The top 4 IT security hiring priorities and in-demand skills for 2019

IT security talent is by no means cheap, as with all niche, in-demand talent groups in today’s candidate-driven market. But the real question business leaders are starting to ask themselves is whether they can withstand the cost of failing to catch a cyberattack in time because they lacked the qualified talent.

Over a billion people were affected by enterprise data breaches in 2018. From Marriott International to Facebook and Uber, no company is too large to escape the threat of increasingly sophisticated, data-focused cyberattacks. And consumers aren’t the only ones taking notice. The EU’s recent GDPR legislation is one attempt to reign in the mass consumer data collected by companies across all industries, which in turn makes it vulnerable to cyberattacks, and give more control back to consumers.

When it comes to 2019 enterprise hiring priorities, these facts alone make it clear nothing should come before security hiring needs. Yet, 84 percent of IT security decision-makers surveyed reported their company could be more secure, according to Mondo’s recent IT Security Guide. To help you know where to start, here’s a look at the top four IT security hiring priorities for 2019 and the in-demand roles for each specialization area.

1. InfoSec

It’s no surprise that according to CIOs, security and people/talent top the list of core investment priorities for 2019. For IT security specifically, Information Security (InfoSec) ranked as the primary IT Security hiring priority for the next 12 to 18 months among decision-makers, according to Mondo’s IT Security Guide. Enterprise executives are taking note of the increased risks and PR damage associated with data breaches given the increase in coverage of these types of cyber attacks at major tech giants and global organizations in 2018. Additionally, the increased access and use of sensitive consumer data by various departments in a given business is providing hackers with new access points and vulnerabilities to exploit, resulting in an increased demand for enhanced InfoSec investments.

As a result, Information Security Analysts, Engineers, and Manager roles are the in-demand positions for this high-end skill set. Information Security Analysts are the most affordable position in this group with an average salary range of $90,000 to $125,000, according to Mondo’s 2019 Salary Guide. Whereas more advanced skill sets will require a more significant investment in qualified talent. Information Security Engineers net an average salary of $114,440, according to Glassdoor, but can climb up to $148,000. Information Security Managers have the highest national average salary range of $120,000 to $185,000 given their responsibilities to manage entire departments and make strategic data security decisions for the business.

2. Network/infrastructure security

The increase in nation-state cyberattacks has prompted increased investments from enterprise executives in both InfoSec and network/infrastructure security. As the weaponization of AI makes large-scale cyberattacks more frequent and more effective, businesses are looking to secure their networks and infrastructure from these evolving and emerging types of attacks, along with more sophisticated attacks using conventional methods like malware. After all, the best way to protect your business and the growing number of devices used by your workforce is to secure the network they operate on. If hackers can’t get in, they can’t do damage.

Hiring for both Network Security Admins and Engineers is on the rise with average salary ranges of $85,000 to $115,000 and $115,000 to $172,500, respectively. If your business is debating which role to onboard due to budget restraints, consider prioritizing the in-demand role of the Network Security Engineer as it’s more directly involved with identifying and protecting against ongoing attacks, along with building more secure defense systems within the network. Engineering roles were also highlighted as the second most challenging role to hire for in the field, based on reports from IT security decision-makers in Mondo’s IT Security Guide, meaning it’s better to start hiring for this role before threats arise as opposed to doing so when facing an ongoing attack or new vulnerabilities.

3. Application security

Today’s enterprise organizations rely on an array of business applications to manage the work and compile the reporting needed by a variety of departments. As the number of business apps your company relies on grows, so does the number of potential access points for hackers. While not as crucial of a hiring need in 2019, compared to InfoSec or network/infrastructure security, application security is still a significant concern for business executives as hackers become more adept at gaining access to business applications and siphoning off sensitive business data for weeks or even months before being noticed. Or worse, as Equifax learned, these hackers may return for another attack if their initial attempt is successful.

Companies looking to elevate their application security should look to hire key Application Security Engineers. This is a more general role, but HMs can look to recruit and attract talent with experience securing the specific niche applications or specialization areas identified as the most vulnerable within your tech stacks. According to Mondo’s 2019 Salary Guide, the average salary range for this role is $120,000 to $182,500, based on level of experience and specialization area.

4. Cloud security

Last, but far from least, is the rising hiring need for cloud security. Our growing reliance across all industries, especially within the Tech sector, on third-party cloud solutions and cloud-based programs instead of costly server sites drives business efficiency, speed, overhead savings, and makes emerging developments like AI and ML possible. However, it also increases the threat of attacks on these data-rich resources and access points. Today’s businesses require talent versed in the latest best practices for IT security operations teams and cloud-based managed services, along with leading the adoption of new third-party security solutions across the organization and staying ahead of emerging threats. 

When it comes to cloud security hiring, the most in-demand role for 2019 is the Cloud Security Engineer. Given the wide-ranging responsibilities expected of this role and the ROI it provides in terms of protecting and defending against damaging and costly attacks, the average salary range for this role is $145,000 to $215,000, according to Mondo’s recent placement data. Expect to pay a premium for talent located in Tech talent hotspots like San Francisco or New York City with proven experience in top cloud solutions.

IT security talent is by no means cheap, as with all niche, in-demand talent groups in today’s candidate-driven market, but the real question business leaders are starting to ask themselves is whether their business can withstand the cost of failing to catch a cyberattack in time due to a lack of qualified talent. For many, that answer is no. But, alternative talent sources, like contractors, provide businesses ranging from startups to mid-sized companies with the ability to secure and afford the talent necessary to ensure their most valuable asset — data — remains secured in 2019 and beyond.

Copyright © 2019 IDG Communications, Inc.

Download CIO's Roadmap Report: 5G in the Enterprise