The talent pool is changing dramatically and will continue to do so.
By Karl Sharman, Vice-President, BeecherMadden
When recruiting in cybersecurity, it’s not difficult to understand where the growth areas are and what the industry is moving into. In the past two years, one domain within cyber has required more people than most – that’s Incident Response (IR). IR specialists are those that address and manage the aftermath of a security event, breach or attack. It’s an important and highly skilled job.
IR jobs have increased dramatically in the past two years more so in North America over Europe which suggests where the market maturity currently lies. The talent pool in North America is still small for IR and the lack of candidates compared to jobs (like most through cybersecurity) is causing a spike in salaries for these highly skilled individuals. Salaries for juniors in this domain are now starting at $70,000 a year which has seen a 40% increase in the last 18 months. It is sometimes frightening for companies to see even people with only 1-year experience within IR asking for $100,000.
The salaries and skillset differ between in-house IR to consultancy positions. This is mainly due to the different requirements in the role. Consulting in IR, normally consists of working with various on-going engagements, working on end to end IR. This requires a person to be agile, a strong communicator, well skilled in reporting and highly technical in both IR and Forensics. In-house positions are a smaller part of the IR process as most companies will look to get in outside consultancies should an event or breach occur. This position is often the same environment each day and normally consists of more monitoring and hunting for incidents or intrusions.
Job descriptions often come across as a wish list but shouldn’t be taken like that, if you are looking for your next opportunity within IR. When speaking to clients, it is often the same skills that are the most important for these positions such as Malware Analysis and Mobile Forensics. Also, tools have become an important aspect of IR positions such as Encase and FTK to support forensic investigations. From our previous experience in hiring in this space we work on three things: the environments in which the candidate has been doing IR, the tools they have used and the soft skills such as communication and reporting.
IR is now hand in hand with Forensics as IR is more of the police officer and the forensic specialist is more of a detective, someone who is both is the ideal candidate for any organization looking to hire a IR specialist as they are able to do more with any investigation the organization may be required to take on. The IR domain is exciting and growing quickly especially in areas like business email compromise and cloud storage; for anyone looking to explore it, it will provide great career longevity as the threat increases.