Now more than ever, employers in virtually every industry want — and need — to hire cybersecurity professionals. Organizations require their skills to help keep sensitive data and systems safe from malicious hackers, defend an ever-expanding security perimeter, and comply with increasingly stringent regulatory mandates related to data security and privacy.
Security is at the core of essentially every project an organization undertakes to accelerate its technology modernization and digital transformation efforts and build a more automated, cloud-based, data-driven workplace to support distributed teams. That is why tech leaders are under increasing pressure to assemble and maintain a deep bench of IT security expertise.
Cybersecurity professionals are hard to find in the hiring market, however — as are many other types of technology professionals with specialized skills. In a recent Robert Half survey, 95% of tech leaders said it is challenging to locate skilled candidates. More than half of technology leaders (55%) reported that they are worried their organization’s priority projects for this year could be at risk because they are grappling with staffing constraints.
Be on the lookout for these cybersecurity professionals
Navigating the cybersecurity skills gap requires tech leaders to prioritize upskilling and professional development, among other measures. Growing talent from within takes time, though, and it may not be an effective way to address urgent staffing needs related to cybersecurity.
So, technology leaders must remain vigilant for opportunities to compete for skilled candidates who emerge in the hiring market, especially those with relevant knowledge and experience in areas such as:
- Cloud computing
- Automation
- Programming (e.g., Python, PowerShell)
Hiring all or some of the five specialists described below can help you cover your cybersecurity bases. This list includes an overview of the typical responsibilities and valued skills and certifications for each role, along with an example of a must-ask interview question to pose to job candidates.
Systems security manager
When you recruit an systems security manager, also commonly referred to as a cybersecurity manager, you’re hiring someone to orchestrate your company’s information security measures. That includes overseeing the creation of IT security infrastructure, implementing policies and best practices, managing security audits and vulnerability and threat assessments, and preventing and detecting intrusion. Information systems security managers are also often tasked with creating and executing strategies to improve the reliability and security of IT projects, such as software development.
For this role, you’ll want to look for a candidate who has a strong technical background in systems and network security and at least five years of experience. Solid interpersonal and communication skills and leadership abilities are important to succeed in this role, as are standout analytical and problem-solving skills. This person should be well-prepared to manage a varied team of IT professionals that includes security administrators, architects, analysts and engineers.
IT security and other credentials to look for: Certified Information Systems Security Professional (CISSP), CompTIA Security+, Certified Information Security Manager (CISM), GIAC Management and Leadership Certifications
Must-ask interview question and why: Describe your experience with incident response management and disaster recovery planning.
Many companies look to their systems security managers to help develop IT disaster recovery plans for critical systems so they can ensure business continuity and minimize damage and loss. This question is essential to gauge a candidate’s readiness for emergency situations that disrupt operations, from ransomware attacks to natural disasters.
HIRING TECH TALENT? LET US HELP
Security architect
A security architect’s job is finding ways to stay one step ahead of all digital threats to the company’s network, from hackers and viruses to malware. A security architect can, essentially, come into your business, look at your IT security “house” (i.e., infrastructure) and recommend where and how to make improvements without compromising your business systems’ performance.
Security architects can perform testing to detect and monitor suspicious activity and analyze threats to help your business improve its IT security approach and reduce the risk of future attacks. Security architects are always thinking about future requirements and stay informed about relevant regulations that impact IT security. These cybersecurity professionals need strong interpersonal, leadership and change management skills. They may supervise staff and work with other teams, as well, to help meet strategic IT goals such as migrating to the cloud or building mobile applications.
IT security and other credentials to look for: Certified Ethical Hacker (CEH), CISM, CISSP
Must-ask interview question and why: What types of tests can you use to detect security weaknesses in the network?
A candidate is likely to respond immediately with “penetration testing,” as that’s the go-to testing method for most organizations. But you’re better off hiring a security architect who is also willing to take a creative approach to uncover potential security faults. So, listen closely to candidates who mention other methods, such as using packet analyzers or “sniffers” to intercept and log network traffic to identify threats or engaging in ethical hacking to bypass system security and search for vulnerabilities.
Data security analyst
Whether you refer to this professional as a data security analyst or simply “security analyst” in your organization, they will be on the front line in protecting your company’s systems and networks from malicious hackers and other threats that work to steal or compromise critical data. These pros need to bring a thorough understanding of all aspects of computer and network security to their job, including firewall administration, encryption technologies and network protocols.
Companies look to data security analysts to handle critical tasks such as performing security audits, risk assessments and analyses; researching IT security incidents and addressing security weaknesses; and developing IT security policies and procedures. Look for candidates who have at least three years of experience, and are self-motivated, analytical problem-solvers with strong communication skills.
IT security and other credentials to look for: CISA, CISSP, Systems Security Certified Practitioner (SSCP)
Must-ask interview question and why: What are some current trends in data security, and why are they significant?
You will want to hire a data security analyst who closely follows industry security trends and developments. This question tests industry knowledge — and allows interviewees to demonstrate their commitment to and passion for their profession. An answer to this question might include details about current data protection regulations that impact your industry, or how emerging technologies like artificial intelligence create new data security challenges for businesses.
Network security engineer
To build your company’s IT security infrastructure, you’ll need the expertise of a network security engineer. A network security engineer should have the skills to design infrastructure from scratch or modify an existing network to respond to emerging threats. In many organizations today, these professionals are known simply as “security engineers.” For those who are heavily involved with cloud security, their title may be more specific: “cloud security engineer.”
Cybersecurity professionals in this role may be asked to manage penetration testing exercises and work with automated testing tools. The network security engineer also typically monitors detection and response activities and conducts routine analyses of security events, alerts and notifications. Look for a candidate who is proficient in security technology, has a deep understanding of the nature of cybersecurity threats, and can create and document security policies.
IT security and other credentials to look for: CEH, CISSP, Cisco Certified Network Professional Security (CCNP Security)
Must-ask interview question and why: If a company’s computer network is attacked, what are the most significant implications for the business?
System downtime and data loss are just two potential outcomes of a cyberattack — and obvious answers to this question. You want a network security engineer on your IT security team who approaches their work with a big-picture outlook on cyber incidents. Responses to look for include erosion of customer trust, loss of brand value, reputation damage and financial loss.
Systems security administrator
The exact job description for a systems security administrator will depend on the size of the organization. In many cases, this professional may have duties very similar to a network security engineer (see above). If these professionals are hired to help manage cybersecurity for small business operations or midsize companies, for example, they may have a blended role that includes systems administrator duties and software and networking hardware management.
In larger organizations, a systems security administrator is more likely to focus solely on security, including configuring security policies for services vital to the business, such as email systems, file sharing services, collaboration tools, server(less) workloads and identity solutions.
In either case, cybersecurity pros who hold the systems security administrator title are responsible for helping companies define best practices for IT security and coordinate penetration testing to identify vulnerabilities. Candidates for this position should ideally have a background in networking. You may also want to specify in the job description that applicants should possess excellent knowledge of TCP/IP (standard internet communications protocols), routing and switching, network protocols, firewalls, and intrusion prevention.
IT security and other credentials to look for: Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), CISSP, CompTIA Security+
Must-ask interview question and why: What is the difference between IDS and IDP?
An IDS, or intrusion detection system, monitors for intrusions and sends an alert when it detects suspicious activity. Preventing the intrusion requires administrators to take direct action. Meanwhile, an IPS, or intrusion prevention system, is a control system: It detects intrusions and responds in real time to prevent them from reaching targeted systems and networks. An experienced systems security administrator can quickly explain that while these two systems may use the same methods for monitoring and detecting intrusions, they respond differently to these events.
A well-rounded team of cybersecurity professionals can benefit your business
Together, the five types of cybersecurity professionals listed above can help your business improve data, network and systems security; prevent and quickly recover from cyberattacks; meet security compliance mandates; secure your remote or hybrid workforce; modernize and optimize your company’s IT security infrastructure; and plan for disaster recovery more effectively.
If your objective is to strengthen enterprise security, you may need to consider staffing all of these roles. However, if you need to fortify security for a small or midsize organization, you may only need to make a few strategic hires to round out your team. Engaging a mix of permanent and contract professionals through a talent solutions firm like Robert Half is another way to secure IT expertise for your business, especially if you only need to tap specialized skills for the short term.