global cyber attacks?
Terry: “Yes of course, absolutely. There is a particular shortage of permanent candidates who understand the nuts and bolts of network security. Firewalls and load balancing is an area where there is still a lack of skills, even though the technology is quite old. And, not many people are learning these skills, even though the technology is still effective in mainstream security.
Also, there is a lack of security people with sufficient software development skills and this will start to become more of a problem soon, as not even university courses are putting software development modules into degrees.
There is also a shortage of penetration testers/ethical hackers to work on a permanent basis. The freelancing culture of these candidates doesn’t sit too well with companies who are quite keen to engage them permanently. This creates a skills deficit, but this is a very good entry point into the market for graduates.”
Along with the cyber-attacks, GDPR (discussed in a post on Germany’s new regulations on the digital market) comes into force in May 2018. This is creating an uptake in the rate that employers are introducing cyber specialists in their businesses and organisations. Some of these organisations usually have a managed service provider or work with a consultancy already, so they won’t need talent straight away.
Terry explains “I am well aligned to these MSSPs and consultancies and they need to increase their cyber security staffing, so they’ll call me. All companies will need a dedicated Data Protection Officer who will report directly to the C-suite in businesses. I am interested to see how this will look in reality. I think there may be a way of turning this into a dual role within the compliance/legal team.”
With Oracle recently announcing a new automated database that can patch cyber security flaws itself, is this something that will have an impact on the way cyber professionals work?
Terry explains, “Patching is a very simple and effective way of safeguarding an application or device. It is a real positive. Look at Apple for example. As long as you accept the IOS updates on your iPhone, the whole infrastructure is protected. Apple are very effective at securing their products. Security can be hard to predict so it is really positive when a company takes a proactive strategy to protect their own systems and applications.”
“People now understand the threat. It’s not just an IT problem, it’s a societal problem, too.”