The investor and founder of cybersecurity firm Herjavec Group explained how complex the field of cybersecurity is, and what IT pros can do to make themselves stand out.
Cybersecurity jobs are some of the most difficult tech positions to fill, and it only seems to be getting worse. CIOs expect to increase hiring for these roles, many of which will come with a high salary, in 2017, but there aren't enough security professionals to go around.
Because of this disparity, the number of open cybersecurity jobs will continue to grow. According to a June joint report from Cybersecurity Ventures and Herjavec Group, there will be 3.5 million unfilled cybersecurity jobs by 2021, a drastic jump from the 1 million open jobs in 2014.
Robert Herjavec, star of ABC's Shark Tank and founder of cybersecurity firm Herjavec Group, recently spoke with TechRepublic about the reason for this disparity. Part of it, he said, is that there simply are not enough skilled security professionals available to fill these roles.
SEE: Information security incident reporting policy template (Tech Pro Research)
"As the market grows, we need more security people," Herjavec said. "So, there's an element of increased demand, and the amount of people with those skillsets just isn't keeping up."
One of the biggest issues is the fact that it takes a lot of time to become a skilled cybersecurity practitioner, Herjavec said. The field is complex, and the need for new professionals is growing faster than pace at which existing IT pros are transitioning into roles where they're building security expertise.
However, it also seems like there are fewer people moving toward careers in security in general. There's a gap that exists between the reality of security and the "sexiness" of cybersecurity, Herjavec said. It can be very interesting to talk about, and is made to look very exciting in movies, but it is built on a lot of technical, sometimes-tedious, processes.
"When you peel away the layers, it's very technical, it's very foundational, and it's really not that sexy," Herjavec said. "It's just a lot of work that requires a lot of diligence, a lot of process, and can be very mundane for a lot of people."
Performing measurements and log analyses, and accounting for minute technical detail, are skills that take a lot of time to become truly great at. And while they're exciting for someone like Herjavec and his team, he said, many people get into the field without realizing how complicated the work is, and how long it will take to become proficient.
If someone is passionate about security, and wants to land one of those millions of open jobs, there are a certain ways they can make themselves stand out. Technical knowledge will always be a given, Herjavec said, and his base level for potential applicants is very high. However, he said he also looks for people with the level of passion, desire, and drive to fit into the overall company culture. By properly fitting in with a given company's culture, security pros can become more like trusted advisors and less like a nagging parent when trying to encourage compliance.
One secret weapon that can make a would-be security pro stand out from his or her colleagues is proper communication. Communication skills are difficult to find with someone who is also very technical, Herjavec said. The ideal professional must have technical and analytical skills, but be able to communicate the threats or security landscape clearly to the C-suite and other business professionals.
"You need somebody who can find the needle in the haystack, but you somebody who can also describe the farmer's field," Herjavec said.
Security practitioners also need a "breadth of knowledge" about the tech industry and tech infrastructure, Herjavec said. Understanding networking or storage, for example, can give someone a better background for communicating threats, but also for understanding the constantly-evolving threat landscape throughout the entire stack.
If one is wondering if a cybersecurity firm like Herjavec Group is unaffected by the shortage of security talent, the answer is a resounding "no." The biggest piece of advice Herjavec had for security pros looking for work: "Call us, because we're always hiring."
Want to learn more about how to build a successful career in cybersecurity? Download this free e-book from TechRepublic.
- Information Security Certification Training Bundle (TechRepublic)
- Landing that infosec job: These experts share their best career advice (ZDNet)
- Information Security Management Fundamentals (TechRepublic)
- Cybersecurity specialisation status up for grabs with new ACS accreditation program (ZDNet)
- 5 critical IT security questions enterprises need to answer now (TechRepublic)