Computer security is an area underserved in companies and public institutions. According to a new survey, it is estimated that there are currently 3.4 million unfilled positions in cybersecurity in the world, and more than 500,<> of those vacancies are in Latin America.
The information comes from the Cybersecurity Workforce Study (ISC)2, an organization that brings together computer security workers from around the world, popularly known as "hackers." The survey is carried out every year to measure the specialized talent gap and detect trends in the cybersecurity workforce globally," explains Sabrina Pagnotta, from Institutional Relations at Ekoparty, the largest hacker convention in the country that takes place every year.
This study contains data from 11,779 workers in the area of different industries in North America, Latin America, Asia-Pacific region, Europe, Africa and the Middle East.The data of the lack of professionals is not surprising if one takes into account the enormous number of cases of hacking, data leaks and unauthorized access that occurred during the last years worldwide.
In Argentina, from the Senate of the Nation, through Migrations and Renaper, to large companies such as Mercado Libre, OSDE and Globant, they suffered cyberattacks that cost them leaked data and a blow to reputation.
The study is consistent with other published surveys, such as the one presented by the Organization of American States (OAS) on 2023, which warns that "this situation is exacerbated in Latin America and the Caribbean, generating strong pressures on both public and private organizations with the subsequent impact on the cybersecurity of the countries of the region."
"We believe it would be important to put more investment and focus in the area of cybersecurity, both for the public level and to improve private sector standards. As for its professional projection, in Argentina we have excellent experts, so it could be a professional vein – today, underexploited – for the export of software and services, "explains Esteban Sargiotto, Director of the Observatory of Computer Work (OTI).
In addition, the survey of (ISC)2 also detected other aspects that concern the sector, such as the gender gap: they are almost all men. 70% of workers under 30 years of age are male.
But what posts are missing? What kind of hackers are needed? Where and how are they usually formed?
Pagnotta spoke with Clarín to clear up these doubts, in addition to the estimated salaries in each category of Ekoparty's Institutional Relations sector.
The posts: what each one does
Networking: a critical area for computer security. Photo Juan Manuel Foglia
"The cybersecurity sector is dynamic, so new roles and specializations are emerging in response to emerging threats and developing technologies," explains Pagnotta.
As he summarizes, these are the most sought-after positions today are:
- CISO (Chief Information Security Officer): is an executive profile, the maximum responsible for planning, developing, managing and controlling the security policies and procedures of an organization to guarantee the confidentiality, integrity and availability of information.
- Security Architect: Responsible for designing and implementing an organization's security architecture, ensuring that systems and networks are configured securely from the start. In addition, it evaluates and recommends appropriate security solutions to protect digital assets.
- Security researcher: is dedicated to discovering and analyzing vulnerabilities in systems, applications and devices, using penetration testing (pentesting) and malware analysis to identify security flaws and develop solutions to protect against them. Their findings contribute to strengthening defenses.
- Computer Security Analyst: responsible for monitoring and analyzing computer threats, as well as implementing measures to prevent and mitigate cyberattacks. Collects and analyzes data to identify potential security breaches and develops incident response strategies.
- Security Consultant: provides advice to organizations on cybersecurity, making risk assessments, auditing systems and processes, and recommendations to improve security posture. It also assists in the implementation of policies and procedures for regulatory compliance purposes.
Related careers and skills sought
Hackers, hackers, cybercriminals. Photo Pexels
─What careers are most useful to fill these types of vacancies?
─Many of the people who work in cybersecurity come from careers such as Information Systems Engineering, Computer Engineering, Bachelor of Computer Science, Bachelor of Computer Science, and Bachelor of Safety and Hygiene.
─There is also a lot of self-taught.
─Exactly, in this sector it is not always necessary to have formal studies completed, since the self-taught spirit, courses, certifications and practical experience can boost the career of anyone interested. In fact, in the face of talent shortages, the trend is to place less emphasis on degrees and certifications when hiring new employees, and focus on talent.
─Beyond racing, what skills are appreciated in the environment?
─Those that have to do with the management of computer networks, communications protocols and GNU / Linux type systems. Knowledge in programming, hardware and computer architecture is valued, as well as the use of typical tools such as Nmap, Metasploit, Wireshark, Hydra or Burp Suite.
─And within the soft skills?
─Interpretation of texts, writing of technical reports and documentation, teamwork and conflict resolution. Cybersecurity and ethical hacking have a lot of exploration, trial and error, so curiosity and perseverance are valued.
─Why are there so few women in the environment?
─Stereotypes, biases and gender roles ingrained in society influence career choices, and for a long time there was a perception that technical fields were more suitable for men, which deterred many women from entering this sector. This also meant that female role models and mentoring opportunities for women and diversities were few, making it difficult for them to feel inspired and motivated to choose a career in cybersecurity.
─Were there changes these years?
─Well, over time, the cybersecurity and ethical hacking community evolved and became more inclusive, promoting the democratization of knowledge and access to all people interested in learning and developing in cybersecurity. It is important to continue working on initiatives that promote inclusion; from Ekoparty we do it through our free annual conference and with cybersecurity training scholarships for women and diversities, making our contribution to face this problem.
How much you earn
Salaries vary greatly and can be in dollars. Photo: Shutterstock
"It is difficult to estimate because salaries have a very wide range in relation to the experience in the role, the size of the company and the sector to which it belongs. For example, banks, technology companies and some startups have a more competitive salary proposal. In addition, there is a lot of demand from abroad for local talent," warns Pagnotta.
That said, you can take certain estimates such as those of PageGroup, which point to these salaries, always subject to the exchange rate and inflationary variables of the country:
● CISO (Chief Information Security Officer): from $ 700,000 to $ 1,200,000 in multinationals.
● Security architect: from $ 450,000 to $ 800,000 in senior profiles.
● Security researcher: from $ 300,000 to 650,000 in senior profiles.
● Computer security analyst: from $ 200,000 to $ 500,000 in senior profiles.
● Security consultant: from $345,000 to $690,000 (source).
Tips for future hackers
Conventions are good places for networking. Photo Juan Manuel Foglia
According to Pagnotta, here are some ideas for those who want to start hacking and learn about security:
- Train: Gain a solid foundation in computer science, operating systems, networks and protocols, and learn the fundamentals of computer security. It can be formal undergraduate or graduate education, courses or certified programs such as Ekoparty Hackademy, or being self-taught with the large number of online resources we have at our fingertips.
- Participate in communities and events: Joining groups and participating in conferences, seminars and events is a great way to learn, stay on top of the latest trends and network. In Argentina, Ekoparty Security Conference is the great meeting point of the cybersecurity community.
- Hacking in legal environments: cybersecurity seeks to protect and strengthen systems, not damage them or harm their users. Whether practicing offensive or defensive security, you must always act ethically and responsibly, and report vulnerabilities found. There are test environments that provide simulated scenarios where penetration testing and vulnerability analysis can be practiced.
SL
See also
