Demand for cyber security talent has exploded in recent years. According to Burning Glass, the number of cyber security jobs has grown 94 per cent in just six years. Suffice to say, there have been many changes in this sector over the years. We sat down with some of ARM's Cyber team to chat about this exciting and fast-paced industry.
What cyber used to look like
Eleven years ago, when cyber was just a buzzword, our Cyber team was a small part of the IT department. Three of the longest-serving members of the team: Tom (Sales Manager), David (Principal Consultant) and Claire (Senior Consultant), told us what the industry used to look like.
“When I joined the business," said Tom, "information security / cyber security was on the agenda for many of our clients, but in eighth or even ninth place. However, as the breaches became more mainstream and started to affect the general public, we saw the significance of information security and securing your data skyrocket. More importantly, nowadays, everything is technology based; your internet history and conversations are being tracked and recorded. Now cyber is one of the top three subjects, which is of course good news for me and my team!”
Claire agrees: “People used to recruit after cyber attacks had happened. Now, we work with clients to secure talent that will work to ensure they are doing their upmost to be proactive in preventing attacks and breaches.”
“When companies got breached six years ago,” David adds, “they did everything to keep it confidential, but now there’s a lot more awareness. Businesses must report certain types of personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach (ICO). Companies ask for help growing their teams in order to prevent their competitors attack from happening to them.”
Responding to cyber changes
As the market developed, along with demand, ARM grew this small IT sub-sector into a separate niches which operate globally:
- Identity and Access Management (IAM) & public key infrastructure (PKI)
- Threat & Vulnerability Management
- Cyber Security & Technology Sales
- Security Analysis & Operations
- Incident Response and GRC ( Governance Risk & Compliance)
- Network & Perimeter Security.
“Working in our niche sectors is how we develop both candidate and client networks," said Tom, "meaning that we can quickly ensure we are talking to the right people, as opposed to jumping between different skill sets. That said, we always look to grow new sectors and plan to do this over the coming months."
Tom went on to say: “As well as building up candidate networks, our niche sectors ensure that we are aware of trends around geographical hotspots for talent, salaries and day rates alongside new technologies, certifications and practices.”
Candidate shortages - and building relationships
Today, however, the main difficulty is helping clients secure the right talent, even once they have been identified.
“There is a shortage of talent, so in most cases we have candidates with two to three opportunities on the go, either via us, other consultanices or direct with clients,” Tom laments. “Therefore, we are keen to create long-term relationships with both clients and candidates, to ensure there's trust and understanding between the parties, which then result in successful placements.”
James, our pen testing consultant, agrees: “Candidates in my area are usually very into geek culture - just like me! I like to think candidates trust me and we build long-lasting bonds, because we think very similarly and they hopefully see how knowledgeable I am. Hopefully they will work with me because we have this common ground and trust."
The team estimates that around 70 per cent of their work is based on getting to know candidates' strengths and interests, partnering them up with the right organisations and providing training where needed. In certain areas, candidates need to exhibit competence in a specific area, e.g. have relevant experience or knowledge of frameworks and legislation. In general, though, the team focuses on candidates' attitudes, as opposed to experience, to maximise the potential for clients.
James has a perfect example: “One guy I worked with had no real world experience in penetration testing, but had a military background and an OSCP certification. These two attributes, combined with his enthusiastic, infectious personality and naturally consultative behaviour, helped him to secure a role in the cyber security industry over other more traditionally skilled candidates, due to the potential that he demonstrated.”
Invest in knowledgeable people
Of course, the biggest risk to everyone will always be the bad guys - those who invent new, potential threats again and again, so there’s no metaphorical finish line in solving the problem. That's precisely why businesses must not rely solely on technology, but invest in knowledgeable staff, after all, it's people who offer the next level of protection.
Meanwhile, the Cyber team continues to find talent, provide insights and help businesses future-proof themselves against whatever might be lurking around the corner.
“We're always open to hiring new talent, but I look for people who are really passionate about their sector," Tom concludes. "You have to want to learn, read articles and really listen to your clients and candidates. Recruitment can be relatively simple once you understand your marketplace, but that takes time and you are always developing that knowledge. Technology never stands still so we have to be agile and always take steps to increase our knowledge.”
If you'd like to be part of our team, check out our latest vacancies or email our internal recruiter: firstname.lastname@example.org.