Getting Your InfoSec Team Right

Companies are investing in cybersecurity more than ever and it is a critical and yet a difficult task to bring a team that effectively monitors threats and manages security incidents. Despite the increased trend in spending in cybersecurity by industries and organizations, studies predict a major dearth of skilled security labor in the next decade.

It’s Seemingly All about Manpower

And yet, the industry shows a trend to lean towards more manpower. A 2015 security pressure report shows that 84% of the total polled respondents desired more staff to cope with security challenges.

Some of the other striking revelations from the report are as follows:

  • 54% of respondents wanted to double the size of their current information security teams.
  • 30% of respondents wanted to expand their teams by four times or more, proving how ill-equipped some teams are.
  • A further 35% said they have partnered with a security provider externally.
  • 43% of the respondents admitted to plans of signing up with a managed security services provider in the future.

The headlines made by security breaches and hacking incidents has spurred on the increase in demand for manpower but increased staffing alone won’t be adequate nor sustainable as automated security solutions are entirely necessary.

The mere implementation of threat detection tools and solutions from security operation centers (SOCs) that alert security teams of potential attacks have seen a staggering rise in the number of warnings that companies’ security teams are forced to review. This has inevitably led to the rise of hiring more security professionals among companies in various industries.

The Demand for Varied Talent in Cybersecurity

Security teams are getting broader as they are getting larger. There is a need for labor employed in risk management, putting together an incident response team, a team to manage the current infrastructure, a device management team among other roles within an organization.

Due to the requirements inherent in putting together a cybersecurity department, security architects and engineers are needed. So too are security, directors. Cryptography experts are essential, much like cyber forensics experts. The ever-evolving malware industry requires its own expert to keep abreast with the latest threats.

However, there is an apparent talent shortage of skilled personnel in the cybersecurity space. Jobs that require a high degree of skill and experience takes months and sometimes years to fill. CISO jobs usually require applicants to have about 20-25 years of work experience and more specifically, about 10-15 years in the field of cybersecurity. Even entry-level security jobs take about three months to fill, according to a recent study.

Damaging Data Breaches

Cybersecurity has now become a critical part of any major organization, even more-so one that deals with plenty of data from its clients and customers. The reality, however, is that many firms compromised due to data breaches in 2014 did not employ a CISO when the breach occurred. Quite simply, having a cybersecurity specialist and manager is a sought-after job profile by all major organizations paying heed to their cybersecurity infrastructure.

Case in point, the infamous Sony PlayStation Network hack of 2011 finally got Sony to hire its first CISO in the same year, after the breach.

Cybersecurity as a Job Market

It’s important to note that cybersecurity, as a degree is only beginning to come about in universities. A lot of professionals working in the industry are those without the specific credential of a cybersecurity degree. A large number of jobs offered in the industry, even those at critical industry such as banks find talent with the right aptitude and necessary skill before implementing a module that covers on-the-job training.

The number of job postings in the cybersecurity arena grew a staggering 74% from 2007 to 2013. That’s more than double the growth rate shown by IT job requirements. With increased demand and shortened supply comes higher pay grades.

A CISO can earn as much as $240,000 a year. Across multiple industries, the median pay for CISOs is $131,222 a year, according to recent figures from 2015. Additionally, security engineers earn as much as $128,000 a year.

Getting the balance right between manpower, skilled labor, and automated security makes the foundation for a good information security team.