Published on the 18/10/2016 | Written by Donovan Jackson
With a worldwide shortage of information security professionals, getting into this line of work is bound to be gainful…
These days, information security is a pervasive societal issue; it is no secret that the systems depended upon for just about every aspect of modern life are subject to misuse and attack by criminals looking for a quick buck. Or any sort of buck, not necessarily a fast one. The biggest threat of all, however, might not be insecure systems (which we’ve come to live with, out of necessity) or the horde of barbarian hackers at the gate.
Instead, it might be the shortage of trained and interested professionals to help create, deploy and manage sufficiently secure systems and processes to prevent the whole world flying piecemeal into the sun, or worse, a repeat of the greatest security threat of our time, the Y2K palaver.
In all seriousness, though, there are too few people to fill plenty of available infosec positions, according to NZTech CE Graeme Muller who said there is a ‘hidden threat’ emerging owing to the growing shortage of people with cyber-security skills. “A recent report from Cisco announced there was a global cyber security skills shortage of more than one million people, as governments and corporations struggle to keep up with the growth in cyber threats.”
A quick scan of Seek for information security jobs revealed 371 positions open (although some, such as a security officer for a university campus, are probably not ‘infosec’ jobs in the strict sense of the word); meanwhile, Andy Prow, CEO of Wellington-headquartered information security solution provider RedShield told iStart that there is ‘massive demand’ for good personnel in the field. “The cyber security workforce globally is estimated to grow to 6 million people by 2019; [even so, there will be] a 1,5 million shortage. This will affect New Zealand, as global salaries and packages will skyrocket.”
His answer to solving the problem within his own four walls is to employ ‘smart young graduates’ and retrain people from IT administrative and developer roles. Like other employers, Prow looks to the rest of the world, too, with his arsenal of ‘pull’ factors including all the country has to offer – or, as he puts it, “Importing [people] using New Zealand as a lifestyle destination.”
Continuing, Muller said the National Cyber Policy Office is doing work in this space. “It has introduced a working group to look at ways to increase cybersecurity talent; it had a look at the numbers and has estimated that by 2018, there will be 4000 new cybersecurity professional roles in New Zealand. The current rate, if we look at computer tech graduates, is miles away from that and there is little specialist training.”
He added that “Anecdotally, every CIO and companies like Xero, can’t find enough cybersecurity people. There is work being done by Immigration, as a short term ‘gap plugger’, and the tertiary education sector to address the problem, but the real problem is that there is lack of demand from the student side.”
That points to the attractiveness of cybersecurity for those who can foster an interest in it; high demand for these kinds of specialists combined with low interest in the vocation can only drive up remuneration packages. “This is good place to look for work; getting appropriately skilled depends on where you are in your career, but the polytechs are doing a pretty good job on operational roles, and a general computer science background or degree is a good starting point before becoming a specialist,” Muller added.
Prow confirmed that, and said those with the skills can expect to be ‘excellently looked after package wise’. Given the worldwide nature of IT generally and infosec in particular, he added that there are great global travel prospects and again stressed that there is a recognised path for retraining if you have relevant skills, such as software development, and wish to move into cyber security.
More than that, Prow said a good infosec prospect has a thorough understanding of the basics of computing, the attacks and threats and the available defenses and mitigation approaches, and an aptitude for questioning and challenging. “We look at someone’s experience as a benchmark of their skills, but we hire on aptitude and attitude every time,” he concluded.
