Careers & People
3/14/2016
12:35 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

5 Hot Security Job Skills

Cybersecurity job openings are looking for people with a blend of technical, security, and industry-specific talents -- and it helps to know Python, Hadoop, MongoDB, and other big-data analysis tools, too.

Cybersecurity job postings grew by 91% between 2010 and 2014, faster than overall IT jobs.  The demand for cybersecurity professionals shows no signs of slowing down given the increasing rise of cyberattacks and threats on businesses and government agencies.

The latest increases in demand for cybersecurity professionals are in industries managing high volumes of consumer data such as finance, up 137% over the past five years; healthcare, up 121%; and retail trade companies, up 89%, according to data from Burning Glass Technologies’ report “Job Market Intelligence: Cybersecurity Jobs, 2015,” which published last summer. 

Analysts with the job market analytics provider see some of the same growth trends playing out in 2016 as well, says Will Markow, senior analyst at Burning Glass, which draws from its own online database of job postings. Burning Glass analysts visit nearly 40,000 online jobs sites, using advanced text analytics to extract over 70 data fields covering information such as job title, occupation, employer, industry, required skills, credentials, and salary.

“The cybersecurity job landscape is still large and growing rapidly. It is no longer a niche market within IT,” Markow says. “It is taking up an ever-increasing amount of the IT job market, over 10 percent now. In the federal government, cybersecurity accounts for over 30 percent of [the job] demand.”

In the wake of high-profile cyberattacks on a wide range of industries such as Anthem Blue Cross Blue Shield, Home Depot, Target, and the US Office of Personnel Management, the role of the chief information security officer (CISO) has risen in stature in many large corporations and federal agencies. The senior-level executive is typically responsible for aligning security initiatives with enterprise programs and business objectives.

“It would be easy for [people to think] the CISO role is most in demand or desirable. However, the CISO search draws the most candidates to them because they are at the top of the pyramids,” says Lee Kushner, president of L J Kushner & Associates, a recruitment firm specializing in the information security industry.

The biggest demand is more for folks with blended technical domains.  “I think there is a general challenge to find people with depth of technical security skills that really help make the CISO’s program more consumable and productive,” Kushner says.

Here are five of the professional skills most in demand today for cybersecurity jobs:

1.       Threat Intelligence/Security Operations Center Professionals

Many large corporations are investing in incident response and threat intelligence professionals and technologies to make sense of attack and threat information, Kushner says.

“That is an area that is still picking up,” prompting organizations to beef up security monitoring capabilities, Kushner says. “One of the hotter areas you might see is people who can lead the development and functionality of internal security operation centers.”  

Typically, large companies have outsourced security operation centers, or SOCs, to managed security service providers or professional services companies. “But I see a lot of organizations bringing their core components – Level 2 and 3 analysis -- in-house and outsourcing low-hanging fruit to managed service providers,” according to Kushner.

“It is a huge developing trend that is gaining more traction as people are dumping more money into protecting themselves,” he says. 

Within these SOCs, organizations are blending incident response, threat intelligence, and monitoring all into one scenario. This requires a cadre of specialists steeped in the discipline of information security. “They require a certain level of thinking, mindset, and discipline that is semi-ingrained in the development of security professionals and maybe things that are inherent to who they are as people,” he says.

2.       Product Development: Security software and security infrastructure developers

Technology companies and companies building internal technologies for their own use or to sell to other companies, are looking for people with solid software and infrastructure development backgrounds. These professionals work with product development teams during the design and development of the products. The goal is to help establish a solid security architecture and a security perspective during the design, build, and review process.

These positions are in very high demand, but short on supply, Kushner notes. Product security, in most cases, is about blending the application security discipline and the infrastructure discipline. Marrying those two worlds is a difficult task and requires very unique skills. Some of the technology is not necessarily public-facing, he says: some of the development work is in authentication technology or encryption.

3.       Cloud Security Specialists

As many organizations move IT applications and hardware to private, public, and hybrid clouds, understanding how that is done in a secure way is very important. Being well-versed in cloud security architecture or having firsthand knowledge of how to architect security for cloud transformation is an important and rare skill, according to Kushner. 

“We’ve seen some very strong demand for cybersecurity architects, many of whom are on the forefront of work in cloud-related technologies,” Burning Glass’ Markow says. “Some of the architect roles are the highest paying in cybersecurity today, offering salaries well over $100,000 on average.” 

They require diverse skillsets, but also require the most experience and education. As a result, employers are pulling from a small pool of workers.

Burning Glass has started to look at pathways companies can take to move InfoSec professionals into these new architecture roles, Markow says. For instance, some of the potential paths include using people from other cybersecurity engineering roles or software engineering who have either a strong cyber or a strong cloud component. Employers might have workers in their organization who have 80% of the skills they need either on the cloud side or cybersecurity engineering side. They can identify those workers and help them to develop the other 20% of skills they need to qualify for some of the cloud architecture roles, he says.

4.       Cybersecurity/IT Auditors

Another trend is the emergence of hybrid jobs, which entail skills that require a combination of IT security and financial skills or healthcare, depending on the industry, Markow says. They require a bundle of skills employers didn’t have to look for in the past.

Take the cybersecurity auditing position. Cybersecurity auditing is one of the fastest-growing roles within cybersecurity, growing 132% between 2010 and 2014, Markow says.

“We found IT auditor roles, which are most common in finance and insurance companies, at this point are the hardest to fill. They remain open the longest, about 43 days on average, which is three days longer than the average for all cybersecurity roles.”

Cybersecurity auditors perform auditing and risk management assessment, which means checking the viability of security infrastructure, looking for holes, and reporting findings to management. Auditing and risk assessment are combined with traditional IT skills such as programming and networking, creating a hybrid role that pulls from disparate functions. 

5.       Big Data Analysis

Big data analysis is one of the fastest-growing sought-after skills in the cybersecurity field.

Demand for analysts who are knowledgeable about Python, a programming language based on C and C++ languages, has grown 300% between 2010 and 2014, according to Markow. Python supports rapid application development, allowing analysts to quickly create and customize tools. 

There is also a healthy demand for people who understand the Apache Hadoop open-source programming framework for big data analysis and MongoDB, which delivers fast query speeds across large volumes of data.

The trend for Infosec analysts who can manage and manipulate large data sets and that is only going to increase as the Internet of things takes up adoption. “This isn’t a trend that is going to go away any time soon, Markow notes. “So employers are going to have to build the workforce that has the skills they need while workers and students will have to build these skills to remain relevant in the market,” he advises.

Related Content:

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.