Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

03:30 PM
Joan Goodchild
Joan Goodchild
Edge Articles

What's Really Happening in Infosec Hiring Now?

As the pandemic continues, security teams still need help they can't get. But the "skills shortage" is only part of the story.

In April, at the start of the pandemic, The Edge asked which security roles were most likely to survive a pandemic. Six months later, we've decided to check in with hiring managers and find out what is happening now. Is it just as tough to fill open security positions as it was pre-pandemic? Have the events of recent months moved the needle at all on infosec hiring? 

(image by SUPERMAO, via Adobe Stock)
(image by SUPERMAO, via Adobe Stock)

Related Content:

Security Jobs With a Future -- And Ones on the Way Out

How to Decipher Infosec Job Titles' Mysteries

New on The Edge: What Is End-to-End Encryption?

Although the cybersecurity profession has been spared the widespread layoffs and unemployment that many others have experienced during COVID-19, the pandemic has had an impact on infosec jobs. In a survey released in late April by infosec professional organization (ISC)2, 47% of respondents said they'd been taken off some or all of their typical security duties to assist with other IT-related tasks. In an informal Dark Reading flash poll last month, while 30% of respondents said their security teams are hiring now, 45% said they need additional staff but are restricted by hiring freezes or spending limits, and 12% said they were recently forced to cut security staff.

We spoke to several people responsible for filling security job roles and found out a variety of perspectives. Here's what they had to say.

We can’t find the help we need

It's become a years-old story: Infosec workers are hard to come by. It typically takes eight months to replace a security analyst and almost four months to train a replacement, according to CyberVista. Some say it is because there is a shortage of appropriately skilled workers. Others claim it is an unreasonable set of expectations among employers and job listings that are difficult to decipher.

A DevOps engineer with an API management company says his firm is building out a team based on an increased need for infosecurity pros, but it is proving difficult because experience isn't matching up with the firm's needs.

"Hiring is slower than our expectations because as employers we want the right skill set and experience among candidates, which may not be possible at this point of time," he said. "So instead we're thinking about how future roles will need to be adapted and filled according to software and application development needs."

The firm is also looking at the possibility of upskilling current staff with on-job certifications and training opportunities.

COVID has accelerated our need for security staff

Anonymously, a developer relations specialist working in a firm focused on data enrichment says the pandemic has only made hard-to-find infosec staff even more elusive as they seek to hire due to rising security threats from widespread remote work arrangements.

"Our organization is seeing the amount of threats growing and demand rising, increasing the need for hiring for cybersecurity professionals, especially in the field of behavioral biometrics as a novel way to combat fraud.”

People are afraid to make a move

Patrick Foxhoven, CIO and EVP of Emerging Technologies at cloud security vendor Zscaler says he wants to hire new talent in order to keep pace with today’s hyper-competitive market, but while he is finding interest out there, there is reluctance among candidates.

"We are still noticing less movement as people are worried about job security and assume their current role is safer than a new opportunity," he said. "But we've changed our policies to accommodate and encourage what used to be traditionally in-office roles to now be remote beyond the pandemic, because ensuring we are evolving how we work is a major key to remain competitive and attractive."

In government, they are still playing catch up

Maria McGregor, manager for external communications with BAE Systems Intelligence & Security, a large government contractor, says the uptick in remote access needs during COVID has strained government agencies that were simply not prepared.

('government' continued on page 2 of 2)

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
1 of 2

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/18/2020 | 7:19:41 AM
Skills Shortage?
The engineering positions in a time long ago used to be filled by bursaries offered to school leavers. These IT companies should start doing that instead of asking people to fork out thousands for a certification that need updating every 3 years and they still not guaranteed a job because it's not the "right" experience.
Flash Poll