Going into the 2017 edition of the annual RSA conference this week IT security professionals are confronted with two paradoxes that will have a profound impact on their careers.
The first is that more money is pouring into IT security than ever. Organizations have woken up to the fact that they have significantly under invested in protecting their digital assets. They have also come to realize that there’s a fundamental supply and demand problem that is driving up IT security professional salaries. A new report from the IT association CompTIA notes that 25,000 IT security jobs were posted in last 90 days alone.
While those two economic indicators may provide IT security professionals with some comfort concerning their own job security it does create a vacuum than both nature and economics abhor. Stepping into that gap are a wave of emerging technologies based on machine learning algorithms and deep learning science based on neural net technologies. The goal is nothing less than automate as much of IT security process as possible.
As their frustration mounts business leaders are going to be keenly interested in these technologies. Many of them have taken note of the fact that cybercriminals continue to find ways to end run legacy IT security technologies. Kaspersky Lab just this week reported it has discovered a series of invisible targeted attacks that use legitimate penetration-testing in combination with the PowerShell framework for task automation in Windows to inject malware into system memory. Because it runs in memory the malware can to collect passwords without ever leaving a trace because it disappears every time a system is rebooted, says Kaspersky Lab.
As more business executive become aware of the true extent of the IT security challenge they face many of them will conclude they are in an arms race with cybercriminals. Before too long they will seek to redirect as much of the IT security budget that now gets allocated to labor into technologies that promise to better mitigate the core problem at a total lower cost. That doesn’t mean IT security jobs will be eliminated. But it does mean there will be a finite cap to the total number of IT security professionals that businesses are willing to employ. Just as significantly, the IT security professionals that are employed will need to demonstrate skills that go well beyond what can be achieved using the next generation of IT security software.
There’s no doubt that the salary an IT security professional can command has swelled the ranks of the IT security community. But just because someone can enter a profession it doesn’t necessarily follow they are going to be guaranteed a job in it for life. Rather than becoming complacent, IT security professionals will need to up their game considerably in the months and years ahead to keep pace with major advances in IT security technologies leveraging multiple forms of artificial intelligence. There’s always going to be a need for some level of additional IT security insight that only a human can provide. But as economically comfortable as IT security professionals might be today they would be well advised to recognize the current hiring climate for the moment in time it really is.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.