In April, at the start of the pandemic, The Edge asked which security roles were most likely to survive a pandemic. Six months later, we’ve decided to check in with hiring managers and find out what is happening now. Is it just as tough to fill open security positions as it was pre-pandemic? Have the events of recent months moved the needle at all on infosec hiring?
Although the cybersecurity profession has been spared the widespread layoffs and unemployment that many others have experienced during COVID-19, the pandemic has had an impact on infosec jobs. In a survey released in late April by infosec professional organization (ISC)2, 47% of respondents said they’d been taken off some or all of their typical security duties to assist with other IT-related tasks. In an informal Dark Reading flash poll last month, while 30% of respondents said their security teams are hiring now, 45% said they need additional staff but are restricted by hiring freezes or spending limits, and 12% said they were recently forced to cut security staff.
We spoke to several people responsible for filling security job roles and found out a variety of perspectives. Here’s what they had to say.
We can’t find the help we need
It’s become a years-old story: infosec workers are hard to come by. It typically takes eight months to replace a security analyst and almost four months to train a replacement, according to CyberVista. Some say it is because there is a shortage of appropriately skilled workers. Others claim it is an unreasonable set of expectations among employers and job listings that are difficult to decipher.
Eric Carrell, a DevOps engineer with RapidAPI says his firm is building out a team based on an increased need for infosecurity pros, but it is proving difficult because experience isn’t matching up with the firm’s needs.
“Hiring is slower than our expectations because as employers we want the right skill set and experience among candidates, which may not be possible at this point of time. So instead, we’re thinking about how future roles will need to be adapted and filled according to software and application development needs.”
Carrell said RapidAPI is also looking at the possibility of upskilling current staff with on-job certifications and training opportunities.
COVID has accelerated our need for security staff
Anonymously, a developer relations specialist working in a firm focused on data enrichment says the pandemic has only made hard-to-find infosec staff even more elusive as they seek to hire due to rising security threats from widespread remote work arrangements.
“Our organization is seeing the amount of threats growing and demand rising, increasing the need for hiring for cybersecurity professionals, especially in the field of behavioral biometrics as a novel way to combat fraud.”
People are afraid to make a move
Patrick Foxhoven, CIO and EVP of Emerging Technologies at cloud security vendor Zscaler says he wants to hire new talent in order to keep pace with today’s hyper-competitive market, but while he is finding interest out there, there is reluctance among candidates.
“We are still noticing less movement as people are worried about job security and assume their current role is safer than a new opportunity,” he said. “But we’ve changed our policies to accommodate and encourage what used to be traditionally in-office roles to now be remote beyond the pandemic, because ensuring we are evolving how we work is a major key to remain competitive and attractive.”
In government, they are still playing catch up
Maria McGregor, manager for external communications with BAE Systems Intelligence & Security, a large government contractor, says the uptick in remote access needs during COVID has strained government agencies that were simply not prepared.
Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio