In continuing to share up-to-date information about the state of the cybersecurity job market, I am happy to say our profession is proving to be very, very resilient. Companies are still hiring to fill cybersecurity jobs. Unfortunately, we’ve also recorded cybersecurity layoffs over the last two weeks in industries that were affected by Covid-19.
(If you’d like to read my previous “State of the Cybersecurity” reports you can view the last one here.)
Companies that focus on gig workers, transportation, and hospitality have recently been hit hard and in turn reduced their security teams. We are seeing the layoffs at these companies concentrated in IR, SOC and Corp/IT Security. We are not seeing layoffs at these same firms for product security or application security. From seeing this data, I can’t help but think that while it seems smarter to let go of your hunters vs your product security professionals, how does one even make that decision?
“Cybersecurity threats and privacy risks do not just disappear during the COVID-19 downturn in business. Incidents and breaches will continue,” said Dom Glavach, CyberSN’s Chief Security Officer. “Cyber criminals and adversaries are leveraging all aspects of the pandemic to land and launch attacks, insider threats generally increase with employee reduction actions, and privacy compliance does not have a pandemic waiver.”
The economic reality at these companies and the opportunistic nature of cyber attackers are creating a perfect storm. Business leaders have to find a way to weather the crisis, and that has played out in leaner budgets and layoffs. Right now, this means that cybersecurity professionals are doing more than just cyber operations, and in some cases, layoffs have created disgruntled employees. Worse yet, phishing attacks are up 37 times since January 2020.
Effective cybersecurity is a triad of people, process, and technology, with each dependent on another. Processes will fatigue and technology atrophy will occur without enough people, or the right people, in place. All of this gives the advantage to the attacker.
Besides the risk of employee burnout and increased attacks, cyber layoffs have other risks to consider.
While I share all of this, I also know that capitalism makes these risk decisions unbearable and impossible. I feel for those making these decisions and for those who are affected by them; the good news is for all the talented professionals who are laid off, there are wonderful people looking to hire you. Stay strong. Stay kind. Stay inclusive. Seek to learn always. Love will prevail.