Now more than ever, employers in virtually every industry want — and need — to hire cybersecurity professionals. Organizations require their skills to help keep sensitive data and systems safe from malicious hackers, defend an ever-expanding security perimeter, and comply with stringent regulatory mandates related to data security and privacy.
As companies work to accelerate digital transformation efforts and build a more automated, cloud-based, data-driven workplace that can support remote teams, assembling and maintaining a deep bench of IT security expertise is becoming only more critical.
The ever-rising level of cybercrime places even more pressure on businesses to keep their systems up to date and vulnerabilities patched and to swiftly respond to and recover from cybersecurity incidents stemming from malware, ransomware and phishing.
The demand for skilled cybersecurity talent was exceeding the supply of job candidates available for hire before the pandemic — and that situation persists. With the continued cybersecurity skills gap, companies still face competition from other businesses seeking the same top candidates for critical IT roles, according to the latest Salary Guide From Robert Half. As a manager, that means recruiting in-demand tech talent requires you to be ready to offer competitive compensation, perks and benefits.
So, what kinds of experts do you need to cover all your IT security bases? Here is an overview of the typical responsibilities and valued skills and certifications for five types of in-demand cybersecurity professionals, and an example of a must-ask interview question to pose to job candidates.
Systems security manager
When you recruit a systems security manager, you’re hiring someone to orchestrate your company’s security measures. That includes overseeing the creation of IT security infrastructure, implementing policies and best practices, managing security audits and vulnerability and threat assessments, and preventing and detecting intrusion. Systems security managers are also often tasked with creating and executing strategies to improve the reliability and security of IT projects, such as software development.
For this role, you’ll want to look for a candidate who has a strong technical background in systems and network security and at least five years of experience. Solid interpersonal and communication skills and leadership abilities are important to succeed in this role, as are standout analytical and problem-solving skills. This person should be well-prepared to manage a varied team of IT professionals that includes security administrators, architects, analysts and engineers.
IT security and other credentials to look for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Management and Leadership Certifications
Must-ask interview question and why: What is your experience with disaster recovery and business continuity? Many companies look to their systems security managers to help develop IT disaster recovery plans for their critical systems. If your company is among them, you’ll want to confirm that the cybersecurity professional you hire for this role has the skills to assess risks and can take the lead on creating plans to address IT security emergencies.
A security architect’s job is finding ways to stay one step ahead of all digital threats to the company’s network, from hackers and viruses to malware. A security architect can, essentially, come into your business, look at your IT security “house” (i.e., infrastructure) and recommend where and how to make improvements without compromising your business systems’ performance.
Security architects can perform testing to detect and monitor suspicious activity and analyze threats to help your business improve its IT security approach and reduce the risk of future attacks. Security architects are always thinking about future requirements and stay informed about relevant regulations that impact IT security. These cybersecurity professionals need strong interpersonal, leadership and change management skills. They may supervise staff and work with other teams, as well, to help meet strategic IT goals such as migrating to the cloud or building mobile applications.
IT security and other credentials to look for: Certified Ethical Hacker (CEH), CISM, CISSP
Must-ask interview question and why: What types of tests can you use to detect security weaknesses in the network? A candidate is likely to respond immediately with “penetration testing,” as that’s the go-to testing method for most organizations. But you’re better off hiring a security architect who is also willing to take a creative approach to uncover potential security faults. So, listen closely to candidates who mention other methods, such as using packet analyzers or “sniffers” to intercept and log network traffic to identify threats or engaging in ethical hacking to bypass system security and search for vulnerabilities.
Data security analyst
A data security analyst — also sometimes referred to as an information security analyst or a computer security analyst — will be on the front line in protecting your company’s systems and networks from malicious hackers and other threats that work to steal or compromise critical data. These IT security pros need to bring a thorough understanding of all aspects of computer and network security to their job, including firewall administration, encryption technologies and network protocols.
Companies look to data security analysts to handle critical tasks such as performing security audits, risk assessments and analyses; researching IT security incidents and addressing security weaknesses; and developing IT security policies and procedures. Look for candidates who have at least three years of experience, and are self-motivated, analytical problem-solvers with strong communication skills.
IT security and other credentials to look for: CISA, CISSP, Systems Security Certified Practitioner (SSCP)
Must-ask interview question and why: What are some current trends in data security, and why are they significant? You want to hire a data security analyst who closely follows industry security trends and developments. This question tests industry knowledge — and allows interviewees to demonstrate their commitment to and passion for their profession. An answer to this question might include details about current data protection regulations that impact your industry, or how emerging technologies like artificial intelligence create new data security challenges for businesses.
Network security engineer
To build your company’s IT security infrastructure, you’ll need the expertise of a network security engineer. A network security engineer should have the skills to design infrastructure from scratch or modify an existing network to respond to emerging threats.
Cybersecurity professionals in this role may be asked to manage penetration testing exercises and work with automated testing tools. The network security engineer also typically monitors detection and response activities and conducts routine analyses of security events, alerts and notifications. Look for a candidate who is proficient in security technology, has a deep understanding of the nature of cybersecurity threats, and can create and document security policies.
IT security and other credentials to look for: CEH, CISSP, Cisco Certified Network Professional Security (CCNP Security)
Must-ask interview question and why: If a company’s computer network is attacked, what are the biggest implications? System downtime and data loss are just two potential outcomes of a cyberattack — and obvious answers to this question. You want a network security engineer on your IT security team who approaches their work with a big-picture outlook on cyber incidents. Responses to look for include erosion of customer trust, loss of brand value, reputation damage and financial loss.
Systems security administrator
The job description for a systems security administrator will depend on the size of the organization. If these professionals are hired to help manage cybersecurity for small business operations or midsize companies, for example, they may have a blended role that includes systems administrator duties and software and networking hardware management.
In larger organizations, meanwhile, a systems security administrator is more likely to focus solely on security, including installing and maintaining firewalls, solutions for virus protection and other measures. But in either case, cybersecurity professionals who hold the systems security administrator title are responsible for helping companies define best practices for IT security and coordinate penetration testing to identify vulnerabilities.
Candidates for the systems security administrator position should ideally have a background in networking. You may also want to specify in the job description that applicants should possess excellent knowledge of TCP/IP (standard internet communications protocols), routing and switching, network protocols, firewalls, and intrusion prevention.
IT security and other credentials to look for: Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), CISSP, CompTIA Security+
Must-ask interview question and why: What is the difference between IDS and IDP? An experienced systems security administrator can quickly explain that while these two systems may use the same methods for monitoring and detecting intrusions, they respond differently to these events. An IDS, or intrusion detection system, monitors for intrusions and sends an alert when it detects suspicious activity. Preventing the intrusion requires administrators to take direct action. Meanwhile, an IPS, or intrusion prevention system, is a control system: It detects intrusions and responds in real time to prevent them from reaching targeted systems and networks.
IT security skills can benefit your business
Together, the five types of cybersecurity professionals listed above can help your business improve data, network and systems security; prevent and quickly recover from cyberattacks; meet security compliance mandates; secure your remote workforce; modernize and optimize your company’s IT security infrastructure; and plan for disaster recovery more effectively. And those are only a few of the benefits that these pros can deliver.
If your objective is to strengthen enterprise security, you may need to consider hiring for all these roles. However, fortifying cybersecurity for small business operations or a midsize organization may require making only a few strategic hires to round out the IT security function. Engaging contract professionals through a talent solutions firm like Robert Half is another way to secure IT expertise for your business, especially if you only need to tap their specialized skills for the short term.
Security matters in all things IT. No matter what other technology roles your business needs to hire for — software developers, IT support managers, DevOps engineers or other specialists — look for candidates who can bring solid basic security skills and knowledge to the table. Focus on professionals who will keep security front and center in everything they design, build and deliver for your business today and in the future.