As reported by the Wall Street Journal, salaries for mid-level software engineers capable of helping enterprises thwart advanced malware and prevent data leaks are booming. Add the fact that many CSOs tasked with on-boarding new talent are hindered by strict salary caps, and the problem of recruiting and retaining cyber security staff has become even more intractable.
“With demand exceeding supply, salaries for security personnel are ratcheting up,” said Matt Comyns, a cyber security recruiter for global executive leadership and search firm Russell Reynolds Associates.
While the fact that even mid-level cyber security professionals (and not just executives such as CSOs) are cashing in may come as a surprise, the existence of an ever-widening gap between demand and supply is hardly a shocker. Last August, we wrote about a RAND report that found the skills shortage began way back in 2007. And last March, my colleague Doug McLean warned enterprises that trying to find qualified software engineers capable of dealing with today’s sophisticated cyber threats was as likely as “finding a unicorn.”
Doug’s warning hasn’t diminished over time; rather, it’s all the more pertinent as enterprises struggle not just to find the people they need to protect them on today’s evolving threat landscape, but to afford the exorbitant price tag if they’re lucky enough to hire them. Starting pay for software engineers capable of doing the job start at around $120,000 a year plus benefits, but salaries beyond the $200,000 range aren’t uncommon.
In time — and we’re talking several years here — schools will begin graduating some desperately needed cyber security professionals. But even for that to happen, there are a lot of “ifs” in play: if the professionals are capable of making an immediate contribution; if the cyberthreat landscape hasn’t changed so much that yet more training is required; if enterprises can even afford them…and so on.
Furthermore, for today’s enterprises – even those with planning horizons that span ahead decades into the future — what schools are doing today is (no pun intended) frankly an academic discussion. Enterprises need help immediately, either because their assets and reputations are at risk, because of prevailing compliance standards and regulations, or most likely a combination of both.
As such, the only practical and affordable way forward for enterprises is to use technology to solve what the labor market cannot by fully automating their log analysis, incident response, and threat remediation at each step in the kill chain. Doing so alleviates the (currently unmanageable) burden placed on their SOC and IR teams, and frees them up to focus on strategically responding to verified breaches rather than frenetically reacting to infections.
Learn more about adopting this affordable technology in your enterprise – without having to purchase any new hardware, software, or costly cyber security professionals – by downloading our white paper, “How to Find and Remove the Attacker that Has Already Passed Through Your Traditional Defenses.”