The 5 Most In-Demand Cybersecurity Jobs for 2020
Updated: December 10, 2019
In 2019, businesses invested even more in technology, new privacy regulations were passed, and cyber threats became more sophisticated. To meet the growing demands of today’s businesses, (ISC)2 estimates that the U.S. cybersecurity workforce would need to increase by 62%.
With cybersecurity jobs in such high demand and skilled professionals in low supply, many companies have whittled their cyber talent wishlist down to a few key positions. Which positions will top the list in 2020? Based on data from the CyberSeek.org project backed by NICE, we have a pretty good idea.
The top five positions, described below, can help students understand the opportunities that are available to them, experienced professionals find opportunities for career transitions (like IT to cyber), and cybersecurity and business leaders understand the hiring landscape as they build their cyber workforce development programs.
We’ve mapped these high-level job categories to specific job roles within the NICE Cybersecurity Workforce Framework, for those interested in detailed readouts of the KSAs (knowledge, skills, abilities) required of each position.
The Impact of the CCPA’s Do Not Sell Rule on Digital Advertising
Does your technology know you better than some of your closest friends? Much of the technology you rely on tracks your search history, analyzes your social media posts and comments, monitors your purchases, and studies every aspect of your digital life without you even knowing. It feels like an episode of Black Mirror, but really this is just modern, digital, targeted advertising - a technique used to present targeted ads to consumers by collecting information about their browsing behavior. But the California Consumer Privacy Act (CCPA) now significantly restricts how businesses can use this technology to collect and manage personal information.
The Equifax Settlement and Increasing Standards of Care Requirements
In September of 2017, Equifax, the largest of the three main credit reporting agencies, announced a data breach that exposed the personal information of 147 million consumers – almost 50% of the U.S. population. Due to a known, unpatched security vulnerability, hackers were able to gain access to a magnitude of unencrypted private consumer information, including names, Social Security numbers, dates of birth, credit card numbers, addresses, and even driver’s license numbers.
More than two years after the breach was reported, Equifax has now reached a $575 million global settlement (with the potential to reach $700 million) with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and the 50 U.S. states and territories. Based on the agreement, Equifax will allocate $175 million to the 50 U.S. states and territories, $100 million to the CFPB, $300 million to a fund that will provide credit monitoring services for affected consumers, and an additional $125 million fund in the event the initial $300 million is not enough to compensate consumers for their losses.
In addition to paying restitution to the millions of victims of the data breach, Equifax also agreed to provide seven years of free assisted identity restoration services and six free credit reports each year for seven years.
However, financial remedies are only part of the Equifax settlement agreement. Since the FTC alleges that Equifax violated the FTC Act and the Gramm-Leach-Bliley Safeguards Rule (GLBA) by failing to defend sensitive consumer data, the company is required to implement a comprehensive information security program. The program must be maintained for 20 years and protect the security, confidentiality, and integrity of consumers’ sensitive personal information
This court ruling by the FTC against Equifax is only the beginning of the increased “Standards of Care” required for an organization’s cybersecurity program. As more organizations fall victim to a data breach and become involved in lawsuits or face regulatory actions, the courts will turn to this care benchmark to measure the organization’s practices to determine liability, fault, and punishment. Implementing these minimum Standards of Care set out by the FTC and updating your cyber insurance policies to include some, if not all, of these requirements, will help protect your organization in the wake of an incident.
In Part 1 of our series tracking popular settlement actions and court cases, we’ll take a closer look at the specifics of the information security program required for Equifax and how these requirements may enhance your company’s security program as well.