It has been an interesting year within the cybersecurity sector. After deep research and analysis, we have curated our 2020 predictions for cybersecurity jobs.
Impact of CCPA on jobs
The CCPA becomes law on January 1st and reports suggest that many companies still aren’t ready. While American companies were reluctant to comply with the GDPR, the expectation is that the CCPA will be harder to ignore. The maximum fines under CCPA are not as high as for GDPR but with the prediction that there will be class-action suits for violations, they actual cost of a breach could be significant higher than the limits suggest.
What we expect as CCPA becomes law, is that more companies will look at consultancy options to ensure compliance. We are seeing a general increase in the number of privacy jobs as companies start to understand how privacy is different to security, and how important it is to their consumers. Our expectation is that this increases in 2020. This increase won’t just be limited to the US. Chief Privacy Officers are having to manage different legislation for their organizations that are being imposed from different countries and regulators. Ensuring global compliance is a challenging task and one that requires a growing workforce.
Focus on training as well as recruiting
The skills shortage in cybersecurity is widely reported and companies are struggling to find the best possible people for their teams. Companies are also being heavily criticized for the lack of career progression and training they provide to their security staff. Upskilling new or existing staff is an essential tactic to close the skills gap.
Importance of remote working for attraction
Companies that offer remote working are significantly more attractive to candidates than those that don’t. Companies that allow remote working find they have a bigger pool of talent available to them. This is because they are not restricted to recruiting in one location, but also because candidates like to have the option of working remotely.
A level of remote working is almost expected by candidates now and they expect to be able to manage their own work pattern. It may be just one day a week but they don’t expect to be forced to be in the office if there is no need for them to be on site. This can be easier to define for those in consulting positions who are often absent from the office and on client site. It can be harder to define for those working for end-user companies where there is no obvious distinction in their working pattern. Allowing flexibility also helps employees manage their stress levels and personal commitments, ensuring happier and harder working people. Companies that aren’t using this to their competitive advantage, risk finding it much harder to recruit the best talent.
Neurodiversity becomes more prominent in recruitment strategies
Gender diversity has been an issue in cybersecurity for a number of years and we have made progress in this area. Some companies have their teams at 50-50, although there is still some way to go at a leadership level and industry wide.
What we expect for 2020 is that other areas of diversity become prominent. There has been a growing conversation about neurodiversity for a few years. With some industry leaders public acknowledging their own neuro conditions, barriers are breaking down. There is also a growing understanding on the potential benefits to the industry, as well as what steps companies can take to hire from this group. There are more resources than ever to assist companies that want to do this.
At BeecherMadden we are trying to be more aware, make our roles more accessible and be clearer on what support we can provide to candidates to clients with needs in this area. We will endeavor to increase these efforts in 2020 and we are expecting to see the same from the wider industry.
Salaries rise at a slower pace
Salaries have increased at a significant level in the past year. Some roles have seen increases of 40%, against a national wage increase of less than 3%. This is not unexpected and cybersecurity salaries have been increasing, almost year on year for the past 10 years. We have seen years where this rise slows or almost stagnates. 2015 and 2016 were years like this as companies were unable (and unwilling) to keep up with the ever-rising amounts they were being asked to pay.
With such significant rises in 2019, we may have a period of stagnation or slower growth as the market catches up. Cybersecurity roles are well remunerated, compared to years of experience. Some companies obviously underpay, but even these companies have been more willing to break their own limits on what they can offer in recent times.
While it seems odd to predict a salary slowdown in a market where there is still so much growth, it isn’t possible for companies to spend a never-ending amount of money on cybersecurity. We think companies will look to compete in other areas, rather than just contributing more and more money on salaries. At least for a time, after which, increases will likely pick up again.
IoT security threats increase
We have been talking for years about the threat that arises from connected devices. But uptake of these devices has been slow. We have seen more and more devices creep into everyday life in 2019, with more likely to come in 2020. Connected doorbells are becoming common with most people either not considering security risks, or willing to take the trust leap and use them anyway. With Alexa and Echo devices also now quite commonplace, connected homes are closer than ever. The warnings on the threats and lack of security haven’t changed and there is a real concern in the security industry about the risks posed. We expect to see more of this in 2020.
One thing that companies are doing to help with this is education. As cyber awareness training has become more common in organizations, companies have also been using this opportunity to educate their employees on how this affects their personal lives. The thought that good cyber hygiene is a lifestyle, not a work skills is gaining traction.
5G security risks
5G is now live and the race is on in many areas globally to be first or best with this technology. The US, in particular, have been very concerned about whether they will be beaten in this race by China, with international pressure to restrict utilizing Chinese tech products. The worry about the health risks posed by 5G have got a reasonable amount of press but the security risks, apart from the China connection, are not as widely reported. The EU have put out a joint risk assessment into 5G which raises security concerns. There is general consensus that not enough has been done to mitigate these risks, or at best, communicate how these risks can be mitigated.
There is the potential of more jobs that focus on 5G security in 2020. Holding back on new technology has rarely been an option businesses are willing to take. Companies are generally keen to take the benefits, accept the risk and look for ways to reduce it rather than waiting until security is at a higher standard.
Better password management
The last few months of 2019 have seen a number of breaches caused by password management. Even more concerning, we have seen some high profile breaches that have worked around 2FA where mobile phones are used. There are two lines of debate. One is that people still use the same password across multiple accounts and use very basic passwords. The other is that there are sophisticated attacks where password management would have once been thought to be secure.
What the industry seems to be saying is that we need an alternative to passwords that can make us more secure. It will be interesting to see what innovation can come out during 2020 in this area. Passwords aren’t the most interesting part of security but there may well be a market for an alternative.