Cybersecurity Career Strategies: A View from the Top
Frederick Scholl, Ph.D., Cybersecurity Program Director, Quinnipiac University
Many cybersecurity job seekers spend a lot of time perusing job boards, like Indeed, Simply Hired and others. Cyberseek.org shows 2,645 jobs listed for Connecticut. This is information from the trenches.
In this post I want to look at trends, as reported by the Society for Information Management’s (SIM) Annual IT Trends Survey. SIM is a national organization of Chief Information Officers and similar IT leaders. Ultimately these people are the ones generating the individual job listings.
The 2019 survey of 793 organizations was published at the end of 2018 and is the latest information on IT trends, including IT security trends. About 50% of CISO’s still report to a CIO and the other 50% are heavily influenced by their CIO; so, the IT Trends Survey is valuable reading for anyone in the security field. The report is available only to members. I will summarize the key survey results of interest to security professionals.
Top IT Management Issues at Organizations
- Alignment of IT with the Business
- Data Analytics/Data Management
CIO’s Top Personal Worries
- IT Talent Shortage
- Creditability of IT
- Alignment of IT and the Business
- Business Continuity
Top IT Investments
- Analytics/Business Intelligence
- Cloud Computing
- Software Development and Maintenance
- ERP (Enterprise Resource Planning)
IT Budget Categories
- KTLO (Keeping the Lights On): 49%
- Software Development and Maintenance: 27%
- IT Capital Investment: 18%
- Outsourcing: 11%
- Cybersecurity: 8%
To Whom Does the CISO Report?
- CIO (62%)
- CEO (11%)
- CTO (7%)
- COO (6%)
- Other (6%)
What do these facts say? First, cybersecurity continues to be top of mind for CIOs and IT management. It ranks #1 for organizational issues and for personal worries. In terms of technology investments, cybersecurity ranks #2, after business intelligence. Total IT spending was 5.9% percent of revenue.
IT Budget Categories breaks down this IT spending, with around 8% on average of IT budgets devoted to cybersecurity. This is valuable perspective for security practitioners. Most of the IT budget is devoted to running the business. Security plays an important role here through such activities as availability and incident response.
Most CISOs still report to the CIO. Although it is known now that security mitigation comprises many non-technical activities, for historical and practical reasons CISOs continue to report to CIOs. Many companies still do not have a CISO at all. 46% of those surveyed said they did; 53% said no. 1% were not sure. This statistic means that there is significant room for improvement, especially among smaller firms with revenue under $1B.
If you are a C-level or director level security professional, you should consider joining SIM. Information can be found at www.simnet.org. For Connecticut residents, SIM has two chapters, one for Fairfield-Westchester and the other for Central Connecticut.