As data breaches become more frequent and expensive, the demand for IT security professionals will grow in tandem. By 2024, the cost of data breaches will grow from $3 trillionOpens a new window per year to over $5 trillion – reflecting an annual growth rate of 11% on average. This trend can be attributed to increasing fines for data breaches, with global and regional laws becoming more stringent. Companies must invest in IT security as a dedicated function to avoid these costs.
Dedicated IT security professionals will replace the current, generalized model that exists in most companies. Professionals from across database administration, networking, analytics, and application fields typically share a company’s cybersecurity responsibilities. But this is unsustainable, as companies face the need for specialized IT security skills and create an organizational structure to support a new generation of specialized talent.
According to Cybersecurity VenturesOpens a new window , there will be around 3.5 million vacant jobs in cybersecurity worldwide by 2021. Among those who apply for these positions, less than one in four are qualified for the role, reports the MIT Technology ReviewOpens a new window . Even as job opportunities in cybersecurity grows (as much as 94% in the last six years), they can take 20% more time to fill than the average IT job.
Seth Robinson, CompTIA Senior Director, Technology Analysis, and author of State of Cybersecurity 2020 Opens a new window report told Toolbox, “ One of the top security skills companies are looking for is data analysis, which can be used to understand network behavior and to search for anomalies. According to CompTIA’s 2020 research, 46% of companies are aiming for moderate improvement in this area and an additional 46% are looking for significant improvement.”
Learn More: Top 10 In-Demand Tech Skills You Should Master in 2021
Which IT Security Positions will Companies Struggle to Fill in 2021?
In this complex landscape of IT security talent acquisition, scarcity can be felt around eight important cybersecurity roles. Though almost every IT position requires cybersecurity skills, these specific IT security positions will be the hardest to fill in 2021.
1. Chief Information Security Officer (CISO)
Increasingly, companies are appointing C-level leaders to take charge of IT security. By 2021, 100% of all Global 2000 and Fortune 500 companies will have a CISO (or an equivalent). However, this is a highly demanding job that requires years of experience, strategic capabilities, and appropriate certifications. Therefore, many CISO positions will go unfulfilled in 2021.
2. Cybersecurity Analyst
A cybersecurity analyst’s job is more proactive. They monitor an organization’s network perimeter for vulnerabilities and address them before a malicious party might attack. Cybersecurity analysts will be the second-most in-demand IT security role in 2021, with a 32% uptick in hiring between 2018 and 2028, as per the U.S. Bureau of Labor StatisticsOpens a new window .
3. Cloud Security Experts
As more enterprise workloads move to the cloud, companies need experts with cloud-specific IT security skills. This includes:
- Public cloud security – A study by Burning GlassOpens a new window determined the skill with the highest projected demand is public cloud security, with a 170% five-year growth rate. Jobs mentioning public cloud security skills remain open for 79 days on average – longer than almost any other IT skills, according to CyberSeek.orgOpens a new window .
- Cloud security architecture – The Burning Glass study found this position to be the second-highest in demand with a 113% five-year growth rate.
- Cloud application security – Organizations are looking to hire application security analysts, who are cybersecurity analysts focused exclusively on software. Burning Glass found this position to have an 87% five-year growth rate.
Learn More: Top 10 In-Demand Cybersecurity Jobs in the Age of Coronavirus
4. Cybersecurity Engineers
Cybersecurity engineers approach the design and implementation of protective systems from an engineering perspective. Usually, they are tasked with building the application’s processes and systems that stave off cyberattacks. The CyberSeek.org project’s data indicates that cybersecurity engineer was the most in-demand role across 2018, 2019, and 2020. With an average annual salary of $140,000, these were also among the well-paid. This trend is expected to continue next year.
5. Cybersecurity Managers
Another hard-to-fill position is that of a cybersecurity manager. As CompTIAOpens a new window explains, these professionals supervise the implementation and management of cybersecurity initiatives in a given computing environment. Cybersecurity managers are typically responsible for implementing and overseeing the cybersecurity program for a given system or network. In fact, organizations can require more than one security manager, with each person looking after a specific segment or element of the initiative.
6. Vulnerability Analyst/Penetration Tester
Penetration tester or pentester is among the toughest roles to fill in this space, reports CyberSeek.org.
CompTIA describes this position as a “white hat” or good/ethical hacker, with the goal of helping organizations improve their security practices to prevent theft and damage. Pentesters target traditional operating systems and devices as well as emerging technologies, including the Internet of Things (IoT) devices, mobile devices, and embedded systems.
7. Network Engineers/Architects
Network engineers/architects are also highly valued in the IT security community, according to CyberSeek.org. A network engineer/architect’s responsibility will be the design, testing, and implementation of computer networks (wide area networks), local area networks (intranets, etc.), while keeping in mind security and cost requirements.
Once the network is up and running, they also help to manage software/hardware upgrade schedules, security patches, and additional network protection measures. Apart from these technical duties, this role also requires communication skills, as the network engineer/architect is the person who communicates the impact of network security on business outcomes to the company’s management team.
8. Cybersecurity Consultants
The cybersecurity consultant role is typically not in-house. Consultants, by definition, are either self-employed or are employed by an external third-party security firm. These professionals can bring a wide range of skill sets across the cloud, penetration testing, and security analysis. Consultants try and think like an attacker, finding vulnerabilities and means for ethical exploitation. This helps to plug security weaknesses and protect a companies’ data, applications, and network from similar attacks in the future.
As companies struggle to fill IT security roles in-house, demand for consultants will increasingly rise, especially among non-digital native companies.
Learn More: Younger Security Pros Fear Losing Jobs to Automation: Exabeam
Addressing Skills Shortage for a More Secure Future
There are several ways companies can work towards filling these vacancies on time and with expert professionals. Here are three tips:
- Prioritize skill requirements when writing job descriptions – Organizations should take a long, hard look at the skills required for the job, which ones can be introduced via in-house training, skill overlaps with existing roles, and write job descriptions that are more targeted.
- Look for candidates beyond IT – Employers should question if the role requires a full-fledged IT degree. In some cases, it might be possible to hire a high-potential candidate with a solid academic track record (even if in a different field), and then teach them on the job.
- Make it easier for workers to enter the cybersecurity talent pipeline – Organizations can partner with government agencies and academia to remove unnecessary barriers that workers face when entering the cybersecurity field. For instance, one of the partnerships and alliances includes:
- Cybersecurity Workforce Alliance (CWA) – an alliance of private companies, government agencies, and academia with 1000+ global members geared to train young cybersecurity professionals.
Candidates can also do their part to upskill for the various IT security roles that will be most in-demand in 2021.
IT Security Certifications to Address the Skills Gap
There are a slew of courses and certifications that can prepare IT talent for the skills shortage (and possible employment opportunity) that lies ahead in 2021. Some of these include:
- EC-Council’s Certified Chief Information Security Officer (CCISO)Opens a new window for information security executives in the U.S., Canada, Australia, Puerto Rico, as well as other countries on request.
- Certificate in Cybersecurity Analysis (IIBA®- CCA)Opens a new window by the International Institute of Business Analysis, Canada, which covers eight competency elements.
- Certified Cloud Security Professional (CCSP) by (ISC)2Opens a new window in the U.S., with offices in China and Japan; certifications from public cloud providers like Google, AWS, etc., are also worth considering.
- Degrees in exploit research, security audit, web application pentesting, and more by GIACOpens a new window in partnership with (ISC)2 as well as CompTIA’s own certificationOpens a new window .
- Any of the certifications mentioned above, in addition to more overarching cybersecurity certifications like the globally-recognized Certified Information Systems Security Professional (CISSP) courseOpens a new window .
As the demand for IT security skills grows, companies must rethink how they screen candidates and attempt to fill a vacancy. On their part, they would have to invest more in training and on-the-job learning, as opposed to acquiring readily available talent. Candidates can help in this journey by moving away from generic IT certifications into specializations like pentesting, vulnerability analysis, policy, operational administration, and other emerging areas.
How do you plan to bridge the cybersecurity skills gap in 2021? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
