Now more than ever, employers in virtually every industry want — and need — to hire cybersecurity professionals. Organizations require their skills to help keep sensitive data and systems safe from malicious hackers, defend an ever-expanding security perimeter, and comply with stringent regulatory mandates related to data security and privacy.
As companies work to accelerate digital transformation efforts and build a more automated, cloud-based, data-driven workplace that can support remote teams, assembling and maintaining a deep bench of IT security expertise is becoming only more critical.
According to recent figures from the FBI, cyberattacks increased by nearly 400% soon after the COVID-19 pandemic took hold in the United States in March 2020. This dramatic rise in cybercrime has placed additional pressure on businesses to keep systems up to date and vulnerabilities patched and to swiftly respond to and recover from cybersecurity incidents stemming from malware, ransomware and phishing.
The demand for skilled cybersecurity talent was exceeding the supply of job candidates available for hire before the pandemic — and that situation persists. High unemployment has created a larger labor pool, but companies still face competition from other businesses seeking the same top candidates for critical IT roles, according to Robert Half Technology’s 2021 Salary Guide. As a manager, that means recruiting in-demand tech talent requires you to be ready to offer competitive compensation, perks and benefits.
So, what kinds of experts do you need to cover all your IT security bases? Here is an overview of the responsibilities and skills for five types of cybersecurity professionals, what kind of starting salary accompanies each position (based on research for our latest Salary Guide), and an example of a must-ask interview question to pose to job candidates.
Information systems security manager
When you recruit an information systems security manager, you’re hiring someone to orchestrate your company’s security measures. That includes overseeing the creation of IT security infrastructure, implementing policies and best practices, managing security audits and vulnerability and threat assessments, and preventing and detecting intrusion. Information systems security managers are also often tasked with creating and executing strategies to improve the reliability and security of IT projects, such as software development.
For this role, you’ll want to look for a candidate who has a strong technical background in systems and network security and at least five years of experience. Solid interpersonal and communication skills and leadership abilities are important to succeed in this role, as are standout analytical and problem-solving skills. This person should be well-prepared to manage a varied team of IT professionals that includes security administrators, architects, analysts and engineers.
Credentials to look for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Management and Leadership Certifications
Midpoint salary (or median national salary): $149,000
Must-ask interview question and why: What is your experience with disaster recovery and business continuity? Many companies look to their information systems security manager to help develop IT disaster recovery plans for their critical systems. If your company is among them, you’ll want to confirm that the cybersecurity professional you hire for this role has the skills to assess risks and can take the lead on creating plans to address IT security emergencies.
A security architect’s job is finding ways to stay one step ahead of all digital threats to the company’s network, from hackers and viruses to malware. A security architect can, essentially, come into your business, look at your IT security “house” (i.e., infrastructure) and recommend where and how to make improvements without compromising your business systems’ performance.
Security architects can perform testing to detect and monitor suspicious activity and analyze threats to help your business improve its IT security approach and reduce the risk of future attacks. Security architects are always thinking about future requirements and stay informed about relevant regulations that impact IT security. These cybersecurity professionals need strong interpersonal, leadership and change management skills. They may supervise staff and work with other teams, as well, to help meet strategic IT goals such as migrating to the cloud or building mobile applications.
Credentials to look for: Certified Ethical Hacker (CEH), CISM, CISSP
Midpoint salary: $136,000
Must-ask interview question and why: What types of tests can you use to detect security weaknesses in the network? A candidate is likely to respond immediately with “penetration testing,” as that’s the go-to testing method for most organizations. But you’re better off hiring a security architect who is also willing to take a creative approach to uncover potential security faults. So, listen closely to candidates who mention other methods, such as using packet analyzers or “sniffers” to intercept and log network traffic to identify threats or engaging in ethical hacking to bypass system security and search for vulnerabilities.
Network security engineer
To build your company’s IT security infrastructure, you’ll need the expertise of a network security engineer. A network security engineer should have the skills to design infrastructure from scratch or modify an existing network to respond to emerging threats.
Cybersecurity professionals in this role may be asked to manage penetration testing exercises and work with automated testing tools. The network security engineer also typically monitors detection and response activities and conducts routine analyses of security events, alerts and notifications. Look for a candidate who is proficient in security technology, has a deep understanding of the nature of cybersecurity threats, and can create and document security policies.
Credentials to look for: CEH, CISSP, Cisco Certified Network Professional Security (CCNP Security)
Midpoint salary: $124,500
Must-ask interview question and why: If a company’s computer network is attacked, what are the biggest implications? System downtime and data loss are just two potential outcomes of a cyberattack — and obvious answers to this question. You want a network security engineer on your IT security team who approaches their work with a big-picture outlook on cyber incidents. Responses to look for include erosion of customer trust, loss of brand value, reputation damage and financial loss.
Systems security administrator
The job description for a systems security administrator will depend on the size of the organization. If these professionals are hired to help manage cybersecurity for small business operations or midsize companies, for example, they may have a blended role that includes systems administrator duties and software and networking hardware management.
In larger organizations, meanwhile, a systems security administrator is more likely to focus solely on security, including installing and maintaining firewalls, solutions for virus protection and other measures. But in either case, cybersecurity professionals who hold the systems security administrator title are responsible for helping companies define best practices for IT security and coordinate penetration testing to identify vulnerabilities.
Candidates for the systems security administrator position should ideally have a background in networking. You may also want to specify in the job description that applicants should possess excellent knowledge of TCP/IP (standard internet communications protocols), routing and switching, network protocols, firewalls, and intrusion prevention.
Credentials to look for: Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), CISSP, CompTIA Security+
Midpoint salary: $120,500
Must-ask interview question and why: What is the difference between IDS and IDP? An experienced systems security administrator can quickly explain that while these two systems may use the same methods for monitoring and detecting intrusions, they respond differently to these events. An IDS, or intrusion detection system, monitors for intrusions and sends an alert when it detects suspicious activity. Preventing the intrusion requires administrators to take direct action. Meanwhile, an IPS, or intrusion prevention system, is a control system: It detects intrusions and responds in real time to prevent them from reaching targeted systems and networks.
Data security analyst
A data security analyst — also sometimes referred to as an information security analyst or a computer security analyst — will be on the front line in protecting your company’s systems and networks from malicious hackers and other threats that work to steal or compromise critical data. These IT security pros need to bring a thorough understanding of all aspects of computer and network security to their job, including firewall administration, encryption technologies and network protocols.
Companies look to data security analysts to handle critical tasks such as performing security audits, risk assessments and analyses; researching IT security incidents and addressing security weaknesses; and developing IT security policies and procedures. Look for candidates who have at least three years of experience, and are self-motivated, analytical problem-solvers with strong communication skills.
Credentials to look for: CISA, CISSP, Systems Security Certified Practitioner (SSCP)
Midpoint salary: $134,000
Must-ask interview question and why: What are some current trends in data security, and why are they significant? You want to hire a data security analyst who closely follows industry security trends and developments. This question tests industry knowledge — and allows interviewees to demonstrate their commitment to and passion for their profession. An answer to this question might include details about current data protection regulations that impact your industry, or how emerging technologies like artificial intelligence create new data security challenges for businesses.
Together, these five types of cybersecurity professionals can help your business improve data, network and systems security; prevent and quickly recover from cyberattacks; meet security compliance mandates; secure your remote workforce; modernize and optimize your company’s IT security infrastructure; and make a plan for disaster recovery. And those are only a few of the benefits these pros can deliver.
If your objective is to strengthen enterprise security, you may need to consider staffing all of these roles. Or if your aim is to fortify the cybersecurity for small business operations or a midsize organization, you may only need to make a few strategic hires to round out your IT security function.
Security matters in all things IT. No matter what other technology roles your business needs to hire for — software developers, IT support managers, DevOps engineers or other specialists — look for candidates who can bring solid basic security skills and knowledge to the table. Focus on professionals who will keep security front and center in everything they design, build and deliver for your business.