The Internet and IT at large are perhaps the most significant resources changing our personal and work lives right now. Entire new jobs, for example focused around the use of social media are being created and entirely new working practices being developed for mobile users accessing data from an increasingly wide range of funky new devices. Fundamentally, technology and effectively using data is critical to the growth of UK PLC across both public and private sector. The government clearly supports this position too, as demonstrated by their additional investment of £650M in cyber security in the "age of austerity". Our ability to protect data in our businesses is directly linked to confidence, which in turn is a key driving factor of growth from the small business to the national scale. Over the coming years, security is a critical field in enabling us all to seize the opportunities new technology and working practices may offer. That and of course trying to avoid the "Sony" moment - breaching data to significant loss of reputation and market cap.
The security field is at an interesting point of change. Enhanced threat, technology change and regulation are all driving a significant evolution of the profession. SophosLabs now sees over 150k new samples of malware every day - the majority of which are designed to provide back door access to your computer, steal your data and money. Cyber criminals are now working on organised criminal gangs selling each other products, services and even technical support to simplify high tech, fast evolving cyber attacks. Cyber criminals are building their talent pool and are developing an illicit economy. As any economist will tell you, this results in innovation, research and development. Technically skilled security professionals will be required to combat their innovations. The array of new devices like iPads, Android phones and iPhones also represent a challenge as more expertise is required to manage and protect the diverse technologies used in the business - it is no longer just about Microsoft! Regulations and compliance are also fundamentally challenging businesses, moving the traditional technical IT security role to interface with the business. The CISO today is often more a business leader, than a security practitioner. Security leaders need business, cultural influencing and even senior management skills and are embedding themselves within different functions in the business. The stereotype of the security geek trapped in the dark depths of IT is fading. Over the coming years, more regulation and the changing shape of business will produce a wider range of security roles.
Yet, even right now many are struggling to identify and hire the right talent in to security positions. In many cases conventional hiring strategies are not producing the right results. There has been over a 50% reduction in the number of students studying IT, yet according to numerous surveys
there is a huge projection of growth of jobs (across numerous categories of roles) and an existing deficit that needs to be addressed. Initiatives like the UK Cyber Security Challenge are working to plug this gap and represent a new strategy to identifying and nurturing talent.
Without a doubt, cyber security has never been at such a high point of awareness or critical importance to growth. Cyber criminals are developing more malicious code, infecting more web pages and having greater impact on us all in our personal and work lives. Skills in this area are bound to be in demand and valuable, spanning many different types of role in every industry. Keep an eye on the development of this problem domain and explore some of the less conventional talent channels such as Cyber Security Challenge UK
. Help us recruit the right talent to fight back at cyber criminals.Free helpful resources:
- Sophos Threat Report (simple, accessible description of the security industry and present threat trends)
- Sophos Threatausarus (simple A-Z overview of security threats so you can speak the language)
- NakedSecurity blog (follow the latest security incidents and challenges)