A new year is upon us and many people have been asking for my insight into the 2019 cybersecurity job market. Unfortunately, talent acquisition and retention statistics did not improve in 2018 and I do not see them improving in 2019. Job searching is broken and our industry lacks succession planning. We will not see these statistics change until these two problems are solved. 2019 will bring significant uptick in the types of roles detailed below. Remember to put agency staffing dollars in your budgets, you will not find these people on your own.
- AI will influence Threat Intelligence roles – AI utilization is increasing by defenders and attackers. Attackers are leveraging AI for targeted attack reconnaissance, exploit discovery, attack automation and potentially attacking AI defense. Defenders are utilizing AI simulated attacks and data to better understand environments, attack avenues and threat profiles. Threat Intelligence roles will play a significant part in the AI intelligence validation, threat discovery iterations and risk management measures.
- IAM roles will have significant impact to organizations – The continuation of high-profile, data-rich breaches in 2018 exposed over 22 million user credentials. Two-factor authentication and enhanced authentication mechanisms are the default configuration in 2019. Managing Identity and Access to accelerate business operations in the hybrid on-prem/cloud data, services and application model will be business critical role in 2019.
- IoT and OT roles are becoming more critical – The number of IoT and OT technologies in enterprises is likely to outnumber traditional IT assets. Insert the adoption of 5G capable IoT/OT in the workplace increases attack surface, data volume and privacy issues. Roles focusing on IoT/OT DevSecOps, security architectures and threat detection will be an in demand expertise in all critical infrastructures.
- Increase in Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR) continues to grow in 2019 – Organizations are lacking the resources to provide the necessary prevention, detection, analysis, response and complete security hygiene for the endpoint. The gap in cyber endpoint expertise is needed in the across all industries and by the managed service providers companies are turning to for 24/7 cybersecurity coverage.
- Existing cybersecurity regulations will have impact, new regulations and legislative activity are on the horizon – 2018 marked the effective date for the EU’s GDPR and served as a final push for compliance at many companies or the beginning of a compliance journey for others. 2019 will increase the focus on regulatory compliance as industries and C-level executives react to GDPR penalties resulting from complaints filed in 2018, the California Consumer Privacy Act becomes effective in 2020, and the introduction of a senate bill titled Consumer Data Protection Act includes strong penalties if privacy violations occur.
Happy New Year and thanks you for all your love and support,
Deidre Diamond aka The Wise Owl