The Internet and IT at large are perhaps the most significant resources changing our personal and work lives right now. Entire new jobs, for example focused around the use of social media are being created and entirely new working practices being developed for mobile users accessing data from an increasingly wide range of funky new devices. Fundamentally, technology and effectively using data is critical to the growth of UK PLC across both public and private sector. The government clearly supports this position too, as demonstrated by their additional investment of £650M in cyber security in the "age of austerity". Our ability to protect data in our businesses is directly linked to confidence, which in turn is a key driving factor of growth from the small business to the national scale. Over the coming years, security is a critical field in enabling us all to seize the opportunities new technology and working practices may offer. That and of course trying to avoid the "Sony" moment - breaching data to significant loss of reputation and market cap.

The security field is at an interesting point of change. Enhanced threat, technology change and regulation are all driving a significant evolution of the profession. SophosLabs now sees over 150k new samples of malware every day - the majority of which are designed to provide back door access to your computer, steal your data and money. Cyber criminals are now working on organised criminal gangs selling each other products, services and even technical support to simplify high tech, fast evolving cyber attacks. Cyber criminals are building their talent pool and are developing an illicit economy. As any economist will tell you, this results in innovation, research and development. Technically skilled security professionals will be required to combat their innovations. The array of new devices like iPads, Android phones and iPhones also represent a challenge as more expertise is required to manage and protect the diverse technologies used in the business - it is no longer just about Microsoft! Regulations and compliance are also fundamentally challenging businesses, moving the traditional technical IT security role to interface with the business. The CISO today is often more a business leader, than a security practitioner. Security leaders need business, cultural influencing and even senior management skills and are embedding themselves within different functions in the business. The stereotype of the security geek trapped in the dark depths of IT is fading. Over the coming years, more regulation and the changing shape of business will produce a wider range of security roles.

Yet, even right now many are struggling to identify and hire the right talent in to security positions. In many cases conventional hiring strategies are not producing the right results. There has been over a 50% reduction in the number of students studying IT, yet according to numerous surveys there is a huge projection of growth of jobs (across numerous categories of roles) and an existing deficit that needs to be addressed. Initiatives like the UK Cyber Security Challenge are working to plug this gap and represent a new strategy to identifying and nurturing talent.

Without a doubt, cyber security has never been at such a high point of awareness or critical importance to growth. Cyber criminals are developing more malicious code, infecting more web pages and having greater impact on us all in our personal and work lives. Skills in this area are bound to be in demand and valuable, spanning many different types of role in every industry. Keep an eye on the development of this problem domain and explore some of the less conventional talent channels such as Cyber Security Challenge UK . Help us recruit the right talent to fight back at cyber criminals.

Free helpful resources:

• Sophos Threat Report (simple, accessible description of the security industry and present threat trends)
• Sophos Threatausarus (simple A-Z overview of security threats so you can speak the language)
• NakedSecurity blog (follow the latest security incidents and challenges)

Does your company have a Chief Information Security Officer (CISO)? If so, what do they do? Investigating incidents is a big part of a CISO's job. Liaising with the compliance team is another. But perhaps one of the biggest challenges in creating a culture of security within an organisation involves user engagement.

Building a user engagement strategy is a long-term, holistic process for an individual. It involves building relationships with multiple levels of management inside an organisation, and effectively speaking a variety of languages, both technical, and managerial. How can you structure an engagement strategy for maximum effect?

The first step in any engagement strategy is alignment. When first joining an organisation, a CISO might spend months identifying and engaging different stakeholders to understand their needs and concerns. A CISO must understand business strategy, and identify major changes within the company, including acquisitions and moves into new markets. Financial limitations and competing initiatives within an organisation are also extremely relevant here.

An alignment process will help a CISO to target and high initiatives together. Once that he is complete, service delivery is the second key component. How can a CISO build on that foundation of alignment to create relevant services for stakeholders? Think about not only reducing costs and risks, but also adding value to the business in other ways of information security initiatives. For example, delivering the ability to use a panoply of different endpoint devices might help the business to make staff more flexible.

Credibility is the third of four engagement areas for a CISO. Producing statistics and case studies to illustrate the benefits of an effective information security campaign is important if you are to maintain the support of senior management. Nothing says 'success' like demonstrating that achieving a level of security incidents are below the average your industry.

Finally, engagement involves using those around you, and giving up some of the ownership of the project. This is just as true in information security as in other organisational areas. Assuming that you are the smartest person in the room will make you the dumbest. Deferring to experts in a particular field may end up making your project stronger - but you have to identify those key players first, and understand what makes them tick.

Clearly, then, a CISO more than just a technologist or a bean counter. To succeed in this field, you must be a strong, well rounded individual with a robust technical and organisational discipline. No wonder that good CISOs are so rare.