In a world where superheroes captivate our imaginations, it's sometimes hard to recognize the real-life superheroes among us like intelligence analysts, forensic scientists, and cybersecurity professionals. Yes, cybersecurity professionals! Though we may not wear capes or possess extraordinary powers, our role, especially here at LinkedIn, is crucial in safeguarding our members, customers, and employees from the ever-present threat of cyberattacks. In this post, I want to take the opportunity to explain a bit about what we do as cybersecurity professionals, share a couple of statistics and insights for the cybersecurity job market, and highlight why I believe women should consider pursuing a cybersecurity engineering career.
What We Do
In an increasingly interconnected world, cybersecurity professionals play a vital role in defending digital infrastructures and platforms, like LinkedIn, which people rely on to help them be more productive, gain access to the knowledge they need to do their jobs, and more effectively connect to opportunities. From preventing data breaches to thwarting sophisticated hacking attempts, the work that we do every day ensures that sensitive information remains confidential and critical systems stay operational. While our job is not to ensure LinkedIn builds the most secure products, we do empower our developers to build the best products securely at scale. We are responsible for building automation and guardrails to enable the business to move fast with security being the invisible guardian in the background. We also help the business effectively evaluate risk, ensuring the proper balance of security and business outcomes.
I lead the governance, risk, and compliance (GRC) team in LinkedIn’s security organization, focusing on integrating security governance and compliance into business decisions for effective risk management. Our risk management program identifies and assesses security risks, which enables informed decision-making. The policy and compliance program establishes LinkedIn's policies, standards, and control framework to ensure compliance with regulations. Additionally, our business continuity program ensures seamless product/service delivery and restoration following disruptions. There is a growing emphasis on integrating security governance and compliance as an integral part of business operations, which in part is driving the sustained demand for cybersecurity professionals.
LinkedIn’s Cybersecurity Market Insights
Data from our Cybersecurity Talent Insights Report developed by our Economic Graph team here at LinkedIn offers some interesting insights. For example, the demand for cybersecurity professionals is soaring, with our data showing that 2.3% of all jobs (September 2022) and 11% of hires (2021) were for cybersecurity jobs. The number of job postings has increased by 39% (CAGR) over the same period. However, the active cybersecurity workforce has only grown by 21%. To address this shortage in cybersecurity talent, organizations can look to adopt a skills-first hiring mindset and place more focus on closing the current gender gap.
Approaching hiring without the restraints of degree requirements and with a skills-first lens can also greatly expand the pool of available talent for organizations. Consider that while the current active cybersecurity workforce represents 1.16% of the US workforce, those with at least one cybersecurity skill or a relevant certification represent 6.7% (nearly 6 times more) of the workforce. Hiring based on relevant skills can increase the talent pool by up to 9.4X globally.
Though closing the gender gap in the cybersecurity workforce requires active intervention, it would add 270,000 people to the candidate pool. Women currently make up 19.1% (80.9% men) of the cybersecurity workforce globally, which is an increase from the 16.5% recorded 5 years ago. At the current rate of increase, it would take 30 years to reach gender parity in the global cybersecurity workforce.
While I may not have the power to accelerate this timeline alone, I’ve been determined to make a difference by driving change within my team at LinkedIn. I've built a team of which about a third are from non-traditional backgrounds or are early in their careers, and close to half are women. Along with the diversity of thought that I find important in this field, each member of the team has brought valuable skills such as curiosity, creativity, and communication to our team.
I’ve found that curiosity drives the desire to understand how systems work, uncover vulnerabilities, and develop innovative solutions. Creativity enables the development of new strategies to protect against ever-evolving threats. Also, effective communication helps them to articulate risk, business impact, and mitigation strategies to gain leadership support, resourcing, and prioritization. As the GRC team is responsible for developing security policies and standards, these types of skills are essential for ensuring the security requirements defined in the policies are clear, concise, and understood by all employees.