We have reached the fourth quarter of 2020 and it has been just over six months since the stay at home orders were widely issued in March. The ongoing effects of COVID-19 have propelled certain industries forward while forcing others to accelerate or otherwise reprioritize business objectives, in an attempt to acclimate to economic changes and new health-related regulations.
Since the beginning of the stay at home order and through the second quarter, we’ve been monitoring hiring trends for cybersecurity and IT related job roles by industry, geographic location, and workforce experience levels. While the US has witnessed turbulence in reported COVID cases in top US metropolitan cities and tech hubs in July and August, demand for cybersecurity personnel has remained relatively constant and continues to trend upwards.
How Far We’ve Come
As we compare the hiring trends data from our initial report to the end of the third quarter, we’ve found a general increase in three out of the five top industries. Collectively, we’ve seen a 25.55% increase in demand for cybersecurity talent by the end of the third quarter since April. Significant demand growth was observed within the Hospital and Healthcare industry with a 44.48% increase since April.
The consistent hiring demand is no surprise given that cyberattacks are on the rise with a recent Check Point Research report showing a 50% increase in daily attacks over the past three months. Cyberattacks within healthcare specifically are not new, (2017’s WannaCry attack), given that health records possess critical patient information most attractive to scammers attempting to steal personal or financial information.
However, ransomware attacks have escalated in frequency and complexity, especially COVID-related attacks, in most cases leading hospitals to pay the ransom in order to get medical systems back up and running as quickly as possible, or risk delaying critical care for their patients. Thus prioritizing hiring for cybersecurity talent and having a dedicated team to thwart these attacks are exceedingly essential.
Big Tech is Getting Bigger
With 42% of the US workforce still working from home and the majority of academic institutions having transitioned to online learning, the dependency on technology and connectivity has grown exponentially. With that, so has the potential attack surface for threat actors.
In April, Zoom announced that 500,000 accounts were compromised and passwords were being sold on the dark web. Not to mention the rise of Zoom bombing on conference calls or class lectures raising concerns for security as well. Technology has always been at the forefront of privacy and security allegations, now with almost half the population working virtually, this has pushed tech companies to prioritize cybersecurity in order to preserve user integrity.
While the tech industry was not immune to the economic downturn seen in the second quarter, it has made a comeback by the end of the third. The most significant change was for Internet & Tech, seeing an increase of job openings by 179.39% since the end of June. This increase is primarily due to the shift in consumer demand for e-commerce and other online services.
Year to date, job openings in Information Technology actually decreased by 38.14%, while Internet and Tech increased by an incredible 339.67% by the end of September.
Tech Exodus: Real or Fantasy?
Even with tech giants such as Facebook, Twitter, and Pinterest in Silicon Valley announcing that their workforce can either work from home 100% indefinitely or part time moving forward, it is difficult to calculate what percentage of the workforce are fleeing metropolitan areas due to the “tech exodus” reported in the last installment of this publication.
However in a recent report from Zillow, the cost of rent in San Francisco and San Jose have dropped more than 7% since March, but have steadily risen in neighboring cities or “satellite communities” in Sacramento, Reno, and Boise. Compared to last year, the list prices for homes in the Bay Area have fallen 4.9% and the amount of new listings has increased by 96%, suggesting that people are on the way out. In other cities such as Los Angeles, Washington, D.C., and Seattle, they have not seen listings of that magnitude.
Cities on the east coast and in the south have shown where the greatest demand for cybersecurity talent is needed. The cost of living in Washington DC is 18% less than in San Francisco, for those who want to still enjoy the urban city life, but do not want to strain their budget. Being one of seven states with no personal income tax, relocating to Texas can save thousands in rent and living expenses. Each location has 7,814 and 7,770 job openings respectably.
If the virtual workforce trend continues and talent is relocating from major tech cities into smaller, more affordable communities, employers need to be flexible in accommodating employees who want to continue working from home. Ping pong tables, free food, and sleeping pods no longer (or rather never did) suffice as benefits and company perks. Pre-COVID, one organization went so far as to offer a De-Location package for employees to move out of the Bay Area.
The decentralized workforce gives employers the ability to source the best talent that otherwise were beyond the limits of their local city. This opens opportunities for individuals who seek a greater work/life balance, those who cannot relocate, and other personal circumstances.
A Growing Need for Leadership
The demand for cybersecurity talent is an insatiable need across all locations and industries. While continuous efforts are put forth to engage and elevate otherwise untapped talent into introductory or entry level positions, there has been a growing call for cybersecurity leaders.
Over 51,000 Mid-Senior, Director, and Executive level positions are available as of September 30, an increase of almost 8,000 since last recorded in June on LinkedIn. What sparked the change? Perhaps the rise of COVID-19 also increased the number of related cyber attacks, leaving companies struggling to recover, or seeking alignment in the organization’s cybersecurity and business strategy as it relates to risk. Maybe they have no cybersecurity strategy at all and are starting from scratch.
However, if organizations are still searching for and outsourcing new entry level talent, then the right cybersecurity leader may be even more rare. Companies need an alternative solution to build the right talent and have a pipeline strategy in place to ensure their people are the least of their worries in securing the organization.
Building a Better Cybersecurity Pipeline
In order to ensure there’s opportunity for a cybersecurity leadership position, organizations need to assess and define their career roadmap. Having an understanding of the unique knowledge and skills necessary to succeed in each role is essential to minimize redundancies and better align roles with the talent already in-house. One organization found success in transforming their cybersecurity workforce, which allowed them to build better compensation and hiring plans more aligned with specialized roles and create a leadership role based on the business skills required in cyber management.
Additionally, leadership should consider looking beyond cybersecurity or computer science majors and invest in individuals with different professional backgrounds and experience levels. Consider internal employees from non-technical departments, the stay at home parents who are ready to make the leap back into the workforce, or those who are balancing more than one job and cannot dedicate personal time to train on cybersecurity.
Candidates with industry certifications such as CompTIA Security+ or the Associate of (ISC)² CISSP (equivalent for candidates lacking five years of job experience) can indicate tenacity, work ethic, and willingness to learn something new. Cybersecurity credentials can also be an incentive for training and onboarding interested internal talent.
For the growing rate of decentralized workers, employers should consider accommodations to support current employees seeking de-location, while also being open to sourcing new talent beyond their company’s backyard. There are resources available that align to organizational needs that can help leadership to certify teams, baseline cybersecurity skills, and build a better talent strategy.