Now more than ever, employers in virtually every industry want — and need — to hire IT security professionals. From large enterprises with security operations centers to a startup team aligning cybersecurity for small business operations, today’s organizations need to keep sensitive data and systems safe from malicious hackers, defend an ever-expanding security perimeter, and comply with stringent regulatory mandates related to data security and privacy.
As companies work to accelerate digital transformation efforts and build a more automated, cloud-based, data-driven workplace that can support remote teams, assembling and maintaining a deep bench of IT security expertise is becoming only more critical. The dramatic rise in cybercrime in recent years has also placed additional pressure on businesses to keep systems up to date and vulnerabilities patched and to respond effectively to cybersecurity incidents related to malware, ransomware and phishing.
So, which cybersecurity professionals does your organization need to cover all its IT security bases? Here’s an overview of the responsibilities and skills for five of the most in-demand roles, based on research for the Robert Half Salary Guide, and an example of a must-ask interview question to pose to job candidates.
Data security analyst
A data security analyst — also sometimes referred to as an information security analyst or a computer security analyst — will be on the front line in protecting your company’s systems and networks from malicious hackers and other threats that work to steal or compromise critical data. According to Robert Half’s Salary Guide, data security and data privacy are among the biggest initiatives businesses are hiring for, with experts crucially needed to protect company and customer information.
Data security analysts need to bring a thorough understanding of all aspects of computer and network security to their job, including firewall administration, encryption technologies and network protocols. Companies look to these pros to handle critical tasks such as performing security audits, risk assessments and analyses; researching IT security incidents and addressing security weaknesses; and developing IT security policies and procedures.
Look for candidates who have at least three years of experience, and who are self-motivated, analytical problem-solvers with strong communication skills.
IT security and other credentials to look for: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP)
Must-ask interview question and why: What are some current trends in data security, and why are they significant? You want to hire a data security analyst who closely follows industry security trends and developments. This question tests industry knowledge — and allows interviewees to demonstrate their commitment to and passion for their profession. An answer to this question might include details about current data protection regulations that impact your industry, or how emerging technologies like artificial intelligence create new data security challenges for businesses, large and small.
Information systems security manager
When you recruit an information systems security manager, you’re hiring someone to orchestrate your company’s security measures. That includes overseeing the creation of IT security infrastructure, implementing policies and best practices, managing security audits and vulnerability and threat assessments, and preventing and detecting intrusion. Information systems security managers are also often tasked with creating and executing strategies to improve the reliability and security of IT projects, such as software development.
For this role, you’ll want to look for a candidate who has a strong technical background in systems and network security and at least five years of experience. Solid interpersonal and communication skills and leadership abilities are important to succeed in this role, as are standout analytical and problem-solving skills. This person should be well-prepared to manage a varied team of IT professionals that includes security administrators, architects, analysts and engineers.
IT security and other credentials to look for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Management and Leadership Certifications
Must-ask interview question and why: What is your experience with disaster recovery and business continuity? Many companies look to their information systems security manager to help develop IT disaster recovery plans for their critical systems. If your company is among them, you’ll want to confirm that the cybersecurity professional you hire for this role has the skills to assess risks and can take the lead on creating plans to address IT security emergencies.
A security architect’s core job is finding ways to stay one step ahead of all digital threats to the company’s network, from hackers and viruses to malware. A security architect can, essentially, come into your business, look at your IT security “house” (i.e., infrastructure) and recommend where and how to make improvements without compromising your business systems’ performance.
Security architects can perform testing to detect and monitor suspicious activity and analyze threats to help your business improve its IT security approach and reduce the risk of future attacks. They are always thinking about future requirements and stay informed about relevant regulations that impact IT security. These cybersecurity professionals also need strong interpersonal, leadership and change management skills. They may supervise staff and work with other teams, as well, to help meet strategic IT goals such as migrating to the cloud or building mobile applications.
IT security and other credentials to look for: Certified Ethical Hacker (CEH), CISM, CISSP
Must-ask interview question and why: What types of tests can you use to detect security weaknesses in the network? A candidate is likely to respond immediately with “penetration testing,” as that’s the go-to testing method for most organizations. But you’re better off hiring a security architect who is also willing to take a creative approach to uncover potential security faults. So, listen closely to candidates who mention other methods, such as using packet analyzers or “sniffers” to intercept and log network traffic to identify threats or engaging in ethical hacking to bypass system security and search for vulnerabilities.
Network security engineer
To build your company’s IT security infrastructure, you’ll need the expertise of a network security engineer. Midsize and large businesses typically hire network security engineers to modify their existing networks in response to threats, or to help them expand their IT infrastructure with a focus on security. But these IT security pros can also help fast-growing startups to develop secure IT infrastructure from scratch or take cybersecurity for small business operations to the next level.
Many businesses look to network security engineers to manage their penetration testing exercises and work with automated testing tools. These cybersecurity professionals may also typically monitor detection and response activities and conduct routine analyses of security events, alerts and notifications. Look for a candidate who is proficient in security technology, has a deep understanding of the nature of cybersecurity threats, and can create and document security policies.
IT security and other credentials to look for: CEH, CISSP, Cisco Certified Network Professional Security (CCNP Security)
Must-ask interview question and why: If a company’s computer network is attacked, what are the biggest implications? System downtime and data loss are just two potential outcomes of a cyberattack — and obvious answers to this question. You want a network security engineer on your IT security team who approaches their work with a big-picture outlook on cyber incidents. Responses to look for include erosion of customer trust, loss of brand value, reputation damage and financial loss.
Systems security administrator
The job description for a systems security administrator will depend on the size of the organization. If these professionals are hired to help manage cybersecurity for small business operations or midsize companies, for example, they may have a blended role that includes systems administrator duties and software and networking hardware management.
In larger organizations, meanwhile, a systems security administrator is more likely to focus solely on security, including installing and maintaining firewalls, solutions for virus protection and other measures. But in either case, cybersecurity professionals who hold the systems security administrator title are responsible for helping companies define best practices for IT security and coordinate penetration testing to identify vulnerabilities.
Candidates for the systems security administrator position should ideally have a background in networking. You may also want to specify in the job description that applicants should possess excellent knowledge of TCP/IP (standard internet communications protocols), routing and switching, network protocols, firewalls, and intrusion prevention.
IT security and other credentials to look for: Cisco Certified Network Associate (CCNA), CISA, CISSP, CompTIA Security+
Must-ask interview question and why: What is the difference between IDS and IDP? An experienced systems security administrator can quickly explain that while these two systems may use the same methods for monitoring and detecting intrusions, they respond differently to these events. An IDS, or intrusion detection system, monitors for intrusions and sends an alert when it detects suspicious activity. Preventing the intrusion requires administrators to take direct action. Meanwhile, an IPS, or intrusion prevention system, is a control system: It detects intrusions and responds in real time to prevent them from reaching targeted systems and networks.
Together, the five types of cybersecurity professionals listed above can help your business improve data, network and systems security; prevent and quickly recover from cyberattacks; meet security compliance mandates; secure your remote workforce; modernize and optimize your company’s IT security infrastructure; and plan for disaster recovery more effectively. And those are only a few of the benefits that these pros can deliver.
If your objective is to strengthen enterprise security, you may need to consider hiring for all these roles. However, fortifying cybersecurity for small business operations or a midsize organization may require making only a few strategic hires to round out the IT security function. Engaging contract professionals through a talent solutions firm like Robert Half is another way to secure IT expertise for your business, especially if you only need to tap their specialized skills for the short term.
Security matters in all things IT. No matter what other technology roles your business needs to hire for — software developers, IT support managers, DevOps engineers or other specialists — look for candidates who can bring solid basic security skills and knowledge to the table. Focus on professionals who will keep security front and center in everything they design, build and deliver for your business.