UpstateSC ISSA Chapter - Jan 2021 - Current Market and Hiring Trends: Information Security

so i appreciate everybody for coming happy new years um hopefully this year will turn out to be a lot better and we'll get not off to the greatest start yet but we'll see what happens so i appreciate everybody for coming um real quickly we a month ago we were really optimistic about actually being able to do b-sides in person this year um we're still we're probably moving back to the fence considering the vaccine rollout is more like i say you know operation uh instead of operation warp speed it's uh was it operation impulse power so it's just crawling along unfortunately so we thought we would you'd be able to target like a late july maybe august time frame i don't know if

that's reasonable at this point to be able to meet even if we did require everybody to have vaccine cards um so kind of stand stand by and uh we'll kind of see what evolves over the next month or so so i think we i was starting to get excited about being able to meet in person again but um way things are going right now that just might not be possible or maybe we shoot for like uh november december that might give us our better shot if we want to try to do it this year but then of course we went into the weather issues so um but just to throw that out there i think we

got most of the bags out to everybody in the greater greenville area i think there's a small stack that my daughter still hasn't delivered so um i need to uh kind of reinforce the force that with her so other than that i think that kind of covers out the announcements uh next next month we'll have the gentleman that's um he operates kind of as the cso cio for the greenville school districts talking mostly about the their program based off of the iso standards uh 27 000 and 127 0002 they actually went i believe and actually got certified so he'll be talking about that next month and then we'll get a couple other exciting uh talks after that so

as far as today so i appreciate uh to kelly uh who we've worked with at for i probably the better part of 10 years at this point uh over at tech systems and she's she and tech systems have been a great supporter of the chapter uh we really appreciate all of her help not only the chapter but besides as well so you might have seen her at b-sides as well um and she brought logan and michael along with her as well to talk about really the state of the market uh hiring in in cyber security and and really where we could just kind of throw out any of the questions that we're curious about asking on

on on the state of uh the cyber security uh hiring place these days so without further ado i will turn it over to you guys thanks again let me uh kelly i'll go ahead and make you uh make you the host so you can share your screen okay oh yep that should work awesome

all right can y'all see that thank you mike for the non but yeah thanks for having us here and it's the first one of the year so glad to be able to kick it off with you guys um just for some quick introductions like mike said um i've been with tech um only five years but um i've supported the upstate on the infrastructure and security side of things for for the majority of that time um i did get around to officially changing my name last year so kelly foxy kelly belding you're the same person um so um and i've got logan on like mike mentioned she's also an account manager here in the upstate and then mike he's a

recruiter that specializes in infrastructure and risk and security he sits in our charleston office but supports the state of south carolina as well as um other customers we have across the country as well so um like mike mentioned as well we're kind of talking through a few things around just the current market um specific to information security some trends we're seeing and hiring the impacts that last year has had on those specific specifically um and then just some basic interview and resume tips um and then there's a section in there too about kind of how to market yourself and things you can do to to get in this um to get into security or to stand out

so that's kind of what we'll be going through and then there will definitely be time for questions at the end um or if you want to kind of pipe up throughout that's totally fine too so cool um so the current landscape kind of what we're looking at when when someone says what does the current market look like or the current landscape what we like to look at is what are are companies still hiring what are they hiring for and what does that look like compared to the the amount of candidates and quality talent in that skill set out there so um this was taken actually in the last year so we we partner with a couple different

organizations when it comes to market data and so you can see kind of nationally versus here up in the upstate there is still still a huge huge demand for security skill sets um and you can see i wanted to add in because i think when you all know better than i do when someone says information security that could mean a whole gamut of things so those are actually the top top job titles that are out there that people are looking for and this is a snapshot of the last year which i think is really indicative of how important information security is to businesses and organizations so um give it a minute there i got an infographic on the next slide

that kind of shows it more so i think there's been a um a misconception out there that a lot of people have been laid off and stuff like that and while unemployment has definitely gone up within it and it security specifically it has remained pretty low from an unemployment perspective so still pretty similar market conditions even though the economic um impacts in 2020. i've hit other other groups pretty heavily so and this like i said just kind of shows um on the left is the upstate of south carolina on the right is national so definitely there are there are a lot more job postings than there are active candidates and that's stayed pretty steady but um just kind of

over the last two years the ups and downs of of the market so we'd like things to drop off a little bit towards the end of last year so curious to see how that will will go into to 2021 but um there's definitely still a demand out there so and you can see two i know a big challenge is lack of top talent specifically within cyber security and um unfortunately that has hasn't hit any big spikes recently so there's still definitely room out there to get into that field so i can stop there for a second if anybody has any questions around that

cool so i think something as i was going through data for all this that i thought would be good to kind of put out there was with industries that are are really focusing on information security professionals so here in the upstate um there's a big focus office on big healthcare organizations in the area financial is big i know there's a lot of different types of financial organizations here in our market um and then those two definitely and then higher at an automotive i know there's a lot of schools here that that do hire a lot of that have big information security group so um just thought that was interesting as as people are looking at

opportunities and and what greenville has to offer um and i'll go into the next slide a little bit it is it is important to touch on that nationally because there are a lot more opportunities for to work remotely nowadays so i wanted to include the industries here that um on a national level are are hiring the majority of the the professionals within information security so some of them are pretty obvious but um i just thought that the differences were interesting as well with the automotive and higher ed here in the upstate which makes sense so cool and then just overall in hiring i know i have presented something similar at b-sides a couple years back and

and some of these trends are the same and are continuing to become more prevalent um but just hiring in general a lot of companies are are utilizing online applicant tracking systems and that along with that comes a lot of automation in regards to when you submit your resume algorithms that that have key buzzwords and um some hiring managers or hr departments don't end up actually seeing resumes so that's definitely something when it comes to hiring that is becoming more and more prevalent they're taking the human aspect out of it um just like in a lot of other things in addition hiring is seeing that as well so i think that's just something that's important to understand about

hiring in general and what that looks like um and then in conjunction with that vms systems vendor management systems there are a lot of vendors out there there's a lot of way you can bring on talent um and hire people and there's a lot of companies to partner with in that regard so large organizations are really putting an emphasis on streamlining that process and consolidating that process um so it's easier for hiring managers there's there's pros and cons to those but um that's definitely something that we're seeing more and more um larger companies are are implementing whether it be a tool or a managed service provider to come in and kind of help um consolidate all of that

for you wanna i mean it's definitely important to understand kind of spend and there's companies and tools out there that can help you do that when it comes to hiring but that does impact um impact the market too and then of course um definitely want to talk about how covid has impacted hirings um and what that will look like so like i mentioned earlier there is overall an increase in candidates to the layoffs um from an i.t perspective and information security thankfully hasn't been impacted as much because it's certainly essential to businesses but certain groups like project managers bas within the it space have been impacted so um it just looks a little bit different

different now but i think more so what's important to this group here is just the increase in and remote capabilities and i guess how that impacts the group um no one really knows exactly what the long term outlook is going to be um and just in talking with people um there are definitely an increase in remote roles right now but we don't know if that's gonna continue to stay around what businesses are gonna are thinking long term it definitely varies depending on on the company that you're talking to and what's important but i think just from a pay perspective it'll have some interesting ramifications so just us being here from a smaller market where cost of living is a little bit

lower we now have access to roles in charlotte atlanta california in which the salaries match more so that cost of living so it could be super beneficial for someone here to target an opportunity based in one of those markets whereas on the flip side of that if you are in one of those markets you have the same exact experience as someone coming from a smaller town with lower cost of living so therefore they're asking for a lower salary then unfortunately that might impact you negatively so i think we might start to see the salary gaps and different markets kind of level off so i think that'll be something interesting that that will come about the remote

piece but um and then two especially if you are an organization that is looking to hire that's definitely something you want to consider um in getting top talent is hey if you know that this person's going to need to be on site that that might eliminate a lot of the talent pool because there are opportunities out there because there are still more job postings than there are security professionals so those professionals if they really want something remote can can certainly find that so something to definitely keep in mind and um what some of the impacts that we've seen through this year throughout the past year so like i said that's kind of what that means for

for candidates as well as organizations that are looking to hire um and then i think for just for the automation and the vendor management system what that means is just making sure you're really reading through job descriptions and job postings making sure your resume is tailored for those specifically and michael touched on that a little bit later um but that just makes it increasingly more more important to really focus on on um on those buzzwords as well as networking and utilizing your network so that um just to kind of bolster the chances of getting through those systems and even if there's someone that you know at a company that isn't nit or insecurity it's definitely so

good to network and and understand um how you can kind of make yourself stand out and those systems that kind of are um making things more standardized so i think that was all there if anybody had any questions on that section yeah that was a lot i probably had a had a few i don't know some of these are going to get covered in yeah under sections but i know you had linkedin on one of the slides as a way for for marketing especially more important these days but i do get a lot of people asking how important linkedin is in the job search process i think a lot of people especially a lot of the students and some of the

the established professionals probably some of them more more of us that have been around a while might not not see maybe the the use um or the the need for that but i always consider it very important but how i don't know a scale of one to ten maybe how how important do you think it it would be to you know make sure you have a linkedin yeah i definitely think it's it's upwards the 9 and 10 area um a lot of times if if we're working with with hiring managers they'll they'll ask for their linkedin profile um because a lot of people kind of want to see what else that you're interested in what else

you're doing outside of your job which is a lot of times not necessarily listed on a resume and then connections to like the networking piece like if you get an applicant oh yeah hey maybe they worked at this company maybe this person knows them go to linkedin and see and and utilize it in that way and then and then most companies do leverage linkedin for their internal recruiting tool um that's one of the main ones across the board um that company is prioritized as one of their recruiting tools so if you're not on there i'm definitely highly highly recommend getting on there so and i think there was a one of these meetings where maybe

somebody went over kind of how to optimize your linkedin profile it was the one ben did for us um that was uh probably what then two years ago year and a half no i think yeah i think we were actually at the um the floor management center so it was probably about two years that was yeah no that was a great presentation i wish we had taped that for uh all my students definitely yes i think and i think that's definitely still relevant today so okay i just want everybody to hear from the professionals so kelly i have a question for you put down here targeted and tailored resumes and buzzwords do you have two resources that you would suggest to

the group for for that kind of thing i mean you know you look at things like wikipedia as a general knowledge base but you have any specific tools that you use for those um yep and i would say i think that what that point is kind of going towards is tailoring it to the job that you are applying for because a lot of those so hey texas imposed the job posting up we have an algorithm in place that if you don't have a percentage of the words in your resume that are in our job description you're going to get automatically booted out so i think it's making sure that your resume matches up obviously accurately and

represents your experience honestly but you want to make sure hey if they use server you use system those you're you're updating your resume to say that does that make sense yes it does thank you which isn't that's a that's good to know i never even thought about systems that could uh automatically parse through and look for first certain buzzwords so that's definitely a good good to have another thing we we've been talking about at the office uh since coming back from vacation since so we're we're doing our annual salary planning activities right now and what it looked like was over the last year that that salaries have basically stayed the same and after you know seeing

seeing an increase you know fairly well over the last couple years and some of it obviously and maybe most of it's due to covid but then we had always you know prior to covid also had talked about really salaries in i.t security leveling off as as more and more people come into the field so is there any idea whether that's a that's a factor or not or is it primarily just due to to cope with do you think yeah that's a good question and i um and talking with with logan america definitely wanted to include salary information because when someone talks about the market that's definitely hey am i making what i should be compared to the market

um but it was hard to to really narrow it down because there are so many varied skill sets within security um the range was not accurate because it was just too too big um but i if if specifically you want to get some information in your realm um i can definitely do that for you i did want to mention that um but to answer your question i do think just from a raise a lot of companies are having to really look at spend and stuff like that and raises and salary or something that that is going first so i do think it somewhat does have to do with the economic impacts of coven but um

because i don't think that the demand is leveling off um within information security i think it's definitely still super high demand okay and i guess that kind of leads into one of the other questions i had in the back of my mind was if there's been an uptick since the uh solarwinds breach was announced now that it's been a month i guess basically since since that uh that stirred any of uh of the other especially the maybe the upstate companies to to look for folks or if that really just hasn't had an impact and we're probably at a kind of breach fatigue already in in hiring yeah we saw some immediate um by getting conversations around

immediate support just to help come in and rectify the situation um i am so curious to see the long term to your point i think most organizations had people in place to help remediate but and if companies did not have that in place i think it's definitely becoming apparent that they need to so i think that will this year kind of put an influx in hiring okay that makes sense all right thanks

so kelly this is george yeah sorry i just had an interesting question so i know you did show some of the different hiring areas but where's the hot spot right now for security hiring like is there a certain market sector that's that's born fire like maybe medical or but i don't know right yeah i think and um logan will go into this a little bit here so i don't want to steal you thunder logan but i think a lot of things are going towards cloud security um and that's definitely what a lot of organizations are needing and the business is dictating um i think within each specific industry to your point like um the healthcare has different

security needs et cetera um but i think overarchingly cloud security is is something that the businesses are needing and we're seeing more and more of lately i answer your question yeah cool thanks um great that that leads us kind of into making yourself marketable um within the industry so it's obviously important to make yourself marketable especially when we have um you know lots of talent out there looking for similar roles so very hopeful to do so some of the statistics around certification specifically you know 90 96 of it leaders believe that team members with cyber security certifications um add value to their organization over half of it leaders believe that cyber security certifications have helped um

to close skill gaps within their teams and then you know 46 of leaders believe that when people have these certifications it boosts their productivity so on this list this is referencing 2020 some of the top and most valuable certifications specifically to security i think it's important to note here um roughly you know two years ago we weren't really seeing some of these cloud technology certs being as important and valuable similar to what what kelly was just noting there it's definitely a trend that we're seeing as people are moving to the cloud um and just overall reflects the growing industry concentration for cloud um and everything that goes along with that and then we've also listed you know here

specifically in the upstate these are schools that are producing the top security talent right now um so definitely important to highlight these on your on your resume um help you stand out against others in the in the industry

well we do we took number two i'll take that then thank you yeah i know i thought about that when i saw that so cool did anybody have any questions around that so that was a little bit shorter um and just to add to it's definitely good to highlight the schools if you were looking to get into and i don't know from an audience population who who fits into this but if cyber security is something that you were looking to get into that was kind of why i wanted to add that there um from a program perspective those are the organizations or the the higher ed institutions that are well known here in the upstate for

for getting you prepared no kelly's the george guy this is this is great i'm actually a certified software tester and i'm looking to broaden my horizon by getting into security so this is great oh i'm good i'm glad to hear that is there any idea where on the list of certifications where the comptia pin test plus might rank and if there's a uh where that might stand i see it as these days a much more valid alternative than the [Music] ceh yeah no i hadn't thought about that and i'm not sure exactly looking at this list but mike isn't everything more valid than the ceh well that's kind of i think that we normally say in the

i think the those of us that have the kind of the real world practitioners would say say that would be true but maybe you know for from maybe like the hr hiring perspective not necessarily and that they still see the ceh as the the pin test certification of choice but i've heard you know over the last probably i think this even goes back before covet that a lot of people were switching over to pen test plus because it was from comptia you know it's a little bit more seen as vendor neutral uh it's up to date right versus you know the ceh that's has this i guess it's renowned to be fairly outdated and in the content and the tools that it

test on but i thought i just thought it would ask i don't know if you have yeah a master list of top 100 most valuable certifications to see where yeah where where are you but better that comes up in conversations that is the one that we have been steering especially students to rather than and plus it's nicer because it's it's it's like a third of the cost as well yeah and something that that brings up that i meant to mention is as you're looking to go into quote-unquote security it is important to kind of pick a track um and i think a lot of people and like i said y'all know about this just as much as i do

um think information security sometimes is what you see in the movies people packing and um red team blue teaming cetera but a lot of what the business means and i think this certification list reflects that is someone coming in from like a compliance and a risk perspective making sure controls are in place etc um is a is something that in the real world is necessary versus what you typically see in regards to the movies and tv shows so that was just something that that i didn't want to note there sure that makes sense

well yeah i'm not sure what how many of y'all are interviewing remotely or anything but michael touched on just some tips there and um so i'll pass it over to you like yeah interviewing remotely offers a whole new set of roadblocks really this is just the standard interview prep that we like to provide um when you get asked about the tell me about yourself um definitely do your research before you're going into that interview um connect with anybody you might know that's linkedin can become a really good resource for that also going through industry trends on google i know that linkedin premium i think has some really good insights on that as well but uh going through your most recent

experience first when you get asked that tell me about yourself question is super important being able to try to talk about projects that you owned or were heavily involved in and using terms that relate to you because sometimes in interviews we've noticed recently people like to use we and like to demonstrate team building and all that and that's great but it just doesn't provide what you as a person actually did on that project so being able to talk about what you were heavily involved is important and obviously making sure that they're related closely to that job description and of course being able to come prepared with those roadblocks ready to go um something similar to what they're

they might be facing right now and how you were able to handle it um and then always come prepared with some questions i'm sure as you search you'll probably have a million questions kind of try to narrow them down into what you think is really going to be important and relevant to you considering that role um super important yeah and these are just basic tips especially with uh remote interviewing remotely have that resume printed out and ready to go we've also noticed that people have been just kind of trying to scramble through going through different tabs leaving the zoom or webex and kind of trying to get to their resume but having it printed out kind of gets

rid of that whole issue um having your computer charged up and ready to go um sounds so simple but it would it would really i would hate to see somebody lose an opportunity just because their computer wasn't charged up um then easy stuff like tidying up the background making sure that everything looks clean eliminating background noise whether if you have kids scheduling a playdate or letting the dogs outside definitely can help with that dressing professionally sometimes sweatpants will work but you don't want to get caught wearing sweatpants um definitely want to be dressed professionally from the waist up um and then log on early make sure that uh your audios work and your videos work

and if you're having trouble connecting your webcam you can get that all settled before the interview will start super important

and then resumes um we kelly already kind of touched on this but i'll go into some more detail into what that should look like um resumes i mean at first glance a hiring manager will typically look at a resume for only about six seconds so making sure that experience that is relevant is at the top and easy to read through also be explicit in that experience because that first person who looks at that resume might not be a technical person it might be somebody with an hr who's looking for those buzzwords like we were talking about before and whatever that automated system might be that we're using to to search for resumes may also be that

same way career builder also found out that 75 of hr managers have found lies on resumes um don't lie in a resume definitely an important part because you can't get caught um and then dates of employment that's another thing that people might not even realize about um just trying to make sure that's accurate because that could lead to disqualification for a role um if you're a month or so off um and then what hiring managers are looking for in there um obviously a strong summary of what you what you do and what you've done um what a resume is but really kind of trying to summarize everything that you've done and how it is relevant

to what they need if you've worked in the same industry i know healthcare is big in the upstate going through and being able to kind of demonstrate how you've worked within that industry sector is really important um and then the value again that you brought to the team not we brought to the team uh is super important there continuous employment we get it people do come out of work from time to time family emergency or covid or whatever that looks like but being able to kind of just go through the resume and address any big gaps in there if you were getting a certification during that time or whatever you might have been doing super important there um relevant

certifications if you're going for you've seen a lot more in the cloud security space if you have a cloud certification definitely make that a front and center so they can see that and then employer brand awareness being able to go through and do your research on the company and if if they're on the cutting edge being able to kind of figure out okay if they're working with these cutting edge technologies i have to make sure that that's relevant and on my resume does anybody have any questions

yep so that was thanks mike um but yeah that was that was kind of wraps up what we have for y'all today um i can't see in the chat right now because i'm presenting but it does seem to be lighting up um there are any questions y'all want to touch on contact information yeah what things we we're talking about in the chat is the the outrageous pricing for for sans classes even though the course does the certification seem to be be money so it's great great to have them and if you if you uh especially can have a company pay for for you to go rather than having to to pay for them out of pocket

do you see a lot of demand for sand certs and are there any of them i haven't i don't think i have seen that locally i would be curious um kind of across the board across the country what that looks like um now that y'all bring that up because you're right i didn't see too many of those on the list [Music] i think what i always hear is it's always the cissp is kind of still the one that everybody looks to just uh even if even if and i think maybe even you and i had this conversation one day about a lot of companies that you know they're looking for someone with a cisp and you know at least three years

of experience in the field or yeah and then they want to pay you sixty thousand dollars and i don't know if that's have things kind of evened out a little bit more or is it do you still see those instances and you have to educate the hiring managers that i think we are seeing the salaries level out a little bit locally um and companies around here are coming to terms with the the the price tag associated with someone with the experience so i've definitely seen seen that come around a little bit um i think people are understanding every everything that comes with the cissd a little bit better nowadays which is comforting except for to

charlie's point there are some entry-level roles that ask for that but yeah right i think they just don't understand what is realistic and and what makes sense um do you have you guys have any um top tips for you know students that are looking at breaking in into uh i.t security so we got you know some folks you know from of course greenville tech and and clemson and upstate usc typically in the in the meetings and so um that's i definitely have my list but you guys have have any of your top tips and tricks for for students yeah i think um i think networking is key so obviously continuing to coming to these but also making the most out of them

so um i know we used to go through the introductions but um when we were in person but like hey if you had the opportunity have you heard um oh my q works out for i would love to work out for like taking the initiative to reach out and making the most out of the networking events instead of just attending um and checking off the box i think is one of the biggest things um that i could encourage and um i think leveraging linkedin connecting reaching out um trying to make connections in that way if you know hey i want to get into healthcare security um doing a quick search who works at prisma information security reaching out

um trying to get an introduction there and just start having that conversation i think is definitely something to set you apart so i don't know if logan or might have any other thoughts on that yeah i was just going to say be patient with it i mean your first job might not be exactly what you want to do with your career but it's helping you get in that door and get that experience that will be needed to eventually get there

i think that covers everything i had on my list anybody else have any other

questions yeah and if you do like i said if you wanted more specific information around um kind of the path you you want to go down or like hey help me understand my from a salary perspective what's the market look like in this specific realm um definitely reach out um we'll be happy to talk through that with you or if you want to talk through your resume specifically um or anything like that we're definitely hoping to help okay sounds great well i appreciate it we appreciate it yeah definitely yeah so thanks to kelly and logan and michael for for coming in and sharing with everybody and definitely feel free to reach out to the the tax systems team if guys have

any questions uh hiring or hopefully not firing but hiring or looking at uh obtaining a job or position okay i really appreciate you guys for coming and sharing with the group and thanks for everybody for attending so enjoy the rest of january hopefully the rest will look a little bit better than the start and uh we'll see you guys next month with uh the gentleman who's the cso for greenville county schools all right so stay safe out there and see you guys then all right take care mike