
Making predictions for the coming year is especially tough in an industry like cyber security. The threat landscape is huge and offensive, and the sophistication of attackers is improving rapidly.
As a result, the information security industry experiences extreme pressure to keep up with ever-increasing cyber risks. This leads to the industry evolving and changing at an unusually fast pace.
These rapid changes in the industry make it hard to see or asses every trend. Still, there are some industry issues and trends we are able to foresee, including the skills shortage, the gender gap and the effects of Brexit.
Despite the skills gap growing within cyber security, do not believe exaggerated figures like ‘0% unemployment.’ At any given time, our consultants can speak to a number of competent and experienced security professionals who have found themselves out of work. That being said, the problem isn’t a skills shortage, but rather a hiring shortage.
Throughout the next year, we will likely witness companies struggle to fill roles in their respective security teams as they all compete for the same top talent. As such, salaries will likely continue to increase, and will continue this way until companies begin training and promoting in-house.
With the market being particularly competitive for permanent employees, factors such as speed-to-offer and engaging candidates with the security roadmap will likely become decisive. A well-defined role with a vision for the medium-term is an essential part of attracting and retaining security professionals. Given the importance of the industry and the responsibility that comes with the job, it is only right that we understand the strategy and commitment of the employer.
The industry is slowly moving in the right direction, with the percentage of women in the cyber security work force up from 11% in 2013 to 20% some 5 years later. However, it is clear there is still a long way to go. Throughout the past year, tales of sexual indiscretions and inappropriate behaviours reverberated around major industry events. This, of course, is not limited to the cyber security industry. Instead, it’s spread across nearly all industries.
After the #MeToo movement, it has become clear that societal perceptions of women in the work place are still unacceptably sexist.
As an industry, we need to be vigilant in deterring any form of this sort of behaviour. If we cannot overcome this imbalance, we risk not only driving away those already in the industry, but also deterring the next generation of cyber security professionals. And, given the skills shortage, we should have even more motivation to combat it. By improving the percentage of female information security professionals, this gap will hopefully be nudged closer.
Fortunately – broadly speaking – in security, we are fortunate to have acknowledged there is a problem. As a result, there have been numerous membership organisations and groups discussing and campaigning for equality and to increase the number of women entering the profession. In the coming years we can hope that with these contributions and recognitions, attitudes will change and the percentage of women in the workforce will rise.
While we’re still waiting to see what the UK’s divorce settlement from the EU might entail, it is hard to make predictions for the coming years on the impact this might have on the industry.
An issue we are likely to face is the movement of data between the EU and the UK. In the event of a ‘no deal’ Brexit, the EU will effectively refuse to begin the process or preliminary discussions until the UK becomes a third nation. This would mean that companies will have to mirror GDPR into standard contractual clauses and may be required to appoint representatives overseas in the EU.
In the long-term, it will be imperative that the UK remains an attractive destination for European professionals as trade agreements will remain commercially attractive enough to continue drawing organisations to base themselves here. Deal or not, new agreements and legislation will come eventually, so any worse case scenario is likely to be temporary.
The UK will continue to host international companies, and we will (for now) continue to be Europe’s biggest data market. In a logical world, security teams should be based where the data is. You would also expect companies to continue using the infrastructure and personnel they have already invested in where and when possible.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.