By 2020 there is expected to be 1.5 million unfilled cybersecurity positions.
By 2020 there is expected to be 1.5 million unfilled cybersecurity positions.
It takes more than technical know-how to be an essential part of an IT security team, reports Greg Masters.

One might think that a net increase of 13,000 information technology jobs in February is a sign of healthy growth in the field, but a comparison to previous employment numbers from the Bureau of Labor Statistics (BLS) paints a more complex picture.

While the numbers prove conclusively that February was the best month since last September in terms of job growth for IT professionals, there is something a bit unsettling about performance over the last three months of the year, David Foote, CEO and chief research officer at Foote Partners, a Vero Beach, Fla.-based IT analyst firm and research organization, said in a report.

OUR EXPERTS

Joyce Brocaglia, CEO, Alta Associates
Domini Clark, principal, Blackmere Consulting; director of strategy, InfoSec Connect
Rajiv Gupta, CEO, Skyhigh Networks
Scott Laliberte, managing director and leader of global IT security and privacy practice, Protiviti
Michael Potters, CEO, Glenmont Group

"Only 7,533 jobs were added on average in this period compared to 11,533 jobs per month in the first nine months," he wrote. While he pointed out that a three-month span is insufficient for a true analysis of labor numbers, still, the February results indicated "volatility and uncertainty in the marketplace for U.S. tech jobs."

Foote's conclusion was that companies are cautious about hiring on full-time staff for technology-enabled solutions they are experimenting with. Rather, the call is going out to consultants and contingency workers to fill roles. This way, enterprises can remain flexible as they develop their security implementations.

To stay competitive, enterprises must scale quickly, Foote said. This means positions are being added in areas that prove effective – such as cloud, Big Data, mobile or digital technology –because the outlook shows these professionals having an impact for a long time.

"What will drive new job creation in 2017 will be hiring in niche areas – such as Big Data and advanced analytics, cybersecurity and certain areas of applications development and software engineering, like DevOps and digital product development,” he said.

Other experts point to the growth of the cloud as a determining factor in opening a wide berth between jobs to fill and candidates skilled enough to fill them. The move to the cloud and evolving threats have transformed the skill requirements for IT departments, exasperating the skill shortage, says Rajiv Gupta (right), CEO, Skyhigh Networks, a global cloud access security broker with U.S. headquarters in Campbell, Calif. "With the prevalence of cloud services, IT professionals are more valuable if they can understand user need, educate employees on risk and balance the needs of security with business," he says.

Many customers his firm works with have set aggressive timelines to eliminate most or all their datacenters, he explains. "A CISO empowering an efficient, secure company-wide cloud migration can have a significant effect on their organization's business."

As companies build out their software development programs, IT security will move to a front-office role and work directly with application teams to deploy solutions more efficiently and without compromising sensitive data, says Gupta, adding that more than two-thirds of IT professionals believe communication with non-IT departments and executives will become more or much more important in the next five years.

Gone are the days that companies are searching for CISOs based on their technical competencies alone, says Joyce Brocaglia (left), CEO of Alta Associates, a Flemington, N.J.-based boutique executive search firm specializing in cybersecurity, IT risk management and privacy. "The CISO role is now valued as a bridge for business enablement, so these leaders need to demonstrate collaboration and influencing skills with business stakeholders, be able to effectively and succinctly present to the board, interact with regulators and have the capability for the development of an overall risk strategy for their companies."

As if that's not enough, she adds, those in this role need to have a combination of true leadership skills, the gravitas and capabilities to build consensus, influence culture and be an evangelist for their programs internally and externally.

Considering by 2020 there is expected to be 1.5 million unfilled cybersecurity positions, Brocaglia – also the founder of the Executive Women's Forum – says the gap will never be closed by ignoring half of the population, women. She points to "The Women in Cybersecurity Study," co-authored by the Executive Women's Forum on Information Security Risk Management & Privacy and (ISC)2, which was released in March. "It is an eye-opening report on the stagnation and underrepresentation of women in cybersecurity," she says.

Highlights of the report show:

  • Women are underrepresented in the cybersecurity profession at 11 percent, a number that has been stagnant since reported in 2013.
  • Women have higher levels of education than men, with 51 percent holding a master's degree or higher, compared to 45 percent of men, yet hold fewer positions in management.
  • Globally men are four times more likely to hold C and executive level positions, and nine times more likely to hold managerial positions than women.
  • 51 percent of women report various forms of discrimination in the cybersecurity workforce, compared to 15 percent reported by men. Women report higher levels of discrimination, as they rise in an organization with 67 percent of C level women reporting discrimination.
  • In 2016, women in cybersecurity earned less than men at every level
  • Women who feel valued in the workplace have also benefited from leadership development programs in greater numbers than women who feel undervalued
  • Women who receive sponsorship and mentorship are more likely to be successful.

Since 2002, the Executive Women's Forum on Information Security Risk Management & Privacy (EWF) has been committed to addressing the issues highlighted in this report by delivering programs and events that help women to succeed, says Brocaglia. "So I'm not surprised to see that this study reflects what women have been telling us for the past 15 years: That they are most successful and feel most valued when they are given access to thought leaders, mentorship and leadership development programs and provided a safe and trusted environment to interact."