The hot cyber security job market

Amid growing concern about the vulnerability of computer systems to attacks, the demand for talented cyber security professionals has never been stronger.  Careerbuilder.com currently lists more than 20,000 information security jobs across the country with more than 300 jobs located in Denver.

In fact, our clients are telling us that in many cases they have more jobs than they can fill, in part because so many candidates lack the necessary skills to navigate successfully in a business environment. 

In many cases, the problem isn’t a lack of technical skills, but an ability to fully understand and explain the nature of various threats, and to take the appropriate steps to mitigate the risks to the organization.

Here are the top five skills that hiring managers, consulting firms and cyber security agencies are seeking:

Communication – You have the ability to diagnose complex cyber issues. But can you translate those nuanced technical discussions into clear and precise business needs?  When C-Suite executives and board members receive a presentation laden with technical jargon, the urgency of the message is often lost.  The ability to take a cyber issue within the business and translate that back into how it might negatively affect the business’s reputation, customers, vendors and stakeholders is critically important.

Risk Management – Do you understand the make-up of different attacks and the length of time it will take to mitigate the risks in a cyber attack?  Do you have a fundamental understanding of how the business operates so when a cyber incident happens, you can organize a systematic plan of attack to minimize its scale? Risk management is essentially a prioritization of how a cyber team will shore up a business’s cyber architecture during a breach or after a breach.  There is no way to eliminate all cyber risks and every cyber-attack is different so there is no one-size-fits-all approach. A good analyst/manager will assess the situation, recognize and neutralize the immediate vulnerabilities while keeping an eye on smaller issues.

Technical Understanding – As attacks are deployed using a number of different technologies, a good cyber security analyst/manager will need to be well versed in many technologies.  If you are a mobile expert and the attack on your company comes through the mainframe, and you know nothing about mainframes, you won’t be able to devise a strong strategy to fix the problem.  But by having an understanding of multiple technologies including, coding, systems architecture, mainframes, mobile, etc., you’ll be in a great position to provide real value in the event of a cyber attack.

Consensus Building – Not everybody outside of IT will fully understand the importance of cyber security, however, their opinion will weigh-in on IT’s budget, size of staff and available resources.  As you will be interacting to these positions, it’s paramount that you comprehend their positions and challenges within your organization.  This way you can engage in productive conversation with everybody from finance to marketing on how cyber issues will affect their business unit.

Program Management – Cyber security isn’t a project with an end date.  It is a living organism that is constantly evolving and needs to be redeveloped and reinforced over time.  With this ever changing landscape, cyber professionals need to be vigilant and drivers of constant change and updated information to their organization.  Cyber professionals need to learn new techniques, stay up-to-date on all reported cyber attacks and adjust accordingly to make sure that your program is forward-thinking and not behind the times.

 

For more information on KPMG Cyber, please visit http://advisory.kpmg.us/kpmg-cyber.html