State of the Cybersecurity Job Market June 2020

Friends,

In continuing to share up-to-date information about the state of the cybersecurity job market, I am happy to say our profession is proving to be very, very resilient. Companies are still hiring to fill cybersecurity jobs. Unfortunately, we’ve also recorded cybersecurity layoffs over the last two weeks in industries that were affected by Covid-19.

(If you’d like to read my previous “State of the Cybersecurity” reports you can view the last one here.)

Where the Layoffs Are Focused

Companies that focus on gig workers, transportation, and hospitality have recently been hit hard and in turn reduced their security teams. We are seeing the layoffs at these companies concentrated in IR, SOC and Corp/IT Security. We are not seeing layoffs at these same firms for product security or application security. From seeing this data, I can’t help but think that while it seems smarter to let go of your hunters vs your product security professionals, how does one even make that decision?

“Cybersecurity threats and privacy risks do not just disappear during the COVID-19 downturn in business. Incidents and breaches will continue,” said Dom Glavach, CyberSN’s Chief Security Officer. “Cyber criminals and adversaries are leveraging all aspects of the pandemic to land and launch attacks, insider threats generally increase with employee reduction actions, and privacy compliance does not have a pandemic waiver.”

The Impacts of Layoffs and Furloughs

The economic reality at these companies and the opportunistic nature of cyber attackers are creating a perfect storm. Business leaders have to find a way to weather the crisis, and that has played out in leaner budgets and layoffs. Right now, this means that cybersecurity professionals are doing more than just cyber operations, and in some cases, layoffs have created disgruntled employees. Worse yet, phishing attacks are up 37 times since January 2020.

Effective cybersecurity is a triad of people, process, and technology, with each dependent on another. Processes will fatigue and technology atrophy will occur without enough people, or the right people, in place. All of this gives the advantage to the attacker.

Cybersecurity Layoffs Can Be Risky

Besides the risk of employee burnout and increased attacks, cyber layoffs have other risks to consider.

1. Contract compliance — Client contracts have security requirements that you must stick to or risk high fiscal costs.
2. Cyber insurance — Does the layoff create a coverage gap in the current insurance policy? Unless you’re holding up your end of the agreement you may not be covered.
3. Reputation — It’s not just the company reputation suffering after a breach, but it could also leave a bad impression with consumers when cyber layoffs hit the front page.
4. Return to normal — Eventually things will get better. Cybersecurity professionals will move on to another company. How long will it take to get back to the staffing you need after layoffs?
5. Business halting attacks — Cyber solutions and technology maintain a certain level of protection, but cannot necessarily prevent data seizure from new ransomware or DoS. Big game hunting and human-operated attacks require a specific kind of cyber professional to fight them off.

While I share all of this, I also know that capitalism makes these risk decisions unbearable and impossible. I feel for those making these decisions and for those who are affected by them; the good news is for all the talented professionals who are laid off, there are wonderful people looking to hire you. Stay strong. Stay kind. Stay inclusive. Seek to learn always. Love will prevail.

Sincerely,

Deidre