Flush times for hackers as cybersecurity job market booms
LAS VEGAS (Reuters) – The surge in far-flung and destructive cyber attacks is not good for national security, but for an increasing number of hackers and researchers, it is great for job security.
The new reality is on display in Las Vegas this week at the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting.
“Hosting big parties has enabled us to meet more talent in the community, helping fill key positions and also retain great people,” said Jen Ellis, a vice president with cybersecurity firm Rapid7 Inc., which filled the hip Hakkasan nightclub on Wednesday at one of the week's most popular parties.
Twenty or even 10 years ago, career options for technology tinkerers were mostly limited to security firms, handfuls of jobs inside mainstream companies, and in government agencies.
But as tech has taken over the world, the opportunities in the security field have exploded.
Whole industries that used to have little to do with technology now need protection, including automobiles, medical devices and the ever-expanding Internet of Things, from thermostats and fish tanks to home security devices.
More insurance companies now cover breaches, with premiums reduced for strong security practices. And lawyers are making sure that cloud providers are held responsible if a customer’s data is stolen from them and otherwise pushing to hold tech companies liable for problems, meaning they need security experts too.
The non-profit Center for Cyber Safety and Education last month predicted a global shortage of 1.8 million skilled security workers in 2022. The group, which credentials security professionals, said that a third of hiring managers plan to boost their security teams by at least 15 percent.
For hackers who prefer to pick things apart rather than stand guard over them, an enormous number of companies now offer “bug bounties,” or formal rewards, for warnings about vulnerabilities that leave them exposed to criminals or spies.
One of the outside firms that handle such programs, HackerOne, said it has paid out $18.8 million since 2014 to fix 50,140 bugs, with about half of that work done in the past year.