Cybersecurity breaches have recently made global headlines, many of which have been attributed to a rapidly expanded online world because of the COVID-19 pandemic. Consequently, there is a heightened push not only to prevent such attacks from happening, but to develop IT and security infrastructure that can deal with these differing and increased online demands.
Therefore, there has never been a better time to be a cybersecurity professional, or to think about the cybersecurity needs within your business. But how is the function evolving, what are the key skills that these professionals need to have in the new era of work, and what are the most exciting roles available today?
Pre-pandemic, data security was the primary focus of the IT industry, with the introduction of the General Data Protection Regulation (GDPR), from its inception in 2016 through to its mandatory implementation in 2018 and beyond, becoming the primary concern for those within the EU especially. This was the first large-scale platform for cybersecurity professionals to demonstrate their importance to businesses and enabled the function to receive increased investment in the digital era. In fact, 91 per cent of European, Middle-East, African and Russian (EMEAR) companies who suffered a breach in 2017 made significant improvements to security in preparation for GDPR’s roll-out in 2018.
After GDPR laws were imposed, cybercriminals quickly found new ways to target data, resulting in yet more investment in IT security, even before the COVID-19 crisis impacted us all.
Since the advent of the pandemic, security has taken on even greater importance, as entire business processes and models shifted online. Where businesses have implemented remote working models for their employees, for example, security breaches have occurred in several ways:
Valuable data has been left exposed, with many remote networks via VPNs hastily set-up prior to local lockdowns
Employees logged into company programs using their own Wi-Fi or devices, and then downloaded new video conferencing tools and apps that could breach security systems
Employees have become prone to lapses in adhering to security guidelines in general
Threats, enhanced by the impact of COVID-19, will continue – with online and offline worlds set to collide more and more in the future. Ever-more widely available ‘smart’ IoT products, like smart kettles and doorbells or driverless cars, will ensure that cyber security professionals will continue to be in great demand to create secure infrastructures around these technologies.
Cybersecurity roles have traditionally fallen into one of two categories: specific technical roles around the prevention of, and reaction to, cyber-attacks, such as Security Engineers or Security Architects, or more business-focused positions like Security Analysts and Compliance Business Analysts, which are concerned with the mitigation of risk in lieu of business objectives and projects.
However, the line between ‘tech’ and ‘business’ roles for those within security is blurring. More roles now require someone who is not only responsible for the technical implementation, maintenance and development of security systems, as well as the reaction to any breaches that occur, but someone who is capable of analysing incidents, processes and procedures as well. These professionals need to act as a bridge between IT security and the business; to be a consultant that looks at the risks associated with different business projects and the effect they may have on security infrastructure.
These roles, such as Information Security Officers, span more than just the IT departments, so certain key skills and traits are required:
Technical skills, including:
An understanding of current and emerging IT and security technologies, security standards, threats and trends
Knowledge of security, risk management and assessment methodologies and standards (e.g. ISO 27000 series, NIST, OWASP, PCI DSS), and the application of them, often in large enterprise environments
Professional certificates in IT and Security from CISA or CISM, for example
And professional skills and competencies, such as:
Communication skills – including the ability to work closely with those who are not from an IT background
The ability to work in complex matrix organisations that may transcend borders
Industry experience isn’t necessary most of the time, but the attitude to learn quickly is
These skills and competencies should be on the checklist of any potential employer when looking to hire a full-service cybersecurity role – and cybersecurity professionals should be looking to upskill in these areas where necessary.
Hays has been placing candidates in numerous functions related to cybersecurity, in technical positions across Network Security, GRC and Penetration testing roles, along with more analytical roles and Chief Information Security Officer positions, in both contract and permanent markets.
Roles that combine both technical and analytical capabilities have also proven popular, including for a project we’ve been working on with a global environmental solutions specialist in France. Cybersecurity candidates for this client, and other similar roles, have been interested in the opportunity to play a pivotal role in an organisation, where they are responsible for both the technical implementation and analysis, and planning of future cybersecurity projects.
Sectors that have traditionally required high-level security systems, such as financial institutions, remain popular employers for cybersecurity professionals, as do specific cybersecurity businesses.
In addition to this, the surge in popularity of e-commerce sites and online retail since the COVID-19 pandemic ensued, has opened up a greater number of opportunities in the FMCG sector too. For example, Hays has been working with a global FMCG client and their cybersecurity hub in Warsaw, creating over 20 new jobs for cybersecurity specialists with niche areas of specialisation like Cloud Security Solution Architects and roles specifically focused on the security of manufacturing processes. This hub has grown faster throughout the COVID-19 pandemic and it, like many other cybersecurity projects Hays has been working with recently, shows little sign of slowing down in its need for quality cybersecurity personnel.
So, whether you’re a cybersecurity professional interested in a new challenge or are looking for talented cybersecurity personnel to support your organisation, get in touch with us now.
Global Head of Technology, Hays
James Milligan is the Global Head of Technology at Hays, having joined in 2000. In his role, he is responsible for the strategic development of Hays technology businesses globally.