Information technology is an industry that spans all other industries. Every facet of life— including finance, health care, government, manufacturing and even the entertainment industry—relies more and more on the digital world to coordinate resources and manage data. Workforces, customers and transactions are all managed digitally, and we no longer have just an economy, we have a cyber economy.
At the same time, criminals have become cyber criminals; and some businesses and governments have adopted cyber espionage to gain the upper hand over their competition. In response, the discipline of cybersecurity has evolved: cyber assets need protection from the cyber thieves of the new era.
The demand for this new form of cyber defender is outpacing the job market’s ability to fill it. Schools and colleges are beginning to teach cybersecurity, but the evolving nature of the industry means that companies favor more experienced individuals who are able to show insight from other spheres of technology and industry. In these circumstances, anyone currently working in information technology has a golden opportunity to transfer to cybersecurity.
A survey by Spiceworks revealed that only 29 percent of organizations have a cybersecurity expert in their IT department. While 23 percent of organizations do look to third-party cybersecurity contractors, more than half of all companies do not have access to a cybersecurity expert.
This is not because of a lack of available positions. A survey conducted by Intel and the Center for Strategic and International Studies found that 209,000 cybersecurity positions in the United States went unfilled in 2015. By 2020, it is predicted that 15 percent of all cybersecurity positions will remain empty, according to the survey. Industries aren’t ignoring the need for cybersecurity; there are simply not enough qualified applicants to meet their needs.
While this skills gap leaves the majority of organizations understaffed in their cybersecurity departments, cyber criminals are becoming more organized and technically advanced. It only takes one breach for the cyber criminals to succeed; but businesses need to successfully defend themselves against all attacks, all of the time. In this climate, experts believe that companies need to plan for when, not if, they will be breached.
A 2015 survey conducted by Duke University and CFO Magazine Global Business Outlook revealed that more than 80 percent of U.S. businesses had experienced a data breach. A study conducted by the Ponemon Institute in the same year estimated that successful attacks cost breached companies an average of $3.97 million.
Although defense against cyberattacks is certainly lacking, the value of cybersecurity specialists is clear. Smaller companies with fewer than 1,000 employees reported an 85 percent breach rate, while larger organizations with the resources to better implement security reported a figure of 60 percent, according to the Duke/CFO Magazine survey. This is smaller—but still shocking. That such a high level of data breaches is considered an improvement only highlights the need for—and lack of—cybersecurity specialists.
Breaches are expensive and frequent for business, and the skill to mitigate them is rare. The result is a huge opportunity for anyone with the right skills. Salaries are high, jobs are plentiful, and the work is satisfying and critical—and comes with excellent benefits, thanks to the need to retain staff.
Cybersecurity is undoubtedly a multiskilled profession. There is a unique opportunity for technology professionals to transition to cybersecurity—but it is a demanding and evolving field. Businesses need people who have:
- An analytical and scientific aptitude for data and artificial intelligence.
- A breadth of knowledge on how to adapt security practices for different operating systems and file structures.
- A logical, solution-oriented mindset for problems in applications and systems.
- A hunter’s eye for anomalous patterns in log data, and the ability to identify suspicious behavior.
- An understanding of mobile and wearable technology, and internet-enabled devices in the home, office and production line.
- An understanding of the workings, interplay and evolution of business and cybersecurity technology.
A cybersecurity career is not to be taken lightly. Technical knowledge and work experience are the basics; advanced, specialist qualifications and demonstrable knowledge of both attack and defense technologies will become increasingly vital as the cyber world evolves. It’s also important to develop soft skills, such as attitude and communication. Businesses need more than just specialists; they need people who can explain the needs of security concisely. Cybersecurity is a challenge; but anyone with the knowledge and aptitude to rise to it can expect a secure, satisfying, dynamic and financially rewarding career.