Even before the COVID-19 pandemic, telecommuting was gaining momentum. Analysis from FlexJobs and Global Workplace Analytics shows that remote work grew 44 percent in the last five years and is predicted to increase even more post-pandemic.
[ Also read: Digital transformation: Why data leaders must play offense during COVID-19. ]
When the pandemic hit, the transition to remote work was expedited dramatically, and the surge of newly remote workers meant businesses needed to expand security perimeters due to the wider attack surface.
Not surprisingly, remote workers present more security risks than on-site workers: Home WiFi networks’ security protocols are weaker than those in the office environment, and many remote workers access their applications via their own BYOD endpoints, which are less secure than corporate network-connected PCs. On top of that, remote workers are simultaneously using personal email, accessing personal web accounts, clicking on malicious links they should not, etc.
Meanwhile, hackers are stepping up their efforts to infect our computers using the pandemic as a ploy. This is business as usual for hackers, who often use current events combined with automated bot techniques to scam their victims. While everyone is feeling anxious, hackers are using social engineering and other tools to get us to act, often against our better judgment.
[ How can you increase employees awareness of these threats? Read also: 3 ways leaders can build a stronger security culture. ]
The pandemic and the future of security jobs
While many of us are aware of the cybersecurity talent gap – the world will have 3.5 million unfilled cybersecurity jobs by the end of 2021, according to Cybersecurity Ventures – many businesses are trying to cut costs to prepare for a COVID-related recession. What does that mean for the current climate and the immediate future of security jobs?
It means that despite the overwhelming security talent gap, some security jobs will likely be cut as companies struggle to remain in business. From a practical standpoint, security jobs that are not focused on remote work and cloud, such as jobs in older technologies and on-premises data centers, may be more at risk.
Cooling security jobs
Security jobs that are cooling focus on traditional on-premises defense, or preventing attacks we know about. These jobs often exist within the traditional company IT data center and focus on a specific product or program.
Examples include:
Data Center Security Manager: There is less demand for these roles as companies look to pare down their data centers. Organizations want fewer physical data centers as they push more workloads into the cloud.
Hardware Engineer for Security / Security Hardware Technician: These positions tend to focus on custom chip sets, hardware, and devices. Custom hardware is falling out of favor because they companies don’t want to be vendor locked into particular hardware solutions. Accordingly, organizations are getting rid of legacy platforms, which means they need fewer people to work on them.
IT Security Operations Specialist / Security Operations Center Analyst: These roles are on the operations side and focus on managing equipment, troubleshooting, and putting manual corrections into place. These jobs diminish when companies move to managed service models where these tasks are performed for them. Next, as businesses employ machine learning and automation, companies need fewer people running the equipment and manually troubleshooting. Some roles are getting automated out of existence.
Hot security jobs
While the cooling jobs tend to address known security issues on legacy on-premises systems, today’s environment requires security to take a more offensive than defensive approach. The skills required for these jobs include cloud security, DevSecOps, user behavior monitoring, and analytics expertise.
Artificial intelligence (AI) knowledge, implementation, and configuration skills will be in high demand, as will jobs in managed services for security experts.
Examples include:
Cloud Security Engineer / Managed Service Security Manager: As companies move to private and public clouds, they need people who understand the security implications of these environments. Or in the case of managed services professionals, people who actually run and operate that environment for enterprises.
Cybersecurity Manager of Machine Learning and AI / Cyber AI Architect: These roles are responsible for analyzing big data analysis performed offline. They use AI to discover trends and correlations – in this case for security data and events.
Data Scientist for Machine Learning: This role analyzes small data in real time, to provide indications of trends occurring in the networks as the data passes through. It's a critical role to have on security teams.
As companies move to AI and machine learning algorithms, they need fewer people who can troubleshoot security events and more people who are deep thinkers, who know how analyze data for trends, intent, and recognize early indications of the next cyber-attack.
During lean economic times, underperforming security employees who focus on older technologies, especially those who are inflexible, unreceptive to training, or who lack collaboration skills, will be vulnerable. Cybersecurity professionals who are motivated to stay relevant and evolve their skills will thrive in today’s increasingly demanding security environment.
[ What critical skills should your hiring strategy target in the decade ahead? Read IT talent: New tactics for a new era. ]