By Deidre Diamond, Founder and CEO, CyberSN
A new year is upon us and many people have been asking for my insight in to the 2019 cybersecurity job market. Unfortunately, talent acquisition and retention statistics did not improve in 2018 and I do not see them improving in 2019. Job searching is broken and our industry lacks succession planning. We will not see these statistics change until these two problems are solved. 2019 will bring significant uptick in the types of roles detailed below. Remember to put agency staffing dollars in your budgets, you will not find these people on your own.
1AI will influence threat intelligence roles
AI utilization is increasing by defenders and attackers. Attackers are leveraging AI for targeted attack reconnaissance, exploit discovery, attack automation and potentially attacking AI defense. Defenders are utilizing AI simulated attacks and data to better understand environments, attack avenues and threat profiles. Threat Intelligence roles will play a significant part in the AI intelligence validation, threat discovery iterations and risk management measures.
2IAM roles will have significant impact on organizations
The continuation of high-profile, data-rich breaches in 2018 exposed over 22 million user credentials. Two-factor authentication and enhanced authentication mechanisms are the default configuration in 2019. Managing Identity and Access to accelerate business operations in the hybrid on-prem/cloud data, services and application model will be business critical role in 2019.
3IoT and OT roles will become more critical
The number of IoT and OT technologies in enterprises is likely to be more than traditional IT assets. Insert the adoption of 5G capable IoT/OT in the workplace increases attack surface, data volume and privacy issues. Roles focusing on IoT/OT DevSecOps, security architectures and threat detection will be an in-demand expertise in all critical infrastructures.
4Continued increase in managed detection and response (MDR) and endpoint detection and response (EDR)
Organizations are lacking the resources to provide the necessary prevention, detection, analysis, response and complete security hygiene for the endpoint. The gap in cyber endpoint expertise is needed in the across all industries and by the managed service providers companies are turning to for 24/7 cybersecurity coverage.
5Existing cybersecurity regulations will have impact; new regulations and legislative activity are on the horizon
Year 2018 marked the effective date for the EU’s GDPR and served as a final push for compliance at many companies or the beginning of a compliance journey for others. The year 2019 will increase the focus on regulatory compliance as industries and C-level executives react to GDPR penalties resulting from complaints filed in 2018, the California Consumer Privacy Act becomes effective in 2020, and the introduction of a senate bill titled Consumer Data Protection Act includes strong penalties if privacy violations occur.
The opinions expressed within this article are the personal opinions of the author. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.