What is the Future of Cybersecurity Jobs Post-COVID19?
As businesses have begun to reopen post coronavirus, many are making big leaps into automation to cut costs and avoid being so dependent on human capital. According to Forrester’s report, “The COVID-19 Crisis Will Accelerate Enterprise Automation Plans,” companies are looking to lower their exposure to future business disruption that comes from having humans executing most processes and functions within the organization. They will invest more in cognitive capabilities and applied artificial intelligence (AI), industrial robotics, service robots, and robotic process automation.
This is not a new idea. Since the innovation of the PC, the act of replacing humans with automation has occurred. In addition, we tend to see big jumps of innovations during recessions. Recessions are often followed by waves of automation that can lead to jobless recoveries; this has been born out in the last three U.S. recessions. We should expect nothing less than this time around too.
The impact of jobless recoveries via increased automation will deepen the automation trends that we started to see pre-pandemic. This has been especially true in the security industry where there has been a global labor shortage for many years. Recent research released by Emsi, a national labor analytics firm, reveals that the U.S. has less than half of the cybersecurity candidates it needs to keep up with ever-intensifying demand. CISOs are realizing that they can’t just hire more security personnel to protect their companies even if they wanted to because they are not available. Instead, they are investing in security automation so that networks can be run with the least amount of human intervention and human errors.
[You may also like: Security Jobs: What’s Hot and What’s Cooling]
However, automation doesn’t mean that firms will no longer need human resources, far from it. To be successful, companies need to rely on people that can oversee their automation programs, analyze data, and develop insights. This may mean retraining security professionals whose jobs are sidelined by automation so they can help run and manage new programs. If networks are virtually running themselves due to automation, companies can now focus on hiring people with data science and data analytic skills to train the algorithms to run the networks better. These are new and different skill sets needed not to monitor and react to security events in the network, but skillsets to teach the network what to look for and proactively react to security events itself. This might mean casting a wider net and looking for expertise outside the traditional security domain.
The current situation presents interesting opportunities for job seekers and employers looking to reinvent their organizations.
What does that mean if you are looking for an IT security job now? What skills should you have on your resume?
According to Gartner TalentNeuron™ Cybersecurity Labor Shortage and COVID-19, skills in enterprise on-premise security and intrusion detection which used to be essential are becoming obsolete. Core skills in cybersecurity, application security and network security are still desired but flat while the growing and emerging skills in cloud environments, Amazon Web Services, Microsoft Azure and AI look to hold the best promise for job seekers.
As mentioned in a previous article Security jobs: What’s hot and what’s cooling, companies are making significant investments in artificial intelligence systems. As a result, AI knowledge and data analytic skills will continue to be in high demand as companies want people who are deep thinkers, and know-how to analyze data for trends, and recognize early indications of the next cyber-attack.
[You may also like: How to Get an IT Security Job: 3 Hot Skill Sets]
Data science is hot. The U.S. Bureau of Labor Statistics reports that the demand for data science skills will drive a 27.9 percent rise in employment through 2026. Four years in a row, data scientist has been named the number one job in the U.S. by Glassdoor.
For job seekers in security, this means get certified or on-the-job training in data analytics, artificial intelligence and automation systems. Knowing how to interact and manipulate big data sets is going to be far more valuable to your employer than having 10 years of knowledge on how to provision vendor Xs firewalls. There are many education and certification opportunities available as many in the education world have already caught on to the future trend in data science. For example, Harvard offers an online Analytics Certificate Program for Business Leaders where students learn business analytics, emerging technologies, big data, and data visualization. Top technology companies such as IBM, Microsoft and SAS also offer analytics and big data certifications. There are plenty of new and emerging curriculums that job seekers can access to retrain themselves in data science across a host of industries
What does this mean for hiring companies?
As companies continue to automate their security architectures, they require fewer people with specific enterprise security network skills and more people with new data analytics and intelligence capabilities. Not only is it challenging to find talent in these areas, but it is often an easier and better path to work with the company’s existing workforce to reskill and retrain.
When companies upskill and reskill their existing employees, it is a win/win for everyone. Employees are able to continue employment in an up and coming field and companies are able to build out the needed internal team of data science talent with reliable employees that they already know.
According to West Monroe’s report The Upskilling Crisis, the World Economic Forum estimates that it costs $4,425 to hire a new employee, while the average cost of upskilling an existing employee is just $1,300 according to data from the Association for Talent Development. With the time and costs of finding and hiring data scientists, companies will get more bang for the buck by retraining existing employees who show proficiency in advanced mathematics. Also, companies get the added benefit of working with existing employees who already know the business and work culture.
The other advantage is that companies don’t have to limit the retraining to only people with cybersecurity talent. When identifying candidates for data analytics roles, companies can expand their search and look for the best and brightest within any discipline or department with heavy mathematics requirements, such as their IT, finance, and business operations departments. This gives enterprises an opportunity to retrain their best math and data people to meet the emerging security needs that they are unable to hire for.
What about companies that don’t have the time and resources to upskill and retrain?
Identifying and reskilling your existing employees can be a daunting task and is certainly not the right approach for all. Many businesses just simply don’t have the time, resources and expertise to identify the right people and build out the team to manage this new type of IT infrastructure. It can be expensive and time-consuming at a time when many businesses are looking to cut back and focus on core competencies. And as technology evolves, employers will need to pay for ongoing training, certifications and classes to make sure their companies are current. This brings businesses to a question of whether security needs to be a core competency of the company, for many the answer is yes, but not for all.
[You may also like: A Changing World Requires a Changing View of Security]
Businesses that feel overwhelmed managing and protecting their IT infrastructure or want to focus their internal teams on other core competencies, may want to consider outsourcing its network security to security experts, a Managed Service Provider (MSP). This can either be a short-term solution (until you have the time to build up the in-house expertise) or a long-term strategy. Most MSPs are going through the same transformations that other businesses are going through and have already acquired the data science capabilities necessary to meet these new challenges since security expertise is of course their primary core competency. They often offer the dedicated support, security and data analytics expertise that companies may not be able to provide in house. If you are looking to get your business up and running now this could be an intermediary solution as you figure out your long-term strategy.
Whatever strategy a business chooses to pursue at this time, the key point for job seekers is that companies are looking to automate their security operations and operationalize security analytics. Acquiring education and experience in data science and automation is a smart career move in addition to quite possibly being a major productivity driver that turns around our entire economy and fuels the nascent global recovery.
Note: A version of this article first appeared in Security Info Watch.