The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/765798
65 WWW.ILTANET.ORG The Scarcity of Cybersecurity Experts FEATURES from those in professional services, which includes the legal profession but not the financial industry. In legal services, the average salary offered by employers in 2015 was $81,090 for a cybersecurity job. Filling those jobs is difficult, as security specialists oen prefer to be around other top researchers at leading security organizations, such as CERT under FEMA, or at private cybersecurity companies. Finding Specialists Many organizations look for workers with a CISSP certification, but there's more to what makes a good information security candidate. Candidates who live and breathe security every day can be more effective than those who hold certificates but do not continuously research and learn. Security devices generate so many alerts that organizations don't have time to review them all. A Dearth of Experts Even if you have a security event information management (SIEM) system, you need someone with the know-how to interpret the logs, tune the system to reduce false-positives, or false alerts, and keep out known malware by staying auned to current threats. The need for cybersecurity professionals is real, but having them in your organization is rare due to a shortage in the field. According to a 2015 Penninsula Press analysis of numbers from the Bureau of Labor Statistics: » More than 209,000 U.S. cybersecurity jobs are unfilled. » Cybersecurity job postings are up 74 percent over the past five years. » There is negative unemployment in the field. Just five years ago, the financial industry and large retailers cornered the market in employing security professionals. A Burning Glass survey discovered that job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall, and it takes companies longer to fill cybersecurity positions than other IT jobs. Put another way, in 2014 there were nearly 50,000 postings for workers with a CISSP certification, the primary credential in cybersecurity work. That amounts to three-quarters of all the people who hold that certification in the United States — and presumably most of them already have jobs. But it's not just certifications that employers are aer. They also want experienced cybersecurity professionals. The survey found that 83 percent of employers require at least three years of experience. The greatest cybersecurity postings (37 percent) came JEFF MULTZ Jeff Multz is Director and General Manager for SecureWorks in Japan. For the past 17 years, SecureWorks has provided managed security services to more than 4,300 clients across the globe. Contact Jeff at jeff@secureworks.com. Fighting cybercriminals is not a matter of the kind or number of next-generation security devices an organization has but of who is minding them. Even the newest, most powerful cybersecurity technologies need someone to recognize and act on what they are reporting; some of the most highly publicized cybersecurity breaches happened because IT and security staff did not research alerts signaled more than once. Snag That Security Candidate If you want to attract top security candidates, your work environment should: Facilitate growth, even if it means people don't stay in the same positions for as long. Embrace change and challenge the status quo. This creates an atmosphere that allows people to be creative and find new ways to improve your organization. Encourage a fail fast mentality. The only way you know if something works is to try it. Quick failures can lead to long-term success. Empower staff to make decisions on their own. If employees are not allowed to figure things out for themselves, they are not being given the opportunity to grow. Provide the tools needed for your security experts to do the job well. They can't do the job if the tools are not sufficient.