Colleen Riccinto, Founder and PartnerCyber Talent Search

Cybersecurity CareersWhat Are the Opportunities?

Hector Acosta, Research & Policy Analyst Workforce Intelligence Network (WIN)

Topics We’ll Cover

• Cybersecurity and the mobile/wireless industry

• Demand for security talent

• Security job postings and salary data▪ Trends, salaries, companies, skill sets▪ U.S. and Michigan

• What motivates today’s cyber warriors

• Tips for getting and/or keeping a cybersecurity job

A Little Bit about Colleen

Bachelor of MusicFrench horn performanceDuquesne University, Pittsburgh, PA

M.A. in Written CommunicationEastern Michigan University

• Sales and business development• Entrepreneurship and leadership• Security awareness training• Technical writing

Certifications• Connected Vehicle Professional I,

Certified by SAE and CVTA

• Certified Identity Theft Risk Management Specialist

A Little Bit about Hector

B.A. - HistoryUniversity of Michigan, Ann Arbor

Research and Policy AnalystWorkforce Intelligence Network

Certifications• Economic Modeling Specialists,

International Analyst• State of Michigan Labor Market

Intelligence

How Can We Help You the Most?

• People In a Security Role

• People Looking to Get Into Cybersecurity

• People Who Hire Security Pros

Cybersecurity and the Mobile/Wireless Industry

and the

Demand for Security Talent

$8 Billion Acquisition

“Today, less than 40% of new vehicles in the U.S. market are equipped with telematics systems and the penetration in other markets is far lower. In the coming decade, Navigant Research expects that to grow to near universal installation in North America and Europe with the Asia Pacific following not far behind.”

- Sam Abuelsamid, Forbes Contributor and Senior Analyst with Navigant Research

Reaction to Samsung’s Acquisition of Harman

“The deal – Samsung’s biggest acquisition in its history-reshapes the pecking order in the global automotive supply chain, reflecting a quickening pace of innovation and an increased role for companies with deep pockets and a keen understanding of mobile services.”

“Samsung will gain insight into the changing behavior of consumers when the lines blur between the auto and mobile industries.”

- Jonathan ChengWall Street Journal, November 14, 2016

Mobile Vulnerability Trendsfrom Internet Security Threat ReportSymantec, April 2016

Security A Top Concern for IoT Developersfrom IoT Developer SurveyIEEE, April 2016

“More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.”

March 31, 2015

The analysts from Frost & Sullivan forecast a shortfall of 1.5 million by 2020. This number is compounded by 45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals.

Global Information Security Workforce Study, 2015

Job Postingsand

Salary Data

Where Does this Data Come From?

• Leading provider of job market analytics

• Collect millions of online job postings from close to 40,000 online sources

• Use our patented technology to mine and code detailed data from each job listing

• Southeast Michigan collaborative effort between 10 community colleges, 6 workforce boards and economic development partners

• Provide current and actionable labor market intelligence

• Strengthen and sustain an employer-driven talent system

• Improve institutional, local, state, and federal talent development policy

Let’s Define Some Terminology

Burning Glass’s Classification Parameters

• Cyber security-related title

• Network security, information security, information assurance, and penetration tester

• Require a cybersecurity certification or request cybersecurity-specific skills

• Information assurance, cryptography, computer forensics, malware analysis, 800-53, and ArcSight

• Job opening vs. job posting

• Metropolitan Service Area (MSA)

If You Think This Is Some Serious Growth . . . Increasing National Demand for Security Professionals

-

50,000

100,000

150,000

200,000

250,000

300,000

350,000

2010 2011 2012 2013 2014 2015 2016 EOYProjection

National Cyber Security Job Postings

37% increase from 2014 – 2015

62% increase from 2010 – 2016

19% average yearly increase

Data: Burning Glass Technologies, January 2010 – August 20162016 EOY Projection: Workforce Intelligence Network

Check Out What’s Happening

75% increase from 2014 – 2015

310% increase from 2010 – 2016

33% average yearly increase0

1,000

2,000

3,000

4,000

5,000

6,000

2010 2011 2012 2013 2014 2015 2016 EOYProjection

Cyber Security Job Postings in Detroit

Data: Burning Glass Technologies, January 2010 – August 20162016 EOY Projection: Workforce Intelligence Network

75%

59%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Detroit

U.S.

Increase in Cyber Security Job Postingsfrom 2014 to 2015

Data: Burning Glass Technologies,

1 Information Security Analysts 1,289

2 Computer Systems Engineers/Architects 317

3 Software Developers, Applications 295

4 Computer Network Architects 228

5 Network and Computer Systems Administrators 219

6 Information Technology Project Managers 189

7 Computer User Support Specialists 182

8 Database Administrators 108

9 Computer Systems Analysts 101

10 Marketing Managers 68

Top 10 Cyber Security OccupationsIn Michigan, based on number of job postings

Data: Burning Glass Technologies, January 2016 – August 2016

1 Software Developers, Applications 17,506

2 Computer Systems Engineers/Architects

5,622

3 Computer Systems Analysts 4,011

4 Information Technology Project Managers

3,720

5 Computer User Support Specialists 3,496

6 Web Developers 2,619

7 Database Administrators 2,596

8 Network and Computer Systems Administrators

2,235

9 Software Quality Assurance Engineers and Testers

2,127

10 Business Intelligence Analysts 2,012

Top IT OccupationsIn Michigan, based on number of job postings

11 Information Security Analysts 1,948

12 Computer Programmers 1,783

13 Computer Network Architects 1,559

14 Database Architects 629

15 Data Warehousing Specialists 556

16 Computer and Information Systems Managers

523

17 Computer Occupations, All Other 455

18 Computer and Information Research Scientists

416

19 Computer Network Support Specialists 365

20 Document Management Specialists 320

Data: Burning Glass Technologies, January 2016 – August 2016

Show Me the MoneyDetroit salaries are 5% to 14% less than the national average for Information Security Analysts

Data: United Statues Bureau of Labor Statistics

$50,000 $60,000 $70,000 $80,000 $90,000 $100,000 $110,000 $120,000 $130,000 $140,000 $150,000

90th percentile

75th percentile

Median

25th percentile

10th Percentile

90th percentile 75th percentile Median 25th percentile 10th Percentile

Detroit MSA $124,030 $105,290 $86,403 $61,734 $51,958

U.S. $137,093 $114,379 $91,062 $70,533 $54,579

Actual Salaries of Information Security Analysts

Security Jobs DO Pay MoreInfoSec Analysts earn 8% more than other IT jobs

$86,403

$79,976

$76,000 $78,000 $80,000 $82,000 $84,000 $86,000 $88,000

Median Salary of Information Security Analysts vs all IT Occupations in Detroit MSA

All IT occupations Information Security Analysts

This salary difference over a 30 year career is $193,000.

Data: United Statues Bureau of Labor Statistics

0

50,000

100,000

150,000

200,000

250,000

National

National Openings vs. Program Completions

Annual Openings (2014) Program Completions (2014)

0

2,000

4,000

6,000

8,000

Annual Openings (2014) Program Completions (2014)

MI Openings vs. Program Completions

Annual Openings (2014) Program Completions (2014)

Note: Only about 60% of completions are a Bachelor's + and not all degrees are equivalent (online offerings, for-profit colleges)

You’ve Got Job SecurityJob openings vs. program completions for IT occupations

• Supply-demand gap for IT occupations is real. • But, with ongoing workforce development efforts in Michigan, notable progress is

being made to diminish the gap.

Data for IT Openings: United Statues Bureau of Labor StatisticsData for Completions: Integrated Postsecondary Education Data System (IPEDS)

• 80% of job ads required a Bachelor’s degree

• Only 1 in 4 information security analysts are women

What about the degrees? And the women?

1Certified Information Systems Security Personnel (CISSP)

933

2Certified Information Systems Auditor (CISA)

441

3 SANS/GIAC Certification 383

4Certified Information Security Manager (CISM)

348

5 IT Infrastructure Library 216

6 Security Clearance 170

7 CISCO Certified Network Associate 157

8CISCO Certified Network Professional (CCNP)

154

9 Project Management Certification 138

10Certified in Risk and Information System Control

136

Top CertificationsIn Michigan, listed in job postings

11CISCO Certified Internet Work Expert(CCIE)

125

12Microsoft Certified Solutions Expert (MCSE)

73

13Microsoft Certified Systems Administrator (MCSA)

57

14 Institute of Internal Auditors (IIA) 54

15 TOGAF 53

16Systems Security Certified Practitioner

47

17Certified in the Governance of Enterprise IT

45

18 Certified Public Accountant (CPA) 42

19 Security+ 42

20 Network+ Certified 41

Note: 58% of records have been excluded because they do not include a certification. As a result, the chart below may not be representative

of the full sample. Data: Burning Glass Technologies, 1/1/16 – 8/31/16

A LQ greater than 1 indicates a greater share of the local employment than the reference area.

Concentrations of IT Talent2015 Information Technology Employment Location Quotient (LQ)

Data: United Statues Bureau of Labor Statistics

1 California 24,633

2 Virginia 19,696

3 Texas 14,029

4 New York 10,472

5 Maryland 9,062

6 Florida 8,390

7 Illinois 8,374

8 New Jersey 7,028

9 Georgia 6,952

10 North Carolina 6,113

Top States for Security Job Postings

11 Colorado 5,923

12 District of Columbia 5,685

13 Massachusetts 5,438

14 Pennsylvania 5,284

15 Arizona 4,586

16 Ohio 4,529

17 Michigan 4,349

18 Washington 4,316

19 Minnesota 4,153

20 Oregon 2,649

Data: Burning Glass Technologies, 1/1/16 – 8/31/16

1 Washington DC 25,193 13.04%

2 New York 14,334 7.42%

3 Los Angeles 7,975 4.13%

4 Dallas 7,286 3.77%

5 Chicago 7,246 3.75%

6 San Francisco 6,670 3.45%

7 Atlanta 5,905 3.06%

8 Baltimore 5,324 2.76%

9 Boston 4,918 2.55%

10 San Jose 4,144 2.15%

Top Cities for Security Job PostingsIncludes the metropolitan service area

11 Philadelphia 3,806 1.97%

12 Minneapolis 3,756 1.94%

13 Denver 3,552 1.84%

14 Phoenix 3,545 1.83%

15 Seattle 3,431 1.78%

16 Detroit 3,186 1.65%

17 Charlotte 2,793 1.45%

18 San Diego 2,704 1.40%

19 Miami 2,577 1.33%

20 Houston 2,405 1.24%

Data: Burning Glass Technologies, 1/1/16 – 8/31/16

1 Detroit 3,186 75.6%

2 Lansing 279 6.6%

3 Ann Arbor 276 6.5%

4 Grand Rapids 225 5.3%

5 Kalamazoo 69 1.6%

6 Flint 53 1.3%

7 Niles-Benton Harbor 40 0.9%

And in

8 Battle Creek 26 0.6%

9 Saginaw 22 0.5%

10 Jackson 20 0.5%

11 Monroe 7 0.2%

12 Midland 6 0.1%

13 Bay City 4 0.1%

14 Muskegon 1 0.0%

Top cities for security job postings

Data: Burning Glass Technologies, 1/1/16 – 8/31/16

Computer Systems Design and Related Services

General Medical and Surgical Hospitals

Motor Vehicle Manufacturing

Insurance Carriers

Motor Vehicle Parts Manufacturing

Top Industries for Cyber Security JobsIn Michigan, based on number of job postings

Note: 53% of records have been excluded because they do not include an industry. As a result, the chart below may not be representative of the full sample.

Data: Burning Glass Technologies, 1/1/16 – 8/31/16

1 General Motors 123

2 Henry Ford Health System 95

3 Ciber Incorporated 79

4 DCS Corporation 59

5 Oracle 57

6 Blue Cross Blue Shield of MI 56

7 Ford Motor Company 48

8 Michigan State University 43

9 Ally Financial 36

10 Diplomat Pharmacy 34

Top Employers in MichiganBased on number of cyber security job postings

11 Deloitte 30

12 Johnson Controls 28

13 TRW Automotive 26

14 Stryker 25

15 University of Michigan 24

16 Quicken Loans 23

17 AlixPartners 20

18 Ascension 20

19 Jones Lang LaSalle 20

20 DTE Energy 19

Data: Burning Glass Technologies, 1/1/16 – 8/31/16

Note: 42% of records have been excluded because they do not include an employer. As a result, the chart below may not be representative of the full sample.

What Motivates Today’s Cyber Warriors

and

Tips for Getting and/or Keeping a Cybersecurity Job

Cyber Security CensusUnderstand what motivates today’s security professionals and how to train and recruit the next generation.

• Surveyed 500 cyber pros

• 40 different industries

• 43 states, the District of Columbia, and Puerto Rico

Note: No longer available online. Email me for a copy.

What Motivates Cyber Pros?

Source: Semper Secure Cyber Security Census, August 2013

Why People LeaveIf you don’t train them, your competition will.

• New job with greater growth opportunity*

• New job with better total compensation*

• New job with more prestige or at a better organization*

• Dislike their immediate supervisor, often gets in the way of their career

growth and access to training

• Bait and switch job description, no longer doing what they were hired to do

• For CISOs, high churn rate due to burnout

and increasing levels of responsibility

Check out: 50+ Useful Cyber Security Online Courses You Should Explore, Heimdal Security

* Source: Semper Secure Cyber Security Census, August 2013

What’s Most Important to You About Your Job?Emphasize the technology and the career opportunities associated with it.

* Source: Semper Secure Cyber Security Census, August 2013

9. Developing a Robust Communications Strategy

Break It Down

• Cut the acronyms• Define everything• Don’t make assumptions about

what people already know• Avoid military language

• Don’t call your security plan “countermeasures” or the risks to the organization “threat agents”

Communication Tips for Cyber Pros

Larry Kamer, Crisis Communications Strategist, Faculty, Carnegie Mellon University CISO Certificate Program

TechnologyBusiness

S

T

R

A

T

E

G

Y

Be Pro-Strategy

First Who, Then What

• Get the right people on the bus

• (And the wrong people off the bus)

• Get the right people in the right seats

• Then figure out where you want to drive it

“Those who build great companies ultimatelyunderstand that the ultimate throttle ongrowth for any great company is not markets,or technology, or competition, or products. Itis one thing above all others; the ability to getand keep enough of the right people.”

Jim Collins, Good to Great

Cast Your Net Here5 higher ed institutions in Michigan designated National Centers of Academic Excellence in Cyber Defense (CAE-CD) by the National Security Agency and Department of Homeland Security

• Seek out graduates from these schools, not just the recent ones

• Volunteer to speak at a student cyber club meeting

• Build relationships with faculty and advisors

https://www.nsa.gov/resources/educators/centers-academic-excellence/cyber-defense/

People Looking to Change JobsFirst determine what you value professionally, personally, and financially. Then, find or create opportunities that align with your values.

• If all you’re looking for is a raise, ask for one first.

• Generally, less is more with your resume. Note your biggest

accomplishments and how they benefited the company, not every step in

the process.

• Don’t be afraid to mention a salary range at the

beginning of the process. Respect your time.

• Expect a counteroffer, but don’t take it.

National Cybersecurity Workforce Framework

National Cybersecurity Workforce Framework

Cyber Events and Competitions

Colleen RiccintoFounder and Partner

colleen@cybertalentsearch.com

734-678-8193

Ann Arbor, MILocal and national clients and candidates

Thank You

Hector AcostaResearch and Policy Analyst

hector.acosta@win-semich.org