Cybersecurity in the Pandemic Part 1

Cybersecurity in the Pandemic

Cybersecurity in the Pandemic 1200 628 N2K

Unemployment around the world is skyrocketing in response to the COVID-19 pandemic. In the United States alone, the Department of Labor reports that 16.8 million Americans have filed for unemployment over the past three weeks ending on April 9, 2020. The global economic downturn has spared very few sectors, while decimating several including transportation and food services. Yet, despite the circumstances, organizations across most sectors are still actively hiring for cybersecurity talent.  In fact, LinkedIn lists 261,545 cybersecurity jobs posted within the past 30 days.  Here is a breakdown based on LinkedIn’s industry categories:

  • IT and Services: 103,001
  • Financial Services: 67,473
  • Computer Software: 66,341
  • Defense & Space: 49,708
  • Hospital & Health Care: 49,483

Why is Cybersecurity So Resilient?

The truth is that today’s uncertainty has reinforced the cybersecurity industry and highlighted its growing importance in maintaining and protecting certain segments of our economy.  Cybersecurity jobs were already in high demand prior to the world turning upside down with demand far outpacing supply to the tune of some 4M open positions globally.  

A large swath of individuals in the workforce today have been laid off or are currently furloughed as businesses are forced to cut spending to survive.  To date, these decisions have come down the hardest on positions deemed “non-essential.” For the vast majority of cybersecurity professionals, this has not been the case.  

The sudden shift to remote and distance work created a dire need for cybersecurity professionals to secure networks, technology, and personnel activity.  This is particularly true of some of the most affected areas due to COVID-19 and the open job data underscores this point:  openings in California (+0.6%) remain relatively unaffected, with job openings in San Francisco rising by +0.7% and San Jose only down -0.1%.  Washington state went down -3.7% and New York down -2.5% (of which New York City accounts for a decline of -2.7%). Those declines are relatively minor considering the disproportionate impact the pandemic and city and state-wide shutdowns are having on these geographies and other economic sectors. 

Running the Essential Workforce

The federal government recognized the cybersecurity need in a formal capacity, with the Cybersecurity and Infrastructure Security Agency (CISA) releasing a recent memo defining employees required to enable remote working, technical performance or manage networks or facilities as essential.  They went even further, specifically calling out sectors where the requirements for work from home solutions (and thus the security and privacy of those solutions) were particularly critical.  These included industries such as law enforcement, public safety, medical, energy, public works, critical manufacturing, food & agricultural production, financial services, education, and other critical industries and businesses.  Given the breadth of that list it’s no wonder cybersecurity has remained a steadfast, and increasing, requirement.

A Private Sector Perspective

The guidance under the CISA memo should not only be taken as a government only guideline–companies and private enterprises are also more reliant on essential security services now, especially since many weren’t built to support an entirely remote workforce and operations.  So in addition to needing additional security expertise they may not even have at this point, they certainly cannot afford to lose the precious talent that they have managed to acquire. 

Cybersecurity job openings in the private sector before the pandemic were listed at 471,028 total vacancies in the United States. Moving ahead and zooming in, as of April 8th, 2020, there are currently more than 10,000 open jobs for SOC analysts and greater than 17,000 jobs posted for cyber-enabled network administrators posted on LinkedIn and Indeed. 

Private sector organizations who have already invested heavily in cybersecurity and cybersecurity talent are the companies best equipped to handle the security threats brought on by the fallout to COVID-19 and a fully remote workforce.  Companies that weren’t faced with the hard reality before now have no option but to make these investments in the future. In a cruel twist, the companies who made the investment in cybersecurity talent and skill-building before coronavirus are the ones who can afford to make further investments now.  Others, including the early work-from-home darling Zoom, have had to quickly pivot to address security and privacy concerns. 

Even though it is clear companies are soliciting for open cybersecurity positions just as they have for years, they might not need to for all of their open positions. We were already evolving into a world where virtually every position has some component of technology and cybersecurity.  Why not simply train more employees to better manage the areas of cyber risk that impact their respective roles and responsibilities?

You’ve Already Hired Them

While it is great to see open positions (and we certainly advocate that individuals consider a career in cybersecurity), organizations can practice much greater efficiency as they consider the knowledge, skills, and abilities within cybersecurity roles. Counter to common belief, a cybersecurity expert need not originate from a decorated computer science major and hardened penetration tester. Instead, evidence and experience has shown that some of the best cybersecurity profiles start out with the same skills that would lead to success across a myriad of positions: self-motivation, critical thinking, interpersonal communication, and other “soft” skills.

This is particularly important to consider for those organizations who have had to implement hiring freezes and other cost cutting measures but still have to somehow prioritize and refocus on cybersecurity initiatives.  One of the most efficient ways for organizations to keep up with shifting personnel profiles is to turn their talent hunt inward and upskill or reskill existing employees. This is an ideal opportunity for these organizations to identify alternative sources of talent that could be reskilled into cybersecurity roles.  It’s already a common misconception that successful cybersecurity professionals need to come from purely computer science or engineering backgrounds.  In fact, some of the most successful professionals start in adjacent areas or even completely disparate career fields. But depending on the role and its requirements, technical skills can often be taught – especially for the most common entry and mid-level cybersecurity roles.  Additionally, employers immediately benefit from an employee’s institutional knowledge of internal business processes and the organization’s goals, reduced onboarding period and the goodwill created when employees feel like employers are invested in their career growth, especially in times of crises like these.

Like other times of economic disruption and dislocation, this is also an opportunity for individuals looking to switch careers or break into the cybersecurity industry.  Anyone who enjoys solving puzzles, connecting dots, and learning new things can find ways to excel in a cybersecurity career. This is a great time to do some research on the different types of work within the field, explore IT and cybersecurity related training resources, and spend some time gaining some new skills.  

N2K’s Response

N2K, having focused on online workforce development and training since our inception, has been uniquely positioned to offer solutions to meet remote or online requirements. We are keenly aware that many people are unemployed, furloughed, or recently laid off. Likewise, we acknowledge that organizations are making difficult decisions in essential areas like day-to-day operations and may not be prioritizing workforce developments or other investments. In response to these situations and challenges, we are offering enterprises and individuals an opportunity to experience our role-based training solution, Critical Knowledge, at no charge. This opportunity is live and available as long as you start by May 31, 2020.