Hiring for cybersecurity is on the rise in Philadelphia: ‘There’s not an industry that’s immune’ from attacks

When the tech world thinks about the cybersecurity field, it usually thinks of nearby mid-Atlantic cities Washington, D.C. or Baltimore as major hubs.

It makes sense: Where there’s government info, there needs to be a safety plan — and people in place to enact it. But lately, the idea of who needs cybersecurity or defense has broadened.

“Every single company would need staffing,” Maria Incollingo, division director and staffing expert for Robert Half Technology told Technical.ly: Where there’s data, there’s the ability to be hacked.

So as the field of cybersecurity continues to grow, the Philadelphia region is becoming a home for a wealth of those jobs.

In the last year, we’ve seen cybersecurity skilling bootcamps open, local cybersecurity companies expand their reach, and broadcasting and internet giant Comcast acquire a cybersecurity platform company. Philadelphia’s own courts website was shut down for a month last year as a preventative measure after a virus struck multiple computers.

A Burning Glass Technologies labor insight report revealed that in 2018, there were 10,000 local cybersecurity roles that needed filling and that number is estimated to have grown. Robert Half found that cybersecurity and cloud-based skills have been continuously ranked as the highest sought-out abilities in tech employees in the last few years.

And it doesn’t seem like that number of jobs will slow down any time soon. Philly-area experts agree — the need for cybersecurity is sticking around.

It’s not necessarily that there are new cybersecurity firms popping up all over the place, Incollingo said, but that companies are realizing that they should have some sort of in-house approach to cyber defense.

The Philadelphia area has seen a tech boom in general, especially in fields like software and medtech, she said. And those industries have gone through their own cycle of attracting and retaining talent.

“We’re past the digital boom,” she said. “The next thing is, ‘How do we protect ourselves?’”

People with the right skills are still few and far between, which is why reskilling bootcamps have become more prevalent.

That means that companies are approaching Robert Half with requests for people skilled in things like exposure in risk analysis, vulnerability testing or penetration testing, Incollingo said — essentially, people who can poke around and find the holes that exist in their company’s existing technology.

It may be easy to imagine why healthcare companies — of which Philly has plenty — would want someone skilled in place with a strategy to protect patients’ sensitive data. But other, more unlikely industries are seeking some in-house defense teams as well.

Mason Leavey, the manager of information and security at Burlington, the retail giant based in Burlington County, New Jersey, told Technical.ly at 2020’s NET/WORK hiring fair that he’s looking to build an internal cyber defense team.

Lots of organizations don’t prioritize having such a team, he said, especially because they’re not an obvious “value-add” — they don’t bring in any money.

“But our customers trust us, and attacks happen [to companies] every day,” Leavey said, which is why Burlington is currently hiring for cybersecurity roles. “Phishing incidents are everywhere, and we have to be safe.”

Leavey echoed a sentiment that we’ve now heard over and over again about tech talent, especially in a field that’s evolving as quickly as cybersecurity: Once you know you need someone, it can be hard to find them.

Though local higher ed institutions like Penn State University or Drexel University have added official undergraduate or graduate degree programs in cybersecurity, hiring experts and the companies looking for qualified applicants say people with the right skills are still few and far between. It’s why reskilling bootcamps have become more prevalent, either for those looking to add on to traditional higher ed or folks looking for a mid-career change.

The Penn Cybersecurity Boot Camp launched late last year after the university saw interest and success with the more general Penn LPS Coding Boot Camp. Students enrolled in the 24-week course will cover everything from threats, vulnerability, governance and compliance and it’s role of security professionals and security groups within a corporate environment, instructor John Boehmler said.

Students in a Penn LPS bootcamp. (Courtesy photo)

The curriculum is set by Trilogy Education Services, but Boehmler creates hands-on scenarios and will add to it to ensure its extremely up to date with current trends. The first cohort of about 30 students started in November, and a second cohort is now in its third week. A third cohort will start in May, and the demand for the course is high, according to Rita McGlone, the executive director of professional and organizational development at University of Pennsylvania’s College of Liberal and Professional Studies.

Those coming to the program might be folks who already work in tech and are looking to diversify their skills, or they might be coming from a totally different background, but see cybersecurity as a job for the future, McGlone said.

“There’s not an industry that’s immune from getting violated from their technology systems,” she said. “It’s not a brand-new profession but I think we’re getting more and more sophisticated, both from an offense and defense perspective.”

The skills needed to become a successful cybersecurity professional are technical, yes, Boehmler said. But that person also needs to understand social and “for the lack of a better term, political” workings of an organization to ensure a security plan is well-received and implemented.

“A security concept for a good password is no good if you’re not able to explain that concept to the organization,” he said.

The fact that there are more jobs in cybersecurity than people ready to fill them has added a unique challenge for hiring managers — they have to fight hard for a small number of candidates.

Those soft skills can be just as important in the job, said Richard Puckett, global head of cyber defense at SAP. The cloud software company looks for people who are critical, collaborative thinkers who know how to problem-solve.

Puckett likened the way a cybersecurity team has to work through a task to an emergency services professionals.

“We’re looking for people who know how to compose others around a problem,” he said. “The teams that train really well together, they tend to have a stronger culture as a team. They like being in a unit.”

At the end of last year, SAP opened a cyber defense center, which will serve cyber defense capabilities for the company and bring new security functions like analytics, defensive automation, cyber intelligence and cloud security.

He too, talked about how this talent can be challenging to find. It can be hard to differentiate yourself as an employer when the competition is so stiff, Puckett said. Additionally, folks in tech like to be learning and applying the newest and most innovative skills, so retaining cyber pros is also a challenge.

The fact that there are more jobs in cybersecurity than people ready to fill them has added a unique challenge for hiring managers — they have to fight hard for a small number of candidates.

“This will be a field where there are always open jobs,” Incollingo said.

The other experts we talked to agreed. So, what’s a company to do?

SAP has plans to upskill current employees who are interested in the field and do as much internal training as possible, Puckett said. The cyber defense center has plans to employ about 70 people by the end of 2021, and its recruiting from area universities, HBCUs, veterans centers and vocational programs.

And Puckett realizes that these folks will be a hot commodity.

“The market will command such a price for them, which you don’t fault people for,” he said. “It’s more of, ‘Let’s really use them while you have them’ attitude.”