One in every seven cybersecurity analysts changed jobs last year, according to consulting firm Frost & Sullivan.
After a dozen years toiling in the world of computer security, David Raviv suddenly finds himself in demand like a Hollywood star. And, like any divo, he’s getting pickier about the roles he’ll take.
When a global corporation based in New York recently pitched the 41-year-old a $130,000 job with a 10% bonus for protecting computer networks from hackers, Mr. Raviv said no. He wouldn’t consider less than $175,000.
“That offer just isn’t where the market is anymore,” Mr. Raviv said. “No one good who accepted the job would stay long.”
Welcome to the real-time version of Revenge of the Nerds. Long dismissed as geeks with a penchant for obscure Dr. Who references, cybersecurity experts are now the hottest commodity in business—any business.
With hack attacks reaching record levels—an average of 15 uncovered per week last year, according to the Identity Theft Resource Center, up 28% from the prior year—corporations and the federal government are committing vast resources to combat ever more sophisticated intruders. JPMorgan Chase, for instance, vowed to double its annual security budget to $500 million after suffering a major hack last summer, and the Obama administration is seeking $14 billion from Congress for federal cybersecurity measures, 40% more than in 2013.
The flood of cash has unleashed an unprecedented scramble to find the relative handful of people with the skills to protect vast computer networks. Only 4,400 New Yorkers worked in information security last year, according to U.S. Labor Department data, but last week on LinkedIn more than 500 open positions were advertised, a number that is expected to grow even though many employers here elect to keep their network-protection squads in lower-cost locales. (Macy’s information-technology operation is in Atlanta.)
“There is zero-percent unemployment in our arena,” said William Pelgrin, CEO of the Center for Internet Security, a nonprofit that helps government agencies defend against hackers. Mr. Pelgrin said he hired a young man who arrived for his interview on a winter day wearing jeans and flip-flops. “In his defense, it was a warm winter day,” he said.
Cybersecurity analysts who haven’t updated their résumés in years say they regularly get offered positions; one in every seven changed jobs last year, according to consulting firm Frost & Sullivan.
In such an environment, pay is soaring and New York is at the heart of the frenzy for computer-security guys. (Nearly 80% of those who work in this profession are white males, according to federal data.) The average information-security analyst in New York was paid about $120,000 last year, according to federal data, and business leaders say big companies are now routinely offering 20% or 30% more, plus bonuses. Smaller firms are offering ownership stakes to attract and retain people. Joyce Brocaglia, CEO at recruiter Alta Associates, said she is negotiating packages “well in the seven figures” for top-level executives.
One sign of the talent wars’ intensity: MasterCard sued Nike earlier this year, alleging the apparel giant conspired with the credit-card company’s former information-security chief to poach cybersecurity employees. Westchester County-based MasterCard seeks $5 million in damages. “Talent in this rapidly growing area is limited, in demand and not well known,” MasterCard said. Nike is contesting the charges.
Such skirmishes stand to escalate. Only 16% of cybersecurity managers believe that at least half the job applicants they see are qualified, according to a study last month by ISACA, an information-technology trade group. More than a third of respondents said they simply couldn’t find anyone appropriate. Frost & Sullivan estimated the shortfall in workers will reach 1.5 million globally in five years.
Universities are attempting to fill the void by training students for entry-level jobs that typically pay $85,000, according to employers. New York University’s Polytechnic School of Engineering annually produces about 100 graduates with expertise in cybersecurity, said Nasir Memon, head of the Department of Computer Sciences and Engineering.
He added that people skilled in application security and security analytics—that means protecting massive databases or assessing threats—are most in demand. When NYU last conducted a survey three years ago, graduates with cybersecurity degrees were leaving school with more than two job offers each, on average.
One common job description is to serve as what’s called an ethical hacker, searching a client’s network for vulnerabilities and sounding the alarm when one is found. “I break s–t,” is how one such hacker defined his job. “Others try to heal it,” he added, referring to how some colleagues fix breaches or aim to prevent them from happening.
In either case, the work appeals to those expert in cryptography, computer forensics and mathematics. The downside is that the job can be stressful, owing to the never-ending nature of the hacker wars.
“It’s the kind of job where you feel you are under attack all the time,” said Mr. Raviv, who organizes the New York Information Security Meetup, a group of 1,000 professionals.
For corner-office types, the question has become: How to keep these in-demand employees satisfied so that they don’t defect?
Paying more is a good start, but guys who choose to devote their careers fighting hackers typically aren’t motivated by financial considerations alone. They want perks, too. Yet they tend to be unmoved by traditional tech-world goodies like flextime or company-sponsored happy hours or in-house yoga instructors. “I haven’t had anyone ask why we don’t serve gourmet pretzels at the cafeteria,” deadpanned Sam Visner, who oversees 240 cybersecurity experts at management-consulting firm ICF International.
Joe Silverman, who runs Manhattan-based New York Computer Repair, which helps protect companies’ firewalls, ramped up the perks and now provides his staff of 20 free breakfast, lunch and dinner, along with all the sweets, coffee and Red Bull they can consume. He also invites employees to take two- or three-minute “brain breaks” every hour and to keep personal computers at their desks so they can attend to private matters while working. “I don’t want my people to feel like they’re cut off from the outside world,” Mr. Silverman said.
ProactiveRISK Inc., a West Caldwell, N.J.-based firm, holds no-work Wednesdays when possible so its 25 employees, who are usually on call 24 hours a day, can go fishing together. “Why wait until retirement to have fun?” said co-founder Tom Brennan.
Still, for many, the best perk may be having time to play Capture the Flag, a sophisticated online version of the children’s game that has the same hold on cybersecurity experts as golf does on bankers.
“Capture the Flag is really an important thing for our people,” said John Pavone, CEO of Aspect Security, which specializes in protecting financial institutions against cyberattacks. “It’s a lot of fun, and keeps them sharp.” Tournaments for his 50 employees are a fixture of company retreats, with trophies handed out to the winners, including one shaped like a sledgehammer.
There may be no surer sign that the cybersecurity experts’ moment has arrived than the newfound attention they get from celebrities. Glee star Jane Lynch kicked off a trade show in San Francisco last month by tweaking the lyrics to a classic David Bowie song to express how angry she is at cybercriminals and ready for ch-ch-changes. “Work to save domains,” she crooned.
The star treatment is gratifying for cybersecurity veterans—and a long time coming. “Two years ago, our profession wasn’t sexy at all,” Mr. Raviv said. “And now look at this.”
Source: http://ift.tt/1KJNpXP
from cyber security caucus http://ift.tt/1GX72u8
via IFTTT
No comments:
Post a Comment