With the revelation of a huge data breach at health insurer Anthem, which could affect as many as 80 million people, it didn’t take long for experts’ forecasts that 2015 will bring even more cyber attacks to become a reality.
Experian’s 2015 Data Breach Industry Forecast predicts more of the massive attacks that Target, eBay and Home Depot have experienced, and points to health care in particular as “a vulnerable and attractive target for cybercriminals.”
That’s making cybersecurity among the hottest IT skills around. This dovetails with news that companies seem less leery of making full-time IT hires as the recovery from the recession continues. In fact, nearly three-quarters of companies in a Dice survey said they plan to expand by more than 10 percent in early 2015.
Job postings for cybersecurity pros have increased 91 percent year over year on Dice’s job board, which ranks them among the hardest positions to fill.
Analyst firm Foote Partners reports continuing employer interest in IT certifications and increased willingness to pay extra for them.
Experience trumps certification any day, as Robert Byron, principal consultant for information technology search at WinterWyman Search in Boston, puts it. But adding certification can only help highlight your skills.
Demand for certifications is increasing for a couple of reasons, according to James Stanger, senior director of product development at CompTIA. One is that governments are requiring them for some jobs – and not just in the United States. Governments will be among those hiring this year.
Department of Defense Directive 8570 set out required certifications as proof of training for certain public-sector jobs and for contractors, helping to boost demand for those credentials. And the Pentagon is asking for at least $27 million in the FY2016 budget to boost its cybersecurity capabilities.
Compliance is another factor.
“It’s ‘are all the boxes checked?’ Are your security workers certified in the area in which they’re working? Is there some sort of evidence?,” Stanger said.
Companies can submit evidence from a trusted third party to an insurance company, he said. And it lends credence for consulting companies or contractors to say, “We can bring in three certified engineers.”
Three security certifications — CompTIA Security+, GIAC Certified Windows Security Administrator and EC-Council Certified Security Analyst — were among Foote Partners’ list of the certs drawing the highest premium pay.
However, the field has become highly specialized, Stanger said.
“Ten years ago, you were a security guru or security expert. You don’t hear that much anymore because people have gone very specific with, say, first response or auditing, risk management or perimeter security, forensics.”
Vendor-neutral GAIC certifications for forensic analyst and intrusion analyst and EC-Council’s hacking forensic investigator and certified ethical hacker were among the biggest gainers in value during Q3 2014, according to Foote’s most recent IT Skills Demand and Pay Trends Report.
Meanwhile, salaries for chief security officers are up 7.1 percent from a range of $134,250 to $204,750, according to staffing firm Robert Half, which lists CISO among its 10 positions to watch for 2015.