The cybertalent crunch
Cybercriminals surely don't set out to foster job growth. Still, their actions have inspired an extraordinary hiring boom in the cybersecurity sector, as organizations worldwide scramble for project talent that can secure data and thwart hackers. For project managers specializing in cybersecurity or those looking to enter the sector, it's very much a job seeker's market.
There are 1 million unfilled information security jobs around the world, according to Cisco's 2015 Annual Security Report. And an additional 1 million cybersecurity jobs will be created between 2014 and 2017, according to the International Information System Security Certification Consortium. “The severity of the shortage is profound,” says Ken Daubenspeck, founder, Daubenspeck and Associates, a Chicago, Illinois, USA-based executive search firm.
For cybersecurity practitioners, the shortage means their skills are in demand—and their jobs are more difficult. When organizations have no choice but to hire inexperienced candidates to fill team vacancies, that puts pressure on project managers, says Peter Tran, senior director, worldwide advanced cyberdefense, RSA, Bedford, Massachusetts, USA.
“Because there is such a shortage of really good, skilled practitioners, our project managers end up having to bootstrap it,” he says. “They have to become on-the-fly experts just to get their projects through.”
Given the lack of experienced talent, Mr. Tran's firm has given project managers broad authority to keep its initiatives on track.
“We're starting to see lift in multi-threaded projects where the project manager oversees several different teams—the infrastructure side, the security side and the implementation side,” he says. “It's not easy, because you're going to have some juniors along with a couple of rock stars. The key is knowing how to blend those complementary players appropriately.”
“We're starting to see lift in multithreaded projects where the project manager oversees several different teams—the infrastructure side, the security side and the implementation side.”
—Peter Tran, RSA, Bedford, Massachusetts, USA
Building a team with the right mix of skills can require creative recruitment, given that junior-level candidates often lack formal training. Rather than study cybersecurity in college, many learned on the job either as IT professionals who gravitated toward security work or as gray-hat hackers. (Rather than maliciously violate an organization's cyberdefenses, gray-hat hackers may do so to call attention to vulnerabilities.) Such hackers are often highly skilled, but have checkered resumés. They're in high demand, however, as organizations search for forensics specialists who can reverse-engineer attacks.
“You're looking for people who have skills that in many cases were developed by doing things that are not necessarily legal and certainly ethically dubious,” says Evan Lesser, the Atlanta, Georgia, USA-based co-founder and managing director of ClearanceJobs.com, which connects job seekers to positions requiring government security clearances. “That makes the search incredibly difficult and complicated when considering security clearance suitability.”
In response to the challenging hiring environment, some organizations have begun building their own cybersecurity talent pipeline from scratch. The security firm Symantec estimates that 20 percent of cybersecurity jobs in the United States could be filled by candidates without prior sector experience or even a college degree. Last year, the organization launched the Cyber Career Connection, a yearlong training program to prepare job seekers for cybersecurity careers. It consists of six months in the classroom, followed by a six-month internship with Symantec or another firm. The program's first class will graduate in September 2015.
For the sector's middle tier, where salaries are rising quickly, observers expect a growing number of IT professionals to begin specializing in cybersecurity. Yet fully staffing a project team may be the easy part for organizations—the tougher hurdle may be finding the right talent to lead complex, high-stakes security projects.
For that reason, Mr. Tran says project management is critical to the industry's future—and even experienced professionals stand to benefit from project management training. “To enhance a security analyst's ability to effectively manage client engagements, you invest in getting them a Project Management Professional (PMP)® credential as part of their career development,” he says. —Steve Hendershot
JUNE 2015 PM NETWORK
PM NETWORK JUNE 2015 WWW.PMI.ORG