Two new studies have shown that vacancies in cyber-security positions have skyrocketed as have CISOs salaries. In line with the new trend of growing cyber-insurance prices and headline grabbing breaches, it appears as though the world has started to wake up to just how much it needs cyber-security professionals and just how few there are.
BeecherMadden, the recruitment company that put out these studies, saw a rise in such vacancies of 68 percent and expect that same increase to continue, ultimately with 50 percent of cyber-security vacancies going empty.
This is not driven by some kind of exodus from the cyber-sec industry but rather a large increase in demand. Meanwhile CISO salaries have gone up considerably in the last two years, with very few dropping below £100,000 a year.
David Emm, principal security researcher at Kaspersky Lab, spoke to SCMagazine, offering some insight as to this skills gap: “The growth in demand for cyber-security professionals is a consequence of the growing role of IT in our lives. Technology and internet connectivity is now woven into the fabric of our lives – there are few areas of society that aren't dependent on both now.”
The readers of this publication will not find these revelations all that revelatory. The cyber-skills gap is a theme that never fails to show up in news stories, official speeches and day to day chitchat within the industry.
SC spoke to Karla Jobling, COO at BeecherMadden, who said that we're seeing “continued demand, and increased demand from different sectors. We've seen jobs this year coming from the companies you might expect that have had big cyber-attacks. Industries that traditionally wouldn't have recruited cyber-professionals are now putting whole teams in place.”
The financial and technology industries, large targets for cyber-attacks that they are, remain the hungriest for cyber-sec professionals, with a small increase among telecommunications firms. Industries such as retail remain comparatively low which may seem strange considering the headline making breaches like Target or Carphone Warehouse.
Strangely enough, despite this increased demand, wages for sub-CISO roles have not risen to meet it. The report notes that salaries have been stagnant for the last 12 months, “with no real increases at the grades below CISO”. According to Jobling, despite the increased demand “companies are no longer willing to write a blank cheque.” While candidates are asking for big increases in salary without the necessary increase in credentials or skills, companies are just saying no.
The salaries, such as they are, aren't too shabby. 80 percent of the industry earn in excess of £500 a day, with rates more than twice that common for particularly experienced people. The second report on the other hand mentions that 75 percent of the CISOs surveyed are paid over £120,000, around four times that of the average UK salary.
Roles are also changing,and new ones are appearing requiring the same cyber-security skills. The report notes that cyber-data analytics jobs as well as training positions are popping up more and more, “Behavioural analytics, identity management and awareness look to be the trends for 2016.”