In past two decades, cyber security has evolved at an accelerated rate due to advancements in technology and ever- expanding Internet. Thanks to hackers, without them cybersecurity industry might not have existed.
You will wonder before the internet era security was only limited to system administrative passwords. The Antivirus solution was born only after the first Virus attack in 1981 “Elk Virus”, which caused a massive outbreak ever in history
Evolution of Security Roles
During the rise of dot-com in 1995-2001, security picked up, later when the dot-com bubble busted security took back seat. The credit goes to Sven Jaschan, a German college student for Netsky and Sasser computer worms (2004) and that made organizations talk about the security. In those days, system administrators and network engineers were taking care of basic security like installation of antivirus, access control list and firewall management, etc.
The Internet boom, cloud and mobility opened multiple doors for attackers. To stop these attackers technology vendors introduced various technologies and it was impossible for system/network administrators to deal with these technologies. This caused the security specific jobs floated in the market.
Government regulators defined cyber security standards and guidelines, and made compliance mandatory. Regulators declared heavy penalties and sometimes imprisonment for noncompliance. This brought Cybersecurity to the board room.
Security Job Market – Current Situation
The security jobs can be broadly categorized as consulting, analysis and operations
- Consulting– Auditors, advisors and cybersecurity architects
- Analysis – Monitoring, incident analysis, and management
- Operations – Security tools and technology administration, monitoring and management
These categories are getting diluted because of extensive usage of Machine Learning (ML) and Artificial Intelligence (AI)
Using ML and AI in security monitoring products will free up security analyst from ‘an eyeball on the screen’ kind of mundane job to perform risk -based prioritization of incidents.
Changing Role of Security Analyst
Security monitoring automation mandates security analysts to upgrade knowledge with risk assessment methodologies and service management best practices like ITIL. These analysts will also spend more time with business people to discuss business impact and risks mitigation strategies. Hence soft skill like presentation, persuasion will be critical
Changing role of Security Consultant
Consulting category will be further divided into industry-specific regulatory compliances and design architecture. These consultants need to upgrade their skills to design SaaS-based solutions.
For example, Architects working on designing the security solution for the manufacturing industry, he is expected to know about smart factories, IoT devices, connectivity, data type and underlying technology fabric.
Challenges in Cybersecurity Careers
Security job profiles are changing and the demand for the security resources is increasing, as per the Forbes 2016 report cyber security jobs globally available are 1 Million and by 2019 these will be increased to 6 Million. In US itself 75% requirements are unfilled according to a 2015 analysis of numbers from the Bureau of Labor Statistics by Peninsula Press. These reports show that cyber security professionals are more on demand.
Any new entrant to the cyber security career, as well as who are walking this road are seeking for answer of the question “How to thrive in this ever evolving and challenging career path?”, but there is no answer.
Disruptive Technologies – Challenges to Cybersecurity Professionals
Artificial Intelligence and Machine learning are automating the repetitive tasks like security monitoring and incident analysis. Such an automation removes transparency and makes it difficult to analyze the actual impact and assign risk score.
New technology inventions like Blockchain and IOT devices are without any security standards. Manufacturers are compromising on security to maintain the cost of products. To compensate this Cyber security architect should be proficient in these technologies as well as how these tools interact with applications and other devices.
New Job Titles
The inclusion of Artificial intelligence and Machine learning in cyber security tools, the job will get multiplied and will create opportunities for “New collar” jobs. These “New Collar” jobs will require specialized security knowledge over the academic qualifications. The four-year degree in computer science may be replaced with more cyber security-specific education and certificates. The attitude and soft skills like investigative curiosity, a passion for problem-solving, strong ethics and an understanding of risks will take precedence.
Following are the specific areas where the specialized skills may be required
- Governance – Defining Policies, Regulatory Compliance audits, Advisory services
- Consulting – Architects, Risk assessment
- Technical Control – Subject Matter experts in specific technologies
- Security Operations – Administration, Monitoring and Management of technology controls
- Training – Security Awareness training – Content developers, trainers
For all above skill sets fancy job titles are already started floating in the market like Data Disappearance Expert, Real-Time Security Sensor Designer, Principle cybersecurity engineer, etc
Future Job Opportunities:
Fierce competition to get new products to the market with optimized cost will boost the proliferation of IoT and BYOD into business and personal space. The cyber security will play a major role in keeping business data safe without compromising user experience.
The demand for cyber security professionals will rise. Rand Corporation study states, there are around 1,000 top-level cybersecurity experts globally vs. a need for 10,000 to 30,000.