My reporter’s baloney detector flashes red when an analyst or a PR person shows me a chart with a growth curve that looks like a hockey stick. Thus, I remain skeptical of claims that the so-called Internet of things will result in 25 billion or even 50 billion connected devices and a couple of million new jobs for security professionals around the world in the next few years.
Nonetheless, security is probably the hottest topic in IT right now, and the public is being barraged by stories of data breaches, ransomware, security holes, and the NSA’s widespread data collection. Huge bets on mobile payment schemes like Apple Pay and Google Wallet could flop if users are scared off by fears that their personal data is at risk, and banks and large retailers are getting tired of apologizing for security lapses.
Hockey-stick charts aside, there is a growing demand for security professionals. Security-related certifications are becoming more valuable as technology vendors like Cisco Systems move to make those certifications more reflective of the current threat environment.
There are more than 7,000 security-related jobs posted on Dice.com -- an all-time high -- and pay premiums for eight security-related certifications increased by more than 10 percent in the second quarter of the year, according to Foote Partners.
Those jobs are worth serious money: The median pay for a security architect at midyear was $116,000, according to Payscale. (Here’s a look at where that big paycheck will go furthest.)
Bigger networks, bigger threats
Even if the Internet of things isn’t as large as some claim, connected devices are popping up in new places that need to be defended. “The factory floor wasn’t a place where there were security threats. Now it is,” says Tejas Vashi, a director of product strategy and marketing at Cisco.
He’s right. Intel, for example, is placing connected sensors on equipment in its fabs, while customers of Teradata are using predictive analytics and data stores to manage supply chains and enable just-in-time manufacturing of everything from golf clubs to automobiles. Because those sensors and controllers feed data to the cloud, security specialists are suddenly confronted with a very different landscape.
As the network (in the broad sense) expands into new territory, IT employees whose jobs, such as network engineers, were not closely related to security -- someone else would handle that aspect -- now have to learn about cyber security, says Vashi. The same goes for public works engineers in cities like Newcastle, Australia, where the city is embedding connected sensors under parking spaces and atop street lights.
It’s not likely that anyone wants to hack into a parking meter, but connected devices, whether they’re on the street or in someone’s home, create a pathway into the heart of the network. They have to defended.
Security is where the money is -- and the new certs
From a personnel point of view, the challenge of defending a much larger network is twofold: Security professionals need to update their skills, and companies need to hire more people.
When Foote Partners released its skills and certification survey this summer, the value of security-related certifications and noncertified security-related skills soared. For example, EC-Council's Computer Hacking Forensic Investigator certification, a new entry in the highest-paying IT certification list, gained an astounding 66.7 percent from a year earlier. In 2014, any talk of hot security certifications has to include CSSLP, Certified Secure Software Lifecycle Professional. In the second quarter, its value grew 17 percent, after increasing 40 percent in the preceding year.
Although certifications historically have been product-focused, more are becoming job-focused, such as a Cisco Industrial Network Specialist, one of several new certifications the networking giant has created. At the same time, Cisco is revising the qualifications for existing certifications much faster than in the past, Vashi notes.
On the job front, Dice.com has postings for 7,251 security-related jobs, an increase of 38 percent in the last year. In that category, the fastest-growing listing was “cyber security,” which had a total of 2,716 jobs -- a jump of 92 percent from a year earlier.
Here are some examples culled from those lists: United Airlines has an opening for a senior analyst in cyber security intelligence. Boeing is also hiring a cyber security specialist. Northern Trust is looking for a network security tester.
Will the Internet of things bring a million or two new jobs in security? I doubt it. But there’s no doubt that security is hot, and IT pros who have skills in security are in a great position to cash in -- and do something productive in the process.