A Fresh Look at the Cybersecurity, Risk and Governance Jobs of the Future

Posted on by David Foote

Clearly, since RSAC 2020, the elephant in the room for cybersecurity/risk/governance jobs, skills and pay has been how will the economy react to the pandemic in the coming months. It’s too early to say with accuracy what lies ahead, but one thing is already certain: before the pandemic, employers were already struggling mightily with devising and building successful cybersecurity staffing models, and now these objectives have become even more elusive.

We conducted interviews in early 2020 with 350+ senior security and tech execs and decision makers across 38 industries to inquire about their tech workforce plans. Our findings? They’re still stressed out about game-changing emerging disruptive technologies that have been altering the landscape of their businesses. Layered into all of these is also a requirement to build deeper cybersecurity capabilities for the escalating threat levels that these disruptors have created.

Many execs believe that the pandemic will create an acceleration in labor trends such as automation at their companies as they are forced to find ways to operate with fewer employees physically present. We agree that companies are likely to go more digital and automate much faster, and this includes cybersecurity AI. But at the same time, there will need to be significant upskilling and retraining, especially for laid off workers. Moreover, we would not be surprised to see a reduction in middle management in the months and years ahead, like the global recession in 2008.

We also heard many opinions about the newly amped-up stay-at-home workforce remaining in place after the pandemic winds down; this affects security of data, applications, cloud and infrastructure in countless ways. Also, with tech professionals balancing the demands of work life and home life all in the same place, employers have relaxed rules about the number of hours their workforces are working, which makes sense: it’s just a lot harder for employers to deny flexibility around work hours and work settings. Security execs and decision makers we interviewed are increasingly recalibrating expectations for when they need everyone in the office or online for staff meetings and other team activities. 

Altogether, this amounts to a massive transformation of the technology and tech-business hybrid workforce, as the focus becomes how to deliver on a wide variety of new and revised operational solutions and revenue-generating opportunities. And all of these prospects depend on solving a puzzle: how to get the mix of critical security skills and experience just right when shortages of skills and talent have never been more constraining to business transformation, and how to do it during pandemic uncertainties.

We believe the pandemic will not have a negative impact on technology evolution, a fact that has been proven time and again with past market interruptions. Evolving technology always seems to barrel down the train tracks at breakneck speed no matter what, often out-distancing the ability of humans to adopt it or turn it into elements of competitive advantage, market share or profitability.

But what it will change is how various employers and industries choose to invest in technology and info/cybersecurity capabilities now, as their normal revenue channels are disrupted and, we argue, security threats are greater. For example, industries most directly affected by the pandemic—travel, hospitality, restaurants—are all buyers of technology, and their relationship with their technology vendors and service providers will change, unlike those of Amazon, Alphabet/Google, Facebook, Netflix and even Apple, who hold vast amounts of cash reserves and unwavering customer bases.

So too will this pandemic tip the scales in favor of large employers with sufficient resources to finance ferocious predatory behaviors in local tech talent markets stunned by recent developments. Recent data and empirical research collected from companies in our 3,578 research partner network in the United States and Canada has revealed many stories of ‘surgical’ labor losses by aggressive recruiters targeting specific individuals and also clusters of highly valued talent in specialized skill areas and product domains, including cybersecurity. Many employers caught in the haze of pandemic confusion never saw these critical talent losses coming, and had only withering defenses to combat their talent defections.

David Foote

Chief Analyst & Research Officer, Foote Partners, LLC

Hackers & Threats

risk management

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs