In search of cybersecurity deputies
Cybersecurity jobs are in high demand in the Badger State, and a workforce shortage coupled with increased cyberthreats ensures they will be for some time.
(page 1 of 2)
The internet has at times been compared to the Wild West, a place where lawlessness abounds. From frequent new reports about data breaches, hackers, malware, ransomware, and any number of other nefarious acts perpetrated by cyber criminals, the analogy sometimes doesn’t seem too far off.
As a result, cybersecurity jobs are in high demand. ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management, and governance, predicts a global shortage of 2 million security professionals by as soon as 2019.
The demand for cybersecurity professionals remains strong across Wisconsin, as well, according to new data from CyberSeek, a free workforce and career resource developed jointly by technology industry association CompTIA and labor market analytics firm Burning Glass Technologies.
Wisconsin employers posted 2,656 cybersecurity job openings during the 12-month period that ended in September 2017, according to CyberSeek’s Cybersecurity Supply/Demand Heat Map. That’s in addition to the estimated 8,900 cybersecurity workers employed in the state as of the end of 2016.
Wisconsin’s cybersecurity workforce supply and demand ratio of 3.4 is above the national average of 2.6 for cybersecurity workers. The national average for all jobs is 5.6, which means the cybersecurity talent pool would need to more than double overnight to align with the market average.
“The demand for skilled and certified cybersecurity professionals is surging from coast to coast and border to border,” says Matthew Sigelman, chief executive officer at Burning Glass Technologies. “In many states, including Wisconsin, the demand for cybersecurity talent outstrips the supply of available workers.”
CyberSeek, in alignment with the National Institute of Standards and Technology’s NICE Cybersecurity Workforce Framework, reveals that the categories of Operate and Maintain, Securely Provision, Protect and Demand, and Analyze account for the bulk of the job postings.
“The range of job roles cited in CyberSeek reflects the multi-faceted approach that’s required to defend against an ever-expanding cybersecurity threat landscape,” Todd Thibodeaux, CompTIA president and CEO, notes. “The reality is that everyone needs some level of cybersecurity knowledge and skills, whether they have ‘security’ in their job title or not.”
The Identity Theft Resource Center estimates that 8,037 data breaches that compromised personal identifying information records occurred between Jan. 1, 2005 and Nov. 1, 2017. That’s 16 times more data breaches than companies listed on the Fortune 500.
The average cost for each lost or stolen record containing sensitive and confidential information is $141, according to the Ponemon Institute’s “2017 Cost of Data Breach Study.” That cost jumps for businesses in financial services ($245) and health care ($380). Those dollar amounts do not include the cost of notifying affected parties, nor do they account for damage to a company’s reputation.
“One of the largest security threats facing organizations today is the human element,” says Jack Koziol, president and founder of InfoSec Institute, which since 1998 has trained over 50,000 security professionals on topics like ethical hacking, application security, vulnerability scanning, and more from its Madison and Chicago-area offices. “Just one mistake or irresponsible action is enough to cause a catastrophic security incident. Malicious insiders and endpoint threats like phishing attacks and malware can target unsuspecting users and give hackers access to systems. With the right credentials, it’s possible to access nearly any system and leak sensitive data.”
Security training for IT professionals must constantly adapt to the shifting security threatscape, notes Koziol. IT professionals today must learn more tools and understand more threats than ever before, but perhaps the largest shift in the training industry has happened in the non-technical, workforce training sector.
For non-technical people, general security awareness training is now required by many state and federal regulations, Koziol explains. This type of training must be role-based (for managers, developers, IT staff, etc.), plus relevant and rigorously updated.
“Security threats change rapidly; the one-size-fits-all, one-off training approach is no longer enough to help keep systems secure,” says Koziol. “Today’s information security professional must recognize both ongoing, external attacks, as well as malicious insider activity. This requires an in-depth knowledge of network traffic patterns, threat intelligence, intrusion detection, incident response, and computer forensics. Since many attacks start with a vulnerable endpoint, understanding of mobile device, cloud, and internet of things security threats is essential.”