Security Jobs: What’s Hot and What’s Cooling

Even before the COVID-19 pandemic, telecommuting was gaining momentum. Analysis from FlexJobs and Global Workplace Analytics shows that remote work grew 44 percent in the last five years and is predicted to increase even more post-pandemic.


When the pandemic hit, the transition to remote work was expedited dramatically, and the surge of newly remote workers meant businesses needed to expand security perimeters due to the wider attack surface.

Not surprisingly, remote workers present more security risks than on-site workers: Home WiFi networks’ security protocols are weaker than those in the office environment, and many remote workers access their applications via their own BYOD endpoints, which are less secure than corporate network-connected PCs. On top of that, remote workers are simultaneously using personal email, accessing personal web accounts, clicking on malicious links they should not, etc.

Meanwhile, hackers are stepping up their efforts to infect our computers using the pandemic as a ploy. This is business as usual for hackers, who often use current events combined with automated bot techniques to scam their victims. While everyone is feeling anxious, hackers are using social engineering and other tools to get us to act, often against our better judgment.

The Pandemic and the Future of Security Jobs

While many of us are aware of the cybersecurity talent gap – the world will have 3.5 million unfilled cybersecurity jobs by the end of 2021, according to Cybersecurity Ventures – many businesses are trying to cut costs to prepare for a COVID-related recession. What does that mean for the current climate and the immediate future of security jobs?

It means that despite the overwhelming security talent gap, some security jobs will likely be cut as companies struggle to remain in business. From a practical standpoint, security jobs that are not focused on remote work and cloud, such as jobs in older technologies and on-premises data centers, may be more at risk.

Cooling Security Jobs

Security jobs that are cooling focus on traditional on-premises defense, or preventing attacks we know about. These jobs often exist within the traditional company IT data center and focus on a specific product or program.

Examples include:

Data Center Security Manager: There is less demand for these roles as companies look to pare down their data centers. Organizations want fewer physical data centers as they push more workloads into the cloud.

Hardware Engineer for Security / Security Hardware Technician: These positions tend to focus on custom chip sets, hardware, and devices. Custom hardware is falling out of favor because they companies don’t want to be vendor locked into particular hardware solutions. Accordingly, organizations are getting rid of legacy platforms, which means they need fewer people to work on them.

IT Security Operations Specialist / Security Operations Center Analyst: These roles are on the operations side and focus on managing equipment, troubleshooting, and putting manual corrections into place. These jobs diminish when companies move to managed service models where these tasks are performed for them. Next, as businesses employ machine learning and automation, companies need fewer people running the equipment and manually troubleshooting. Some roles are getting automated out of existence.

Hot Security Jobs

While the cooling jobs tend to address known security issues on legacy on-premises systems, today’s environment requires security to take a more offensive than defensive approach. The skills required for these jobs include cloud security, DevSecOps, user behavior monitoring, and analytics expertise.

Artificial intelligence (AI) knowledge, implementation, and configuration skills will be in high demand, as will jobs in managed services for security experts.

Examples include:

Cloud Security Engineer / Managed Service Security Manager: As companies move to private and public clouds, they need people who understand the security implications of these environments. Or in the case of managed services professionals, people who actually run and operate that environment for enterprises.

Cybersecurity Manager of Machine Learning and AI / Cyber AI Architect: These rolesare responsible for analyzing big data analysis performed offline. They use AI to discover trends and correlations – in this case for security data and events.

Data Scientist for Machine Learning: This role analyzes small data in real time, to provide indications of trends occurring in the networks as the data passes through. It’s a critical role to have on security teams.

As companies move to AI and machine learning algorithms, they need fewer people who can troubleshoot security events and more people who are deep thinkers, who know how analyze data for trends, intent, and recognize early indications of the next cyber-attack.

During lean economic times, underperforming security employees who focus on older technologies, especially those who are inflexible, unreceptive to training, or who lack collaboration skills, will be vulnerable. Cybersecurity professionals who are motivated to stay relevant and evolve their skills will thrive in today’s increasingly demanding security environment.

The disappointment of Australia’s new cybersecurity strategy

Finally, after 11 long months, Home Affairs Minister Peter Dutton has delivered a drab and inward-looking cybersecurity plan and has complained about encryption yet again.

The most striking aspects of Australia’s new Cyber Security Strategy, launched on Thursday, are how vague and unambitious it is, especially when compared to the strategy launched by then-Prime Minister Malcolm Turnbull in 2016.

With the 2020 strategy now online, Turnbull’s vision has of course been thrown down the memory hole despite the government’s claim that it’s now building on its “strong foundations”.

Fortunately for us, the 2016 strategy and its first and only “annual” update are preserved at the Internet Archive.

A comparison of the two is far from flattering to the newcomer.

Turnbull had set out his vision, which in typical Turnbullian style, he referred to as his “philosophy” for a “cyber smart nation”.

“The need for an open, free and secure internet goes far beyond economics,” he wrote.

“It is important for ensuring public and financial accountability and strengthening democratic institutions. It underpins freedom of expression and reinforces safe and vibrant communities.”

The need for an all-optical network

Turnbull said that the internet had to be governed by those who use it, not dominated by governments.

He talked about innovation, about a “national cyber partnership”, and about Australia taking on “global responsibility and influence”.

His action plan included appointing Australia’s first Ambassador for Cyber Affairs and publishing an international cyber engagement strategy — perhaps two of the strategy’s greatest successes.

Indeed, Australia continues to play an important role in global cyber diplomacy.

The proposal for a cybersecurity growth centre turned into AustCyber, promoting Australian businesses internationally.

The strategy created the Cyber Security Cooperative Research Centre and the Joint Cyber Security Centres (JCSCs), although the latter have struggled to find their precise role.

Importantly, Turnbull appointed a minister to assist the prime minister on cybersecurity, giving the whole strategy some focus and leadership.

Also importantly, the action plan was to be completed by 2020, although admittedly most of the items didn’t come with measurable outcomes.

Turnbull’s strategy didn’t totally succeed. Far from it. But with its panoramic vision and international engagement, it was seen as world-leading.

Making cybersecurity more cybersecure

By comparison, the new strategy from the Minister for Home Affairs Peter Dutton is drab and inward-looking.

“The Australian Government’s vision is to create a more secure online world for Australians, their businesses, and the essential services upon which we all depend,” it says.

That’s it. Our vision for cybersecurity is to be more cybersecure.


Europe opened its internal borders six weeks ago. Bookings are up, but there’s a big difference between booking a trip and actually taking one.


It was just under six weeks ago that Europe opened its internal borders in the hopes of salvaging a summer season of travel. So it’s worth asking now how that season is looking.

The prospect of traveling in Europe versus the U.S. at this time is quite different. Europe has largely, if not wholly, beat the virus down. While no form of travel is risk-free during a pandemic, the lower level of virus circulation in Europe makes summer travel a different beast than in the U.S.

However, Europe’s progress remains tenuous.

It’s also worth noting that, in Europe, the July and August vacation season is seen as something of a human right. As journalist Yasmeen Serhan wrote in The Atlantic earlier this summer, unlike the U.S. “Europe savors the summer: a sacred time in July and August when vacations are planned, shops are closed, and the continent agrees to go on a collective pause.”

Given the complexities and uncertainties associated with travel at the moment, however, it’s been anyone’s guess whether or not Europeans would in fact take to planes, trains, and automobiles in order to claim this right of theirs. While no one is expecting 2020s summer to reach 2019 levels, there are some indicators that Europeans are hitting the road.

The opening in June certainly resulted in an increase in bookings to holiday hotspots, said Olivier Ponti, vice president of insights at ForwardKeys. “When Spain, Portugal and Greece announced they would reopen for travel, there was an immediate pick up in Intra-European flight bookings to those destinations,” Ponti told Skift. “In the five weeks following the announcements, the combined booking levels for the three countries rose to 65 percent of last year’s bookings during the equivalent period. By comparison, all intra-European bookings have recovered to 45 percent of last year’s levels over that period.”

ForwardKeys data also showed that during the week of July 13, there were more new bookings than cancellations to the European Union from Europe for the first time since the pandemic began.

In a survey conducted by Eurail, roughly a third of respondents said they intended to stick to their holiday plans for this year. Dutch citizens were the most steadfast, with 41 percent keeping their plans, followed by German (31 percent) and British citizens (30 percent). The survey also noted that 37 percent of respondents said that flexible cancellations and refund policies are most important to their decision making on taking trips, above low cost or promotional fares.

In some ways, Europe is in the best position to see some form of recovery. As the European Travel Commission noted in its second quarter report, the “likelihood of a stable and quick recovery of travel demand is likely to be greater for destinations that rely more heavily on domestic and short-haul travelers.” In that regard, Europe is well-placed. In 2019, the average share of international arrivals that were from short-haul markets in Europe was 77 percent. Meanwhile, the share of domestic travelers was 44.5 percent across Europe, based on data from hotel stays.

However while bookings are up overall compared to the depths of the lockdown, that doesn’t necessarily mean trips taken — especially in the era of hyper-flexible cancellations. Tim Fairhurst, secretary general of the European Tourism Association, told Skift that situations like Barcelona going back into some form of lockdown may remain a huge thorn in the summer season’s side.

“The appetite is there, and bookings are picking up, but fear of finding yourself on the wrong side of a newly closed border is proving to be a factor,” Fairhurst said. “As are situations such as Barcelona’s, where the regional government has reintroduced recommended (not mandated) restrictions, which don’t obviously affect visitors. So we’ve got the novel prospect of risk of resentment for tourism returning at precisely the time when destinations want to welcome its return.”