Information Security - Hiring Trends and Trends for the Future PDF

A
Alexander Goodwin

Information Security - Hiring Trends and Trends for the Future PDF

A
Alexander Goodwin

Information Security - Hiring Trends and Trends for the Future PDF

1 de 8
Information Security - Hiring Trends and Trends for the Future
Current trends within the market "Every minute, we are seeing about half a million attack attempts that are happening in cyber space." -Derek Manky, Fortinet Global Security Strategist. In an industry that is changing and developing as rapidly as information security, it is important to not only consider what the industry is currently doing, but also to consider the future. As part of this market intelligence report, information security trends, and hiring practices in this market will be explored and to finalise the report, predictions for the future and opinions from professional leaders will be offered. Information Security is a universal term to describe the defence of information from unauthorised use, access, disclosure, modification, disruption, recording, or destruction. The term is often used to describe electronically stored information; however, it can also be used to define information in physical form. Cyber security is an additional term for the protection of information systems from damage or theft to hardware, software or to the information kept on them. In this report, the term information security will be applied to both terms. This year has seen a large-scale increase in information security with a number of high profile data breaches, including the most recent breach at the Panama Law Firm, Mossack Fonseca. In April, an unprecedented leak of the Panama Papers at Mossack Fonseca saw over 11 million files leaked to a worldwide consortium of newspapers 1. The direct effects of this data leak have resulted in the resignation of the Icelandic Prime Minister due to public pressure and this is only the beginning of implications for those involved in the leak. To date, over sixty heads of state and politicians are implicated including the football’s world governing body, FIFA. With investigations into the leak ongoing, it serves as an important reminder as to the serious consequences associated with data breaches. An increasing trend is the number of detected information security incidents, as well as an escalation in the severity of these incidents with the financial services one of the three most targeted industries for information security attacks 2. A study by the UK Government in late 2015 polled 664 large and small businesses and found that 90% of large organisations and 74% of small businesses had been involved in a security breach over the course of the year with this figure dramatically increasing from 2014 3. This finding was also validated by a PwC report, which saw a 38% increase in detected information security incidents 4. Also trending is a marked increase in the spending on information security by companies. A survey of 10,000 senior Information Security Managers by PwC found that information security spending increased by 51% in the technology sector and 14% within the financial services sector from 2015 5. Reputational damage is a main concern for companies and as such, many have increased spending on security, as 41% of organisations surveyed say that damage to their reputation had the greatest impact 3. For example, Talk Talk, a paid television and telecommunications provider, suffered reputational loss as a result of their data breach in October 2015. YouGov, an international internet-based market research firm, suggested that the data loss negatively affected Talk Talk’s public perception by over 40 points 6. Additionally, there has been an increase in the number of devices
Hiring Trends within information security that are inter-connected which is often referred to as the Internet of Things. This is increasing the risk of networks being compromised and information being leaked 3. There is also a growing interest in the human element of information security. Technology alone cannot entirely secure an organisations information, and as such, the human aspect of an organisation needs to be taken into consideration. Increasingly organisations are sharing intelligence reports on information security threats, with their staff able to be informed and compliance boosted as a result 2. The UK Government 2015 report found that 81% of large organisations and 27% of small organisations found there was an element of staff involvement in some security breaches, with reasons ranging from inadvertent human error, lack of staff awareness and weaknesses in vetting individuals 3. Hiring trends within information security At Huxley, our holistic approach to the banking and financial services industry has allowed us to provide a broad global knowledge and localised expertise to our customers for over 20 years. In those 20 years, we have seen an evolution in the industry and are now firmly placed to enter the next phase of growth in the industry, that being information security within the financial services and the technology sectors. A survey from PwC found that information security spending increased by 51% in the technology sector and 14% within the financial services sector in 2015. 2. This increase has led to the demand for workers exceeding the current supply. A Burning Glass study of job boards in 2014 and 2015 found that there were 50,000 job postings in the United States for professionals requiring a CISSP qualification, this equates to 75% of all professionals who hold this qualification in the United States 7. Similar findings were apparent across the Atlantic. An EMEA study of 1000 information security managers reportedthat over 60% experienced significant obstacles and disruptions in implementing desired security projects due to the lack of staff expertise and inadequate workforce8 9. The current breakdown of permanent and contract hiring in the UK shows that the majority of the job roles advertised on IT specific job boards is permanent with the number of permanent roles advertised over the first quarter of 2016 at 1,977, an increase of over 100% from the same period in 2015 10. Contract roles have also seen an increase although not as high as the permanent market, with 407 jobs posted in the same period, also an increase of over 100% from the same period in 2015 10. We have also seen a dramatic rise in the number of Chief information Security Officers (CISO) as well as an increase in the responsibilities associated with these roles. Historically, information security was considered within the domain of the IT department, however, high profile financial losses and reputational damage at large companies has escalated this issue to become a central focal area at board level. Consequently, there is now greater demand for Senior Information Security Managers, with C-level stakeholder management skills to enter a company and translate technical requirements and processes into simple business language that can be easily understood and appropriately actioned. This demand puts CISO’s in a strong position to negotiate remuneration packages albeit this is subject to the size of the company 11.
Hiring Trends within information security These hiring trends have not only had an impact on the number of open jobs currently available but also the average salary of professionals within the marketplace. A representation of the predicted average salary for information security professionals for both permanent and contract roles can be found below. 50 50 95 100 160 190 75 75 120 140 180 210 100 100 160 180 200 250 0 50 100 150 200 250 300 IT Security Risk Manager Information Security Project Manager Director of Cyber Security CISO (Small to Medium enviroment) Regional / EMEA CISO (Large enviroment) CISO / Group CISO (Large Enviroment) Predicted base salary of permanent information security professionals - managerial roles (thousands) High Level of Experience Average Level of Experience Low Level of Experience 45 50 50 70 60 75 75 100 110 110 130 140 0 20 40 60 80 100 120 140 160 Cyber Security Consultant (eg Big 4 / Security consultancy) Technical Assurance Analyst / Pentration Tester Cyber Security Engineer Cyber Secuirty Architect Predicted Base Salary of Permanent Information Security Professionals - Hands on / Technical Roles (thousands) Low Level of Experience Average Level of Experience High Level of Experience
Predictions for the future Predictions for the future As the services we use and how we interact, become increasingly digitised in modern life, we are contributing to an ever-increasing amount of data that has the potential to be compromised. Often referred to as the internet of things (IoT), the growth in the number of interconnected devices we use is increasing the potential risk of security breaches. At Huxley, several trends are becoming apparent giving weight to our predictions for the future. Firstly, a significant increase in the number of detected attacks that may or may not rely on or include a human element, of which, companies will increase reporting on, as well as changes in strategy and tactics that companies will be developing and deploying in an attempt to protect and secure their information. The second trend we are seeing in the market is a break out of niche information security companies within the information and cyber security sectors. These companies are following the banking and finance industries movements, as it looks highly unlikely that the static, large solutions vendors will be on the cutting edge of information and cyber security within five years. It will more so be the nimble start-ups and small to medium sized tech companies who will be the innovators of these sectors. We believe that within the next five years, companies will be able to decide from a broad range of solutions and services that will be provided by a wide variety of vendors. 350 400 450 500 400 500 700 450 500 600 600 600 700 800550 700 750 700 900 900 1100 0 500 1000 1500 2000 2500 3000 Cyber Security Analyst Cyber Security Project Manager Technical Assurance Analyst / Pentration Tester Cyber Secuirty Manager Cyber Security Consultant (eg Big 4 / Security consultancy) Cyber Secuirty Architect Interim Head of Cyber Security Predicted base salary of contracted information security professionals (Day Rate) Low Level of Experience Average Level of Experience High Level of Experience
Thoughts from the industry Lastly, the importance of authentication and identity management will grow considerably in the future as spending increases within this space. With this spending increase, companies will need to ensure that security doesn’t weaken the ability to operate and communicate internally or externally. If a breach occurs within the company’s authentication and identity management systems this could result in devastating information losses from all levels of the company. Thoughts from the industry “Information security standards need to be directly considered against the organisations core business, there cannot be a one size fit all approach to information security. If this is not done correctly it can lead to conflicting standards and a reduction in compliance.” Information Security Implementation Consultant, Medical Consultancy. “Information security requirements need to be translated into business language not only to enable boards to understand what is required, but to also help get C-level buy in, into information security transformation programs.” Regional CISO, Automotive Industry. “In the last 3 years I have seen a dramatic rise in the sophistication and severity of external threats that my company faces.” National CISO, Insurance Industry. “The attitude in relation to information security has changed dramatically in recent years from something that was considered more of a tick box exercise to something that is now integrated very early on in the decision making process, all the way up to C-level.” Senior Information security Consultant, Big 4. “A vital part of effective information security is to consider security implications of merging or interlinking systems with third parties. One of the most important parts of this process is to ensure that both parties keep their systems up to date, with the latest software patches. If this isn’t done properly, it exposes both organisations to huge security risks. Many information security breaches can be ultimately blamed on the linking of services without ensuing all systems are fully updated beforehand.” Technology Director, Investment Bank. “Looking towards the future, I foresee the need to move to an employee centric approach when considering information and cyber security with staff training becoming more and more central to an organisations information security.” Regional CISO, Insurance Industry. “No business can be made completely secure, but rather information security needs to be considered as a business value add, with consideration given to precisely what you need to keep secure within the remit of the budget.” Senior Information security Consultant, Big 4. “In the near future, I foresee the need for information security governance to become more centralised. Previously, the departmental model worked effectively, but in a time with increasingly constrained resources and an increase in the number of detected attacks, efficiencies need to be maximised. These efficiencies come from having a limited number of centrally certified products and architectures that can be monitored and maintained centrally ensuring all the upgrades and patches are kept up to date.” Senior Information Security Manager, Investment Bank. “In the coming months, I foresee the need for a more holistic approach in monitoring threat levels across an organisation, through a focus on cyber security and intelligence software to help combat the mounting threats faced by organisations.” – IT Security Specialist, Online Photo Printing Company.
1. Panama Papers Q&A: What is the scandal about?, April 2016, BBC, http://www.bbc.co.uk/news/world-35954224 2. IBM X-Force Threat Intelligence Report 2016, February 2016, IBM, http://www- 03.ibm.com/security/xforce/downloads.html ( Put somewhere in the report) 3. 2015 Information Security Breaches Survey, 2015, HM Government, http://www.pwc.co.uk/services/audit-assurance/insights/2015-information-security- breaches-survey.html 4. Turnaround and transformation in cybersecurity – Key findings from The Global Sate of Information Security Survey 2016, 2016, PwC, http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html 5. Insurance 2020 & beyond: Reaping the dividends of cyber resilience, 2016, PwC (Stephen O’Hearn), http://www.pwc.com/gx/en/industries/financial- services/insurance/publications/insurance-2020-cyber.html 6. It’s bad for Talk Talk, October 2015, YouGov, https://yougov.co.uk/news/2015/10/27/its- bad-talktalk/ 7. Job Market Intelligence: Cybersecurity Jobs, 2015, 2015, Burningglass, http://burning- glass.com/research/cybersecurity/ 8. Cybersecurity job market to suffer severe workforce shortage, 2015, CSO Online, http://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures- 2015-to-2019-indicate-severe-workforce-shortage.html 9. 5 information security trends that will dominate 2016, Dec 2015, CIO, http://www.cio.com/article/3016791/security/5-information-security-trends-that-will- dominate-2016.html?page=6 10. ITJobsWatch - Cybersecurity Jobs, 2016, ITJobsWatch, http://www.itjobswatch.co.uk/jobs/uk/cyber%20security.do#demand_trend 11. Securing the C-Suite, 2016, IBM , https://www- 01.ibm.com/marketing/iwm/dre/signup?source=ibm- WW_Security_Services&S_PKG=ov43890&S_TACT=000000NJ&S_OFF_CD=10000252&ce=IS M0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US Footnotes
Key Contacts For more information about contractual recruitment please contact: Daniel Navazesh Business Manager Contract Sales Email: d.navazesh@huxley.com Telephone Number: 0207 469 5151 This report has been written by consultants that are market specialists actively working within this market, as part of a market intelligence drive to inform businesses and professionals within the regulatory change space. Research conducted by Alexander Goodwin. Email: a.goodwin@huxley.com Telephone Number: 0207 469 5151 For more information about permanent recruitment please contact; Sachin Gupta Business Manager Permanent Sales Email: s.gupta@huxley.com Telephone Number: 0207 469 5151 Alexander Goodwin – Researcher Email: a.goodwin@huxley.com Telephone Number: 0207 469 5151 Alexander Goodwin – Researcher Email: a.goodwin@huxley.com Telephone Number: 0207 469 5151

Recomendados

2010 6 Things u need 2 know in 2010 Whitepaper Final por
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
424 visualizações20 slides
As telcos go digital, cybersecurity risks intensify by pwc por
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
553 visualizações8 slides
2014 Data Breach Industry Forecast por
2014 Data Breach Industry Forecast2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast- Mark - Fullbright
838 visualizações6 slides
CompTIA Security Study [Report] por
CompTIA Security Study [Report]CompTIA Security Study [Report]
CompTIA Security Study [Report]Assespro Nacional
890 visualizações39 slides
Etude PwC/CIO/CSO sur la sécurité de l'information (2014) por
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
2.2K visualizações42 slides
July 2010 Cover Story por
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
359 visualizações12 slides

Mais conteúdo relacionado

Mais procurados

Protecting Corporate Information in the Cloud por
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
2K visualizações7 slides
The growing mandatory requirements to protect data- secure PostgreSQL por
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
82 visualizações42 slides
idg_secops-solutions por
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
122 visualizações11 slides
50120130406020 por
5012013040602050120130406020
50120130406020IAEME Publication
264 visualizações6 slides
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme... por
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
1K visualizações42 slides
IMC 618 - Public Relations Campaign por
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
1.2K visualizações36 slides

Mais procurados(20)

Protecting Corporate Information in the Cloud por Symantec
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
Symantec2K visualizações
The growing mandatory requirements to protect data- secure PostgreSQL por Rajni Baliyan
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan82 visualizações
idg_secops-solutions por Jonny Nässlander
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
Jonny Nässlander122 visualizações
50120130406020 por IAEME Publication
5012013040602050120130406020
50120130406020
IAEME Publication264 visualizações
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme... por PGConf APAC
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC1K visualizações
IMC 618 - Public Relations Campaign por Stephanie Holman
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
Stephanie Holman1.2K visualizações
AI-Cyber-Security-White-Papers-06-15-LR por Bill Besse
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
Bill Besse348 visualizações
Assessing enterprise readiness for the IoT por The Economist Media Businesses
Assessing enterprise readiness for the IoTAssessing enterprise readiness for the IoT
Assessing enterprise readiness for the IoT
The Economist Media Businesses344 visualizações
Volume2 chapter1 security por at MicroFocus Italy ❖✔
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔352 visualizações
IBM 2015 Cyber Security Intelligence Index por Andreanne Clarke
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke536 visualizações
InformationSecurity_11141 por sraina2
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2198 visualizações
Threat Actors and Innovators - Webinar por Sparity Inc.
Threat Actors and Innovators - Webinar Threat Actors and Innovators - Webinar
Threat Actors and Innovators - Webinar
Sparity Inc.51 visualizações
The TOP 10 tech trends of 2011 por dvasilyev
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011
dvasilyev278 visualizações
Corporate Cybersecurity: A Serious Game por Tatainteractive1
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
Tatainteractive147 visualizações
The Evolution of Data Privacy: 3 things you didn’t know por Symantec
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
Symantec1.6K visualizações
Cybersecurity: Mock Cyberwar Game por Rahul Neel Mani
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
Rahul Neel Mani955 visualizações
Ce hv8 module 09 social engineering por Mehrdad Jingoism
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineering
Mehrdad Jingoism972 visualizações
Prof m01-2013 global information security workforce study - final por SelectedPresentations
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
SelectedPresentations209 visualizações
2013-ISC2-Global-Information-Security-Workforce-Study por Tam Nguyen
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
Tam Nguyen250 visualizações
IT Security in Higher Education por Rapid7
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher Education
Rapid7834 visualizações

Similar a Information Security - Hiring Trends and Trends for the Future PDF

IE_ERS_CyberAnalysisReport por
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportCamilo do Carmo Pinto
284 visualizações14 slides
Cyber savvy (2) por
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
511 visualizações19 slides
Delusions of-safety-cyber-savvy-ceo por
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoCyber Threat Intelligence Network
577 visualizações20 slides
Omlis Data Breaches Report - An Inside Perspective por
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
301 visualizações36 slides
Étude mondiale d'EY sur la cybersécurité (2018) por
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Paperjam_redaction
892 visualizações36 slides
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3) por
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
158 visualizações12 slides

Similar a Information Security - Hiring Trends and Trends for the Future PDF(20)

IE_ERS_CyberAnalysisReport por Camilo do Carmo Pinto
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
Camilo do Carmo Pinto284 visualizações
Cyber savvy (2) por naveen p
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
naveen p511 visualizações
Delusions of-safety-cyber-savvy-ceo por Cyber Threat Intelligence Network
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
Cyber Threat Intelligence Network577 visualizações
Omlis Data Breaches Report - An Inside Perspective por Omlis
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis301 visualizações
Étude mondiale d'EY sur la cybersécurité (2018) por Paperjam_redaction
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)
Paperjam_redaction892 visualizações
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3) por Sarah Jarvis
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis158 visualizações
managed-security-for-a-not-so-secure-world-wp090991 por Jim Romeo
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo61 visualizações
Data Breach Insurance - Optometric Protector Plan por sarahb171
Data Breach Insurance - Optometric Protector PlanData Breach Insurance - Optometric Protector Plan
Data Breach Insurance - Optometric Protector Plan
sarahb171127 visualizações
The Trust Paradox: Access Management and Trust in an Insecure Age por EMC
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
EMC702 visualizações
The Future of Cybersecurity por TheWiltonBainGroup
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
TheWiltonBainGroup263 visualizações
Cyber security investments 2021 por Management Events
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
Management Events142 visualizações
IBM X-Force Threat Intelligence Report 2016 por thinkASG
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016
thinkASG1.1K visualizações
An Overview and Competitive Analysis of the One-Time Password (OTP) Market por EMC
An Overview and Competitive Analysis of the One-Time Password (OTP) MarketAn Overview and Competitive Analysis of the One-Time Password (OTP) Market
An Overview and Competitive Analysis of the One-Time Password (OTP) Market
EMC1.1K visualizações
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty por Organization
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Organization9 visualizações
Signacure Brochure por Dave Lloyd
Signacure BrochureSignacure Brochure
Signacure Brochure
Dave Lloyd246 visualizações
dcb1203CyberNDI por Paul Elliott
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDI
Paul Elliott79 visualizações
Industry program panel - SINCONF ACM por christophefeltus
Industry program panel - SINCONF ACMIndustry program panel - SINCONF ACM
Industry program panel - SINCONF ACM
christophefeltus144 visualizações
Industry program panel por Luxembourg Institute of Science and Technology
Industry program panelIndustry program panel
Industry program panel
Luxembourg Institute of Science and Technology183 visualizações
Networkers cyber security market intelligence report por Simon Clements FIRP DipRP
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
Simon Clements FIRP DipRP173 visualizações
cybersecurity-250 por Chris Crowe
cybersecurity-250cybersecurity-250
cybersecurity-250
Chris Crowe132 visualizações

Information Security - Hiring Trends and Trends for the Future PDF

  • 1. Information Security - Hiring Trends and Trends for the Future
  • 2. Current trends within the market "Every minute, we are seeing about half a million attack attempts that are happening in cyber space." -Derek Manky, Fortinet Global Security Strategist. In an industry that is changing and developing as rapidly as information security, it is important to not only consider what the industry is currently doing, but also to consider the future. As part of this market intelligence report, information security trends, and hiring practices in this market will be explored and to finalise the report, predictions for the future and opinions from professional leaders will be offered. Information Security is a universal term to describe the defence of information from unauthorised use, access, disclosure, modification, disruption, recording, or destruction. The term is often used to describe electronically stored information; however, it can also be used to define information in physical form. Cyber security is an additional term for the protection of information systems from damage or theft to hardware, software or to the information kept on them. In this report, the term information security will be applied to both terms. This year has seen a large-scale increase in information security with a number of high profile data breaches, including the most recent breach at the Panama Law Firm, Mossack Fonseca. In April, an unprecedented leak of the Panama Papers at Mossack Fonseca saw over 11 million files leaked to a worldwide consortium of newspapers 1. The direct effects of this data leak have resulted in the resignation of the Icelandic Prime Minister due to public pressure and this is only the beginning of implications for those involved in the leak. To date, over sixty heads of state and politicians are implicated including the football’s world governing body, FIFA. With investigations into the leak ongoing, it serves as an important reminder as to the serious consequences associated with data breaches. An increasing trend is the number of detected information security incidents, as well as an escalation in the severity of these incidents with the financial services one of the three most targeted industries for information security attacks 2. A study by the UK Government in late 2015 polled 664 large and small businesses and found that 90% of large organisations and 74% of small businesses had been involved in a security breach over the course of the year with this figure dramatically increasing from 2014 3. This finding was also validated by a PwC report, which saw a 38% increase in detected information security incidents 4. Also trending is a marked increase in the spending on information security by companies. A survey of 10,000 senior Information Security Managers by PwC found that information security spending increased by 51% in the technology sector and 14% within the financial services sector from 2015 5. Reputational damage is a main concern for companies and as such, many have increased spending on security, as 41% of organisations surveyed say that damage to their reputation had the greatest impact 3. For example, Talk Talk, a paid television and telecommunications provider, suffered reputational loss as a result of their data breach in October 2015. YouGov, an international internet-based market research firm, suggested that the data loss negatively affected Talk Talk’s public perception by over 40 points 6. Additionally, there has been an increase in the number of devices
  • 3. Hiring Trends within information security that are inter-connected which is often referred to as the Internet of Things. This is increasing the risk of networks being compromised and information being leaked 3. There is also a growing interest in the human element of information security. Technology alone cannot entirely secure an organisations information, and as such, the human aspect of an organisation needs to be taken into consideration. Increasingly organisations are sharing intelligence reports on information security threats, with their staff able to be informed and compliance boosted as a result 2. The UK Government 2015 report found that 81% of large organisations and 27% of small organisations found there was an element of staff involvement in some security breaches, with reasons ranging from inadvertent human error, lack of staff awareness and weaknesses in vetting individuals 3. Hiring trends within information security At Huxley, our holistic approach to the banking and financial services industry has allowed us to provide a broad global knowledge and localised expertise to our customers for over 20 years. In those 20 years, we have seen an evolution in the industry and are now firmly placed to enter the next phase of growth in the industry, that being information security within the financial services and the technology sectors. A survey from PwC found that information security spending increased by 51% in the technology sector and 14% within the financial services sector in 2015. 2. This increase has led to the demand for workers exceeding the current supply. A Burning Glass study of job boards in 2014 and 2015 found that there were 50,000 job postings in the United States for professionals requiring a CISSP qualification, this equates to 75% of all professionals who hold this qualification in the United States 7. Similar findings were apparent across the Atlantic. An EMEA study of 1000 information security managers reportedthat over 60% experienced significant obstacles and disruptions in implementing desired security projects due to the lack of staff expertise and inadequate workforce8 9. The current breakdown of permanent and contract hiring in the UK shows that the majority of the job roles advertised on IT specific job boards is permanent with the number of permanent roles advertised over the first quarter of 2016 at 1,977, an increase of over 100% from the same period in 2015 10. Contract roles have also seen an increase although not as high as the permanent market, with 407 jobs posted in the same period, also an increase of over 100% from the same period in 2015 10. We have also seen a dramatic rise in the number of Chief information Security Officers (CISO) as well as an increase in the responsibilities associated with these roles. Historically, information security was considered within the domain of the IT department, however, high profile financial losses and reputational damage at large companies has escalated this issue to become a central focal area at board level. Consequently, there is now greater demand for Senior Information Security Managers, with C-level stakeholder management skills to enter a company and translate technical requirements and processes into simple business language that can be easily understood and appropriately actioned. This demand puts CISO’s in a strong position to negotiate remuneration packages albeit this is subject to the size of the company 11.
  • 4. Hiring Trends within information security These hiring trends have not only had an impact on the number of open jobs currently available but also the average salary of professionals within the marketplace. A representation of the predicted average salary for information security professionals for both permanent and contract roles can be found below. 50 50 95 100 160 190 75 75 120 140 180 210 100 100 160 180 200 250 0 50 100 150 200 250 300 IT Security Risk Manager Information Security Project Manager Director of Cyber Security CISO (Small to Medium enviroment) Regional / EMEA CISO (Large enviroment) CISO / Group CISO (Large Enviroment) Predicted base salary of permanent information security professionals - managerial roles (thousands) High Level of Experience Average Level of Experience Low Level of Experience 45 50 50 70 60 75 75 100 110 110 130 140 0 20 40 60 80 100 120 140 160 Cyber Security Consultant (eg Big 4 / Security consultancy) Technical Assurance Analyst / Pentration Tester Cyber Security Engineer Cyber Secuirty Architect Predicted Base Salary of Permanent Information Security Professionals - Hands on / Technical Roles (thousands) Low Level of Experience Average Level of Experience High Level of Experience
  • 5. Predictions for the future Predictions for the future As the services we use and how we interact, become increasingly digitised in modern life, we are contributing to an ever-increasing amount of data that has the potential to be compromised. Often referred to as the internet of things (IoT), the growth in the number of interconnected devices we use is increasing the potential risk of security breaches. At Huxley, several trends are becoming apparent giving weight to our predictions for the future. Firstly, a significant increase in the number of detected attacks that may or may not rely on or include a human element, of which, companies will increase reporting on, as well as changes in strategy and tactics that companies will be developing and deploying in an attempt to protect and secure their information. The second trend we are seeing in the market is a break out of niche information security companies within the information and cyber security sectors. These companies are following the banking and finance industries movements, as it looks highly unlikely that the static, large solutions vendors will be on the cutting edge of information and cyber security within five years. It will more so be the nimble start-ups and small to medium sized tech companies who will be the innovators of these sectors. We believe that within the next five years, companies will be able to decide from a broad range of solutions and services that will be provided by a wide variety of vendors. 350 400 450 500 400 500 700 450 500 600 600 600 700 800550 700 750 700 900 900 1100 0 500 1000 1500 2000 2500 3000 Cyber Security Analyst Cyber Security Project Manager Technical Assurance Analyst / Pentration Tester Cyber Secuirty Manager Cyber Security Consultant (eg Big 4 / Security consultancy) Cyber Secuirty Architect Interim Head of Cyber Security Predicted base salary of contracted information security professionals (Day Rate) Low Level of Experience Average Level of Experience High Level of Experience
  • 6. Thoughts from the industry Lastly, the importance of authentication and identity management will grow considerably in the future as spending increases within this space. With this spending increase, companies will need to ensure that security doesn’t weaken the ability to operate and communicate internally or externally. If a breach occurs within the company’s authentication and identity management systems this could result in devastating information losses from all levels of the company. Thoughts from the industry “Information security standards need to be directly considered against the organisations core business, there cannot be a one size fit all approach to information security. If this is not done correctly it can lead to conflicting standards and a reduction in compliance.” Information Security Implementation Consultant, Medical Consultancy. “Information security requirements need to be translated into business language not only to enable boards to understand what is required, but to also help get C-level buy in, into information security transformation programs.” Regional CISO, Automotive Industry. “In the last 3 years I have seen a dramatic rise in the sophistication and severity of external threats that my company faces.” National CISO, Insurance Industry. “The attitude in relation to information security has changed dramatically in recent years from something that was considered more of a tick box exercise to something that is now integrated very early on in the decision making process, all the way up to C-level.” Senior Information security Consultant, Big 4. “A vital part of effective information security is to consider security implications of merging or interlinking systems with third parties. One of the most important parts of this process is to ensure that both parties keep their systems up to date, with the latest software patches. If this isn’t done properly, it exposes both organisations to huge security risks. Many information security breaches can be ultimately blamed on the linking of services without ensuing all systems are fully updated beforehand.” Technology Director, Investment Bank. “Looking towards the future, I foresee the need to move to an employee centric approach when considering information and cyber security with staff training becoming more and more central to an organisations information security.” Regional CISO, Insurance Industry. “No business can be made completely secure, but rather information security needs to be considered as a business value add, with consideration given to precisely what you need to keep secure within the remit of the budget.” Senior Information security Consultant, Big 4. “In the near future, I foresee the need for information security governance to become more centralised. Previously, the departmental model worked effectively, but in a time with increasingly constrained resources and an increase in the number of detected attacks, efficiencies need to be maximised. These efficiencies come from having a limited number of centrally certified products and architectures that can be monitored and maintained centrally ensuring all the upgrades and patches are kept up to date.” Senior Information Security Manager, Investment Bank. “In the coming months, I foresee the need for a more holistic approach in monitoring threat levels across an organisation, through a focus on cyber security and intelligence software to help combat the mounting threats faced by organisations.” – IT Security Specialist, Online Photo Printing Company.
  • 7. 1. Panama Papers Q&A: What is the scandal about?, April 2016, BBC, http://www.bbc.co.uk/news/world-35954224 2. IBM X-Force Threat Intelligence Report 2016, February 2016, IBM, http://www- 03.ibm.com/security/xforce/downloads.html ( Put somewhere in the report) 3. 2015 Information Security Breaches Survey, 2015, HM Government, http://www.pwc.co.uk/services/audit-assurance/insights/2015-information-security- breaches-survey.html 4. Turnaround and transformation in cybersecurity – Key findings from The Global Sate of Information Security Survey 2016, 2016, PwC, http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html 5. Insurance 2020 & beyond: Reaping the dividends of cyber resilience, 2016, PwC (Stephen O’Hearn), http://www.pwc.com/gx/en/industries/financial- services/insurance/publications/insurance-2020-cyber.html 6. It’s bad for Talk Talk, October 2015, YouGov, https://yougov.co.uk/news/2015/10/27/its- bad-talktalk/ 7. Job Market Intelligence: Cybersecurity Jobs, 2015, 2015, Burningglass, http://burning- glass.com/research/cybersecurity/ 8. Cybersecurity job market to suffer severe workforce shortage, 2015, CSO Online, http://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures- 2015-to-2019-indicate-severe-workforce-shortage.html 9. 5 information security trends that will dominate 2016, Dec 2015, CIO, http://www.cio.com/article/3016791/security/5-information-security-trends-that-will- dominate-2016.html?page=6 10. ITJobsWatch - Cybersecurity Jobs, 2016, ITJobsWatch, http://www.itjobswatch.co.uk/jobs/uk/cyber%20security.do#demand_trend 11. Securing the C-Suite, 2016, IBM , https://www- 01.ibm.com/marketing/iwm/dre/signup?source=ibm- WW_Security_Services&S_PKG=ov43890&S_TACT=000000NJ&S_OFF_CD=10000252&ce=IS M0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US Footnotes
  • 8. Key Contacts For more information about contractual recruitment please contact: Daniel Navazesh Business Manager Contract Sales Email: d.navazesh@huxley.com Telephone Number: 0207 469 5151 This report has been written by consultants that are market specialists actively working within this market, as part of a market intelligence drive to inform businesses and professionals within the regulatory change space. Research conducted by Alexander Goodwin. Email: a.goodwin@huxley.com Telephone Number: 0207 469 5151 For more information about permanent recruitment please contact; Sachin Gupta Business Manager Permanent Sales Email: s.gupta@huxley.com Telephone Number: 0207 469 5151 Alexander Goodwin – Researcher Email: a.goodwin@huxley.com Telephone Number: 0207 469 5151 Alexander Goodwin – Researcher Email: a.goodwin@huxley.com Telephone Number: 0207 469 5151