Management is scrambling to bring on staff that can help ensure the integrity of their computer systems and data stores.
Data breaches are costly – in revenue and reputation – and organizations are actively looking for talented professionals who can help protect their data stores. Data security has become an urgent priority for business. Boards of directors have finally realized that without highly skilled cybersecurity expertise on staff, their organizations face increased risk, unbudgeted expense and potential damage to their corporate reputations. Management in both the public and private sectors are scrambling to bring on staff that can help ensure the integrity of their computer systems and data stores.
As a result, data security talent is highly prized, whether in the field of finance, health care, government, education, national defense, retail or any of many other major industry segments. And reflecting the overall state of cybersecurity employment, demand far outstrips supply.
As an example, a report by the Bureau of Labor Statistics found that the role of security analyst is expected to grow by 18 percent by 2024, compared to an overall job growth rate of seven percent. Yet that sounds downright conservative compared to the projection made by U.S. News & World Report, which reported that the profession is growing at the rate of 36.5 percent through 2022. Similarly, IT security was named the third most in-demand skill for the next year by Computerworld in its IT Salary Survey 2016 Results.
Although crossover exists between data security and systems or network security, what distinguishes the former is its oversight of specific areas of IT operations: information leakage, privacy considerations, access control, data encryption and shared computing infrastructure.
Trends driving data security opportunities
Early in his career, says Randy Marchany, longtime chief information security officer for Virginia Polytechnic Institute and State University, much of the emphasis for cyber security and its training practices was on understanding how computer systems could be broken into and taken over. Now the attention is on protecting data and preventing others from stealing it. As he explains, “With all the major data breaches that have happened, a lot of what we’re trying to help students learn is how people can get to the data and how to design the defense against those types of attacks.”
As the number of cyberattacks increases, Marchany adds, so do the responsibilities taken on by people handling data security. Just as cyber criminals are relentlessly trying out new methods to get inside corporate systems, so must the security professionals in charge of protecting the data on those systems continually adapt to stay ahead of the bad guys.
Marchany, who is also a member of the faculty for Virginia Tech’s Online Master of Information Technology and heads up the university’s innovative Information Technology Security Laboratory, points to several trends driving up demand for people who can protect their companies’ data assets.
Security fundamentals haven’t gone out of style. As managed security service provider NTT Security stated in its Global Threat Intelligence Report for 2015, more than three-quarters (76 percent) of identified vulnerabilities turned out to be at least two years old — a sure sign that organizations need to make sure they get the basics — such as staying on top of system patches — right.
Phishing is making a comeback. It used to be easy for the informed email user to recognize fake emails. Bad spelling, poor grammar and odd formatting were clues indicating trouble. No more. “Spear phishing” — targeted attacks — provide just enough personalized information to convince the email recipient that the link embedded in the message is legitimate and that his or her password does need changing.
Effective security policies are collaborative. Organizations that develop their security processes in isolation face an uphill battle in getting users to adopt them. What’s needed is continual “consultation,” as Gartner advises, to draft a “sustainable” set of policies that make sense in the realm where people are trying to get their jobs done. It isn’t necessarily the most security-knowledgeable person who should develop the policies, but the one with a communicator’s touch.
Data breaches will happen; the smart companies are the ones prepared to respond. If well-protected JP Morgan Chase, Target, eBay and Anthem can suffer the ignominy of cyber break-ins, so can any other operation in the country. What will distinguish leaders from losers is the robustness of their processes for dealing with break-ins and theft. That same NTT Security analysis found that 74 percent of organizations lack formal incident response plans.
Staying informed is job one. As American corporations are increasingly pressured to share data with federal agencies and government officials in the European Union and the United States wrangle with privacy protections, new laws and border agreements are surfacing that govern the handling of personal data. Security professionals who excel will be those who know how to stay on top of evolving privacy regulations.
Virginia Tech’s Online Master of Information Technology program is offered jointly by the College of Engineering and the Pamplin College of Business. Ranked by U.S. News & World Report as the No. 2 “Best Online Graduate Information Technology Programs” the past four years.