Cyber – its value in the corporate world
The value of professionals in the cyber space cannot be underestimated. There is an open, flexible market with demand for personnel outstripping the available resources due to organisations, government and commerce, putting different labels on roles, which has a confudling effect around like for like roles.
The changing threat landscape
As recent events show, the threat from cyber is ever evolving: it is easy to buy 5m email addresses and send each of them an infected message, with a 1 in 1m chance of success. Ransomed hostage taking is a peculiar part of the criminal fraternity, not usually aggressive, but clever tactically, a grown up crime, hardly prosecuted, but believed to raise hundreds of millions in Euros across Europe each year. The Insider Threat accounts for more than 70% of intrusions. If security transgressions are managed solely in the information technology team, they may not join up the information dots in the broader sense of organisational risk. But there is often a big gulf on successful organisational application.
What price cyber protection?
With this changing threat landscape, those with responsibility for cyber have to effectively articulate to the boardroom how this will be managed, sensibly and within a budget. Human talent can be grown internally, as we see with GCHQ, the Police and our Services. But the rewards through a general shortage of talent soon attract them into the private sector. Is this a spike or a trend?
If we cannot reset fears of some corporate board members, then cyber protection will become a $20 bn annual spend on par with compliance.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) which applies from 25 May 2018 should also be of great concern to organisations, as the penalties for failure are more greatly enhanced than previous data protection regulations. Losing your data in a hacking attack will open the organisation to prosecution.
So, for the near to medium term, jobs within the cyber matrix will increase annually 2-3 times the rate of job inflation as corporations come to a sensible form of defence whilst trying to maintain a budget.
The latest Tech Cities Job Watch Report takes a closer look at the increasingly important IT Security sector. Some of the key findings include:
- Demand for permanent Big Data roles increased by 51.8% in 2016.
- Permanent Big Data salaries saw a sharp year-on-year increase of 4% across the ten Tech Cities.
- Average Big Data salaries and day rates were the highest out of the five tech disciplines – £67,399 per annum for permanent roles and £528 per day for contractor roles.
With rising salaries and an increased demand for professionals, cyber security is an incredibly attractive industry to work in now. These are the roles every cyber security professional should aim to achieve, from the SSR Personnel salary survey and IT Jobs Watch:
Chief Information Security Officer (CISO) from £115,000 – £135,000 average to £190,000
Responsible for establishing and maintaining information security for the entire company, CISOs need broad shoulders to support their varied high-stakes responsibilities. As the most senior security role, CISOs often face the blame for incidents and regularly resign over breaches. In over 50% of incursion cases they will part company with the organisation.
But for professionals prepared to manage the responsibility of this position, it can be immensely rewarding. The highest percentage change in salary across tech jobs was in the CISO role, up 4% in 2017.
The CISO role demands considerable experience, including high-level industry certifications like the Certified Information Systems Security Professional (CISSP) as one of the most widely-recognised and highly prized in the information security field. There is now a new syllabus that addresses cyber security and anyone that has aspirations of managing this function from physical security should invest 5 days in the training programme so that they can stand in front of the Board with credibility.
Head of Cyber Security – from £85,000 – £117,500 average to £135,000
It is estimated by the National Cyber Security Centre that over 50% of large UK firms were targeted by hackers in 2016, demonstrating a need for a permanent professional to oversee the cyber security of large operations. In some firms this is seen as a direct report to the Director of Security or on a par to the Head of Security.
The Head of Cyber Security fulfils this need by evaluating the organisation for potential vulnerabilities, detecting underway attacks and informing management, customers and law enforcement if breaches do occur. They will be responsible for external vendors and partners to ensure their security compliance. To validate their technical cyber security skills and to be a cyber security first responder, the performance-based CSX Practitioner Certification affirms your abilities, available through Information Systems Audit and Control Association (ISACA).
Lead Security Consultant from £52,500 – £80,000 average to £110,000
Security Consultants should be advisors, guides and all-round security experts, hired to develop strategies for effective security across an entire organisation. We see a good cross- over from forensic investigators. In the cyber role they are expected to perform vulnerability tests, research security standards and ensure the organisation is compliant, and deliver technical reports for non-technical employees. You will also expect the role to report on the appropriate response to any incursion in the IT space and development of robust policies.
Cybercrime and digital terrorist threats are not the anomaly that they once were. Indeed, Ciaran Martin, chief executive of the NCSC, has stated that ’stealing information for financial and political purposes is as old as human activity itself’, and that we need to demystify the assumption that cyber terrorists and criminals are ‘people sitting on computers in faraway places, that cannot be contested’, highlighting that it is an ‘incredibly damaging attitude’ to take.
Managing Director, SSR Personnel