Much ink has been spilled in these very pages about both the need for strong cybersecurity practices and the talent wars happening at banks today (particularly in commercial lending), but ne’er the twain shall meet.
But as hackers at home and abroad target financial institutions of all sizes, banks in need of talented cybersecurity personnel are finding that their demand is far outstripping the supply.

“Our experience has been that the talent in that field is fully deployed. It’s really difficult to find cybersecurity technology specialists,” said Barry Abramowitz, executive vice president and chief information officer at Liberty Bank in Middletown.

Chris Connolly, division manager at the IT recruiting firm Open Systems Technologies, says the supply of talented cybersecurity personnel is “not even close” to meeting the demand, and he has a theory as to why. In Connecticut in particular, the insurance capital of the world, many major organizations have outsourced at least part of their IT functions, creating the perception that the IT field is unstable.

“As kids are going into college, their parents are telling them, ‘don’t go into IT, because you could be outsourced and lose your job,’” he said.

Perhaps those parents should pay more attention to the high-profile data breaches hitting everybody from Target to the Fed. In banking and elsewhere, cybersecurity is no longer strictly the domain of IT.

And while the Massachusetts-based search firm Kiradjieff & Goode Inc. specializes in executive and senior-level placements more generally, Managing Partner Chip Goode said that cybersecurity experience is increasingly valuable for positions like chief technology officer or chief information officer. That’s due in no small part to increased visibility of high-profile data breaches, along with the attendant scrutiny by regulators.

“There’s no question that it’s increasingly on board of directors’ and CEOs’ minds,” he said. “One of the things we’ve been screening for in our CTO and CIO engagements is: ‘Does this professional have any background in cybersecurity? How knowledgeable are they? What has their specific experience been?’”

Though all the top cybersecurity executives at the organization may not yet directly report to the CEO, those people tasked with keeping the bank’s data safe increasingly have more interaction with the CEO and the board, Goode said.

The Search For  Up-And-Coming Talent

Lore has it that the bank robber Willie Sutton once said that he robbed banks because “that’s where the money is.” Though Sutton didn’t actually say that, the principle certainly applies to today’s cybercriminals, who hack and phish their way to cash and sensitive customer data. As long as they’re lurking in the shadows, cybersecurity will be a priority to the banking industry.
To help foster interest in the field, Connolly said that he often visits college campuses as part of his work with the Society for Information Management, spreading the word about career prospects in the IT field.
A cybersecurity professional could easily pull in a salary beginning around $70,000 for an entry-level position, he said. Perhaps more college students should know that. Companies in need of cybersecurity personnel are also trolling college campuses for fresh recruits.
“What we’re seeing is more and more companies are actively involved in college recruiting, directly off campus, dramatically more than when I was in school,” he said. “They’re trying to get these kids young and bring them in and train them the way they want [them] to be trained.”

The demand has also prompted many in other areas of the technology field to rebrand themselves in the hope of better positioning themselves for future job growth.

“Oftentimes what we see are that people are more specialized in the roles they fill,” Abramowitz said. “They may be specialized in validating the environment to make sure their patch management program is up to date, but they have no involvement identifying any other vulnerabilities in their environment. Or they haven’t had experience in the documentation of policy and procedures, or haven’t had experience in incident response.”

He said that he now sees people from other areas of IT seeking certifications – for example, a certified information security manager – to help propel their careers.

For his own part, Abramowitz said he doesn’t favor any one particular designation over another, but he values that in his employees and would-be employees.
And Goode said that while particular cybersecurity qualifications haven’t yet been “make or break” in any of the senior technology placements his firm has made, having a well-rounded background in all areas of the bank’s technology function only helps professionals distinguish themselves.

“It was definitely a nice to have qualification and enhanced their candidacy that much more,” he said. “From our experience, it is still coming down to strategy, leadership and communication skills and it is a real plus if they have this in their background.” 

Email: lalix@thewarrengroup.com