A workforce shortage means healthy salaries for experienced cyber people. The Dice report states that the top five IT security salaries are: No. 1 lead software security engineer at $233,333; No. 2 chief security officer at $225,000; No. 3 global information security director at $200,000; No. 4 chief information security officer at $192,500; and No. 5 director of security at $178,333.
Sometimes a declining market will balance the job figures when there's a labor shortage. But that won't happen anytime soon in the fast-growing cybersecurity space. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020.
One answer may lie in cross-training IT workers and converting them to security specialists. Herjavec Group, a leading information security consulting firm headquartered in Toronto, Canada, has successfully employed the strategy. Herjavec Group acquired a few IT services companies and dabbled in storage before locking down on cybersecurity as its sole focus. They cross-trained the technical people from those acquisitions into cybersecurity. The company employs expert cybersecurity advisers, consultants, incident responders, engineers and security operations center staff - difficult positions to recruit for.
Automated security solutions from the vendor community shows promise for helping to reduce the cyber staffing dilemma. "Traditional manual approaches to cybersecurity are proving to be unsustainable." said Brett Helm, Chairman and CEO of DB Networks. "Intelligent IT security automation through machine learning and behavioral analysis is faster, more accurate, and frees up skilled professionals to focus on more critical issues."
A potential strategic response in the U.S. is to send more kids to cybersecurity school. U.S. colleges and universities offer excellent cybersecurity education and Masters Degree programs - and there is clearly a burgeoning job market for graduates. But parents will need to get involved and nudge their high-schoolers to think about a career in the field.
The U.S. will have to fill its hundreds-of-thousands of cybersecurity positions over the next decade. The options are cross-training our IT workforce and getting more young people in to cybersecurity school - or outsourcing those jobs to other countries.
Symantec is pursuing another option, which may spur a trend if it works. The National Association of Software and Service Companies (Nasscom), a non-profit trade association in the Indian information technology and business process outsourcing industry, and Symantec recently signed a pact to develop world class skilled and certified cyber-security professionals. The partnership will focus on developing five prioritized job roles in cyber-security along with a master training program which also has scope to fund scholarship for 1,000 women undertaking the cyber-security certification by Nasscom, according to a Nasscom statement.
Sign up for CIO Asia eNewsletters.