Yes, it’s another information security predictions article – security hiring trends. No, I won’t be discussing APT, China, or anything involving our favorite prefix, “cyber.” Instead, here’s a brief glimpse at what we infosec recruiters are seeing in terms of enterprise demands for security roles. While all infosec positions, from firewall jockey to CISO, remain super-hot, here are some roles for which hiring managers will clamor in 2014.
- Secure coders. In the security community, we love to lament that enterprise software teams fail to bake secure coding practices as basic as prevention of the OWASP Top 10 into their development lifecycle. Silly devs, we say! But the devs are getting wise. Increasingly, enterprise SDLC managers and architects demand developers with an understanding of secure code to prevent application-layer attacks before they happen, as opposed to the apathetic mentality of yesteryear which so often leads to pathetically preventable breaches. While there’s a long way to go before security is front of mind for your average dev team, the smartest organizations are beginning to take heed of application security as a priority in software development. That said, there are still all the organizations that don’t, meaning that 2014 will be a great year for…
- Defensive security engineers/blue teams. Blue is very hot this year, and I don’t only say this because of my hair color. Skills in incident response, forensics, vulnerability management, malware reversing, and architecture of SIEM/IDS/IPS/DLP systems are in ever-increasing demand. More and more business owners are beginning to take heed of the axiom that security breaches are not a matter of if, but when, and are investing technology dollars accordingly. If you’ve been chomping at the bit to finally deploy and run the defensive technologies you’ve been yearning for, now would be a good time to introduce yourself to the many companies that are ready to hire you.
Please note that this doesn’t mean red team roles are going away. Far from it; penetration testers and other offensive security professionals remain very hot commodities. It’s simply that organizations are strengthening their defensive security postures and hiring accordingly.
- Compliance SMEs. I know, I know. Nobody thinks “ISO 27001 audit” or “HIPAA risk assessment” when they’re thinking of sexy jobs. But the fact remains that compliance standards aren’t going anywhere – in fact, they’re all expanding, with recent changes to HIPAA and PCI as just two examples – meaning that GRC jobs are stable and will afford increasing opportunities for the right professionals for the foreseeable future.
It’s a great time to be an information security professional. If I do say so myself, it’s a great time to be an infosec recruiter. If these or other security positions interest you, feel free to send your resume to firstname.lastname@example.org – 2014 might just be the year you land your dream security job.