Why Cybersecurity Companies Are 'Renting' Cyber Talent To Keep Up With Demand
The cybersecurity labor epidemic has corporations and governments scrambling to fill over a million new positions in the next few years. There may be more cybersecurity people than we think. “There are more than one million cyber-pros in the U.S. alone” says Mark Aiello, President at Cyber 360, Inc., a cybersecurity staffing firm based in Walpole, Mass. “However, this is very difficult to quantify because it is such a new labor category that accurate records cannot be kept. There are no standard job titles and many Cyber-pros wear multiple hats. They sometimes don’t self-identify as Cyber-pros.” Frost & Sullivan predicted that by 2015 the number of information security professionals would increase to more than 1.6 million, and to over two million by 2017, in the Americas alone. The cyber labor shortage is largely defined by the companies and HR managers who say they can’t find qualified people. Aiello’s take on the situation is a little different. He says that competition is fierce, but you can find the people. “We invest all of our time in going where they (cyber pros) go and doing what they do. We attend industry events and conferences” says Aiello. The numbers clearly speak to a cybersecurity workforce shortage, but an overlooked issue may be where experienced cyber people are willing – and want – to work. “The best security minds often can’t be bought by salary alone” says Caleb Barlow, Vice President at IBM Security. “These folks are looking to be in the ‘belly of the beast’ – working in the most exciting and challenging areas of security, defending top targets like major banks, or working with other leading experts at a major security company. For companies that aren’t in a hot market for cybersecurity, they’re going to have trouble attracting top talent regardless of how much money they’re offering.” Chief Information Security Officers – commonly known as CISOs – are one of the most difficult positions to recruit. “With the rising tide of data breaches, the role of the CISO has become the one of the ‘most wanted’ roles in cybersecurity, but it’s often one of the toughest jobs to fill” says IBM’s Barlow. IBM offers a CISO-as-a-Service – renting out some of their most experienced people to companies in need. “IBM has a deep bench of experts who have served in CISO-level roles in various industries, and we’ve helped many of our clients by placing an IBM employee to serve as a full-time acting CISO at a company, from months to even years” says Barlow. “These engagements with IBM Security Services typically last from around 3 to 9 months, but we’ve even had cases where we’ve provided an interim CISO for multiple years. These CISO’s often serve on location at client sites, but can also fill the role remotely. Once the engagement is complete, the interim CISO returns to their role within IBM Security.” Cybersecurity service providers who rent out cyber talent are on the rise. They have the supply to meet a huge demand. So, where can corporations and government agencies find these cybersecurity pure-play outfits who are sitting on an inventory of cyber fighters for rent? Here’s a short list of ten companies who specialize in various cyber positions: 3P Resources, Atlanta Cyber 360, Walpole, Mass. CyberDefenses, Round Rock, Texas ePlus, Herndon, Va. IT Security, Inc., Pittsburgh root9B, Colorado Springs, Colo. SilverBull, Manchester, Conn. Templar Shield, San Diego, Calif. TRU Staffing Partners, New York City Xpert, Alisa Viejo, Calif. Renting makes more sense than hiring full-time cyber employees for more reasons than just overcoming the difficulty in finding them. In a single year, 2014, nearly one in five security professionals changed employers or employment status, according to Frost & Sullivan. The thought of recruiting a cyber professional, and then doing it all over again for that same position – is daunting. Those headaches can be left to the cyber-staffing firms.