Demand for cybersecurity talent spikes in COVID-19 era

In this time of disruption, many people are looking to expand their job skillset and find ways to either shore up their current positions or take on entirely new careers. As some sectors are hit hard by the pandemic, such as hospitality and retail, many people are looking to find a more stable place to build their future.

At the same time, organizations see increased demand for specific job skills, particularly cybersecurity know-how. According to the World Economic Forum, 2020 is a turning point for the cybersecurity field as more data will be created and collected than ever before. The coronavirus pandemic also poses the risk of increased cyberattacks as remote work continues indefinitely, and hackers target people who now depend on personal devices to do everything from order groceries to do a COVID-19 pre-screen before going to a spa or dentist.

As much as cybersecurity job skills are growing in demand, entering the world of cybersecurity means understanding various types of certification and how they are viewed by employers. As pointed out by the certification body (ISC)2, a broad set of skills are required beyond job experience. An investment in training is needed to build a foundation — and that learning involves acquiring both technical and soft skills.

In 2018-2019, cybersecurity skills topped the list of skills shortages in IT departments according to a survey by Enterprise Strategy Group, an IT analyst and strategy firm — 53 per cent of survey respondents indicated a problematic lack of cybersecurity skills at their organizations with IT architecture/planning skills ranking second at 38 per cent.

Finding the right training

Ferris Adi is a cybersecurity instructor with the University of Toronto School of Continuing Studies and Director of Academic Partnerships at ISC2 Toronto. He says the demand for cybersecurity professionals is increasing as organizations need help to support remote workers due to a recent surge in cyber threats. As companies continue to operate in a climate of uncertainty, he says they need to continue to adopt new security practices to succeed in today’s “new normal.”

Adi teaches the Cyber Security Program Design and Certified Information Security Manager (CISM) examination training program, and he serves as a certified trainer for the Information Systems Audit and Control Association (ISACA) exams. The students in his program are often looking to launch a new career.

“I have students who want to change their career after being with the same employer for 10-15 years. Based on experience, they may need to get a security designation. Once they get the certification, it will help them land another job,” he says.

Obtaining a cybersecurity certification can provide the necessary technical training and business context, as well as give learners insight into what jobs are available and what interests them.

“The university program gives you the opportunity to explore and learn about certain aspects of security such as governance and compliance as well as risk management and security frameworks such as ISO 27001 and NIST (National Institute of Standards and Technology),” says Adi.

While most cybersecurity professionals have a background in IT, those with physical security training can enter the field of cybersecurity with the right combination of skills and  training.

“Everyone starts somewhere, and you can always get an entry-level position to start your cybersecurity journey and career,” says Adi. “Cybersecurity certifications such as CISSP, CompTIA Security and Certified Ethical Hacker can put you on the fast-track towards a cybersecurity position.”

The Certified Information Systems Security Professional (CISSP) designation is in high demand and mandatory if you want to land a manager or director role.

“There is significant competition among candidates because a lot of people are writing the exams for CISSP as well as CISM designation,” says Adi.

There is also a growing demand for cloud security certifications such as AWS Amazon, Certificate of Cloud Security Knowledge (Cloud Security Alliance), (ISC)2, and Certified Cloud Security Professional (CSSP).

As is the case with so many aspects of providing a core service to an organization, understanding the business you will be working in is also critical.

A need for soft skills

“It’s the first step towards being a good security professional because even with CISSP, the expectation is that the person will interact with the CIO and CFO. You will have to be able to explain technical aspects of security products in business language because at the end of the day, it’s an investment, and senior management has to understand the return on investment,” says Adi.

In terms of demand for cybersecurity professionals, it depends on the sector and the kind of role, says Josh Darby MacLellan, Senior Cyber Threat Intelligence Analyst with CIBC who started his career in the physical security side and moved into cybersecurity.

“I have seen a current trend towards a need for those with cloud security knowledge, and some dedicated certifications for cloud security are available, including from (ISC)2 — CCSP (Certified Cloud Security Professional),” he says.

For those exploring cybersecurity opportunities, a certification from a reputable body like (ISC)2 would be an excellent place to start, says MacLellan. ISACA, an international association focused on IT governance, also has six certifications.

“For people starting out, I recommend looking at GIAC certifications, and the other one is from CompTIA — Security+, which is a good first step,” he says.

Another good move for beginners is to review the job descriptions of cybersecurity positions to see which certifications are in demand by employers. LinkedIn is a great resource for finding job descriptions. Additionally, cyber certification discussions and frequently asked questions about the sector can also be found on Reddit. Schools of continuing education across Canada also offer training programs backed by credible certification bodies.

Both employers and certification bodies value experience, but that shouldn’t discourage young professionals. For instance, to become a full CISSP, you also need five years of paid cybersecurity work experience in two or more of the eight domains of the CISSP CBK. However, someone who doesn’t have the required experience may become an Associate of (ISC)2 by passing the CISSP exam. They then have six years to earn the five-years of experience required.

What about the money?

According to LinkedIn, professionals with the title cybersecurity specialist can earn a base salary of between $58,000 and $118,000. Pay varies by geographic region, job title and responsibility, but some include:

• Information Technology Security Analyst $70,400
• Information Security Analyst $65,000
• Network Security Analyst $69,500
• Senior Information Security Analyst $83,000

Making the transition into cybersecurity could be the right path forward for those looking to translate their current understanding of risk mitigation into protecting against the threats that linger in the IT realm both internally and externally to an organization.

With the threat level continuing to evolve in so many organizations as COVID-19 drags on and the nature of how business gets done morphs, the demand for cybersecurity professionals with current skills will always be needed in the job market.

Jennifer Brown is the Editor of CourseCompare.ca, a website for higher education that helps people find training programs across Canada based on their career goals and learning needs.