Infosec Jobs: Meeting the DemandWhy Organizations Struggle to Fill Open Positions
The information security job market is rapidly growing, with positions needed in areas such as application security. But finding the talent is proving difficult, says Tom Silver of Dice.com.
See Also: Gartner Magic Quadrant for APM
Dice.com, the technology job site, has seen a 60 percent increase in cybersecurity job postings this year. "It's really critically important now more than ever that companies are keeping their data secure," says Silver, executive vice president at Dice.com, in an interview with Information Security Media Group's Tom Field [transcript below].
But regardless of the growth in information security jobs, organizations are having a difficult time filling those positions, Silver says, because the requirements of the candidates are so significant and they change rapidly.
"Think about it - you're just one person who's trying to keep up with thousands of people that are trying to hack away at a company's information and infrastructure," he says. "Trying to know as much as hundreds, if not thousands, of others and being able to ... outwit them is what makes these jobs so hard to fill and so hard to find the kind of person that you're looking for."
In an interview about the rising demand for information security professionals, Silver discusses:
- The hot careers in information security;
- Why organizations struggle to fill these roles;
- How candidates can distinguish themselves when seeking these jobs.
Silver has been Senior Vice President, North America since September 2009, after joining Dice Inc. in 2001. Bringing more than 20 years of executive marketing and management experience, Silver is responsible for overseeing Dice.com, ClearanceJobs and AllHealthcareJobs. Prior to joining Dice, he served as Senior Vice President of Marketing at Bowne and Co., Inc from 1998 to 2001; Director and later Vice President of Marketing at American Express Company from 1988 to 1998 and he began his career in marketing at Unilever, Inc. in 1983.
TOM FIELD: Just to set some context for our audience that might not be as familiar with Dice as they should be, tell us a little bit about Dice.com.
TOM SILVER: Dice.com is a website for technology professionals, specifically those that are interested in tech careers. Dice has been around for over 20 years. It's the largest employment website specifically for technology professionals, as well as for employers and recruiters that are looking to hire them. We've got about 80,000 or so tech jobs only on the Dice.com website and those are jobs that are posted by some of the top employers around the country, ranging of all types and sizes from Fortune 500, Fortune 1000, as well as smaller start-ups all around the country, all around Silicon Valley, some of the hot spots in New York as well as recruiters that are also looking to find some of those really hot tech skills.
FIELD: Tell us a little bit about your role as well, please.
SILVER: I'm a senior vice president of North America for Dice.com. I've been here for 11 years and I'm responsible really for making sure that the communities of tech professionals who come to the Dice.com website everyday have a great experience. What I mean by that is they can interact with a community of other tech professionals that are interested in employment opportunities. They have a great experience and they can interact with each other as well as with employers that are looking to hire those great tech professionals.
Cybersecurity Jobs Growing
FIELD: My understanding is that cybersecurity job postings are up 60 percent since 2011. My question for you is how do you define specifically a cybersecurity job and to what do you attribute this increase?
SILVER: A cybersecurity professional is responsible really for building and maintaining a secure computing environment, literally for the entire organization. Someone that's responsible for cybersecurity [is] going to be in charge of making sure that a company's data is secure. They're going to be in charge of making sure that the entire organization knows about security. They will be setting policies for vendors and for contractors. They'll also be looking for, literally every day, testing the company's systems to make sure that there are no breaches, that there are no weak points and they'll be on the look out for really any kind of security problem that might impact the company's data.
FIELD: It sounds like a number of traditional security positions that might be bits and pieces of this would roll up into this cybersecurity position that you define.
SILVER: Sure. There's certainly a more traditional information security role that organizations have, but let's face it, companies' information and companies' data is under attack daily from people all around the country as well as all around the world. So a cybersecurity expert needs to understand what those people are trying to do, where some of the company's vulnerabilities are and then to be able to advise the company accordingly. That job and the skills required to do it are changing literally daily.
Reasons for Job Increase
FIELD: Tell me about the 60 percent increase. What do you attribute it to and how large is this increase compared to other job post increases you might see elsewhere on Dice?
SILVER: Cybersecurity - there are a couple thousand or so cybersecurity jobs or data security jobs on the Dice.com website. And to your point, the growth rate in those jobs is significantly faster than the overall average. If you look at Dice.com on any given day, there are about 80,000 jobs or so, and that's up about 5 percent versus where it was a year ago. Think of that by comparison of cybersecurity or data security and the points you just mentioned, the increase there is over 50 or 60 percent, so really the rate of speed and the interest and the importance of these types of positions are among the fastest growing and most important on the Dice.com site right now.
FIELD: What do you see as being the hottest areas within cybersecurity or information security, and why are organizations struggling to fill these roles now?
SILVER: Some of the most important are really in the areas of data security or application security, and those are up over 30 percent year over year. But why are they so important? As I mentioned before, it's really critically important now more than ever that companies are keeping their data secure. Why [it's] so hard to find these positions is because the requirements of the individuals are just so significant, and they change so rapidly that keeping up with it is really difficult. Think about it - you're just one person who's trying to keep up with thousands of people that are trying to hack away at a company's information and the company's infrastructure. Trying to know as much as hundreds, if not thousands, of others and being able to really anticipate and to some extent outwit them is what makes these jobs so hard to fill and so hard to find the kind of person that you're looking for.
FIELD: In general, who would you say is hiring, and what are they asking specifically of the candidates?
SILVER: We're seeing hiring going on in a variety of different areas. We're seeing it in areas like defense contractors, financial service firms, technology companies, consulting companies, utilities, just to name a few. Additionally, we're seeing higher incoming from colleges and universities that are recruiting faculty for their information assurance programs from a security community. Really what we're seeing is that the companies are realizing just how important this type of position is and why they need to keep on looking real hard to try to find the skill sets they're looking for.
Tips for Landing the Right Job
FIELD: Even with all these positions open, and with the need that we certainly described, what do candidates need to do to distinguish themselves to get the right jobs?
SILVER: They really need to demonstrate what they've done at their previous organization or their current organization. They need to talk about how they've led security projects, how they've led changes in infrastructure, how they've implemented certain new policies and certain new practices at their organizations and then make it such that they can take those skills, take those experiences and make those relevant to the new situation they might be thinking about at a perspective new employer.
FIELD: We certainly have established information security as a hot position; people are eyeing it as a career option. What advice would you offer for someone that's either starting or re-starting their career in information security? Where should they begin?
SILVER: They should talk to people who know the industry. Go to a variety of different industry events and really learn about what's happening. It's the area in which the requirement is so much, the skill is changing so much, the knowledge is changing so much that you've got to really immerse yourself in the industry; you've got to immerse yourself in some of the various things that are going on and then communicate to a perspective employer that you have a good understanding of the skill set that's required.