TechCrunch did a nice job of breaking down the types of “operational” infosec talent into tiers many organizations need and suggesting three alternatives to meet those needs. Tier 1 includes first line analysts that handle the day-to-day monitoring and basic response. Tier 2 analysts, the positions in high demand, include those that have more real world experience and provide advanced analysis of events that escalate from Tier 1. Until the supply of Tier 2 analysts catch up with demand, organizations must focus on 1) retaining existing analysts, 2) hiring new talent, or 3) outsourcing the analyst role — none of which are easy choices. Of course organizations can also train existing analysts but that appears to be included in option 1. The article does leave out a discussion of security “engineering” roles though. That is a whole other group of information security professionals needed, requiring even more top tier talent with real-world experience.
With graduation season upon us, many graduates entering the workforce are understandably anxious about their future employment. However, at least one group is poised to take advantage of a market suffering from a massive skills shortage: cybersecurity professionals.
The Bureau of Labor Statistics’ Occupational Outlook Handbook projects the demand for information security professionals will increase by 100,000 jobs in the next seven years. That need will only increase in the coming years as cybercrime continues to prove more lucrative. The outlook for this fortunate group of new college graduates is promising. However, organizations planning to hire from this talent pool should fully understand the associated challenges.
Any effective security team requires technical members with a broad set of backgrounds and skill sets, often delineated into “Tier 1” and “Tier 2” groups. Tier 1 members generally provide a first line of review or response, and handle the most basic functions from the security team’s task lists. These tend to include following pre-determined response procedures such as virus removal, automated system restoration, or escalating the more suspicious events for further review.