The information security jobs in demand for 2022

Published on: 20 Dec 2021

The last 12 months have been another busy time for cyber professionals, with threats such as ransomware gaining prominence and vulnerabilities created by the ongoing Covid-19 pandemic continuing to present opportunity to criminals.

But this industry never stands still, and while it's important to take lessons from what's gone before, security teams should already be turning their attention to the months ahead and preparing for whatever new challenges 2022 will bring.

One thing you can be sure of is that information security jobs will remain in high demand in the coming year, as businesses continue to struggle with the twin issues of talent shortages and increasingly sophisticated and aggressive hacking attempts.

So what key trends can cyber security professionals expect to deal with in the coming year, and what skills and experience should candidates highlight that will be of particular interest to potential employers? 

New and returning threats to cause problems

One of the big information security trends of 2021 was ransomware, and it seems this isn't set to go away any time soon. With high-profile incidents such as the Colonial Pipeline attack demonstrating the damage ransomware can cause, this is often seen as an easy way for financially-motivated hackers to score a quick payday.

According to the National Cyber Security Centre (NCSC), there were three times as many ransomware attacks in the first quarter of 2021 than in the whole of 2019, while a study by PwC found more than six out of ten organisations in the UK (61 per cent) expect to see a further increase in 2022.

As a result, information security specialists who understand how to deal with these incidents will be needed by firms across all sectors. The NCSC recommends using a 'defence in depth' approach that builds multiple layers of defence with several mitigations at each layer as the best way to fight this, so those who have experience in these strategies on their CV will be highly valuable.

Elsewhere, other major threats firms will have to deal with in 2022 include managing a more hybrid workforce, which will require firms to adopt a 'zero trust' approach to security to protect systems from unauthorised remote access, and the continued evolution of strict data protection laws as governments around the world take a more proactive approach to cyber security.

It's not just about threats within your network

Another key trend will be third-party attacks. Even if you have the highest-possible security protections within your business, can you say the same of your supply chain? Today's business environment is more interconnected than ever, and many criminals have sought to take advantage of that by bypassing larger, more well-defended firms in favour of accessing them via smaller partners. 

This can be a hugely effective tactic, as was seen in 2020 with the discovery of the SolarWinds hack, where a compromised software supplier was used to access hundreds of other organisations, including multiple US government departments.

In 2022, enterprises will need to step up their efforts to defend against such issues. Cyber secure supply chain leader at Deloitte Sharon Chand told Infosecurity Magazine, for example: "The global supply chain is at the forefront of everyone’s mind today ... Cyber-attackers are busy leveraging a hyper-connected digital supply network to invent new attack vectors. Now is the time to move beyond just monitoring security risk in supply chains and to start taking action to mitigate it."

For professionals, this will mean they need to take on a much broader role to evaluate existing and potential partnerships to look for vulnerabilities beyond the traditional weak points. Strong risk management skills will be a key element in this, as will the ability to conduct in-depth analysis of networks and systems. 

However, it could also mean more opportunities for people with skills such as penetration testing and ethical hacking. These personnel are capable of stepping back and taking an outsider's view of a system, including all third-party connectivity it may have, in order to determine where any weak points lie.

The roles firms will need to fill

These factors will present great opportunities for those in the information security field to expand their skills in order to meet these evolving needs and stand out from the crowd when it comes to applying for roles.

Another factor in professionals' favour is that they continue to have a lot of power when it comes to their future career path, as enterprises are still having to compete fiercely for the best talent, with higher salaries and other benefits.

At the end of 2021, there are estimated to be 3.5 million cyber security vacancies around the world, according to figures from Cybersecurity Ventures, and within this, there will undoubtedly be specific areas that are in high demand.

For instance, CompTIA has highlighted some of the most in-demand positions at present as including:

  • Cybersecurity Analyst
  • Cybersecurity Consultant
  • Cybersecurity Manager/Administrator
  • Systems Engineer
  • Network Engineer/Architect
  • Penetration Tester
  • Incident Analyst

There's a growing recognition that for many firms, it will be a case of when, not if, they come under a cyber security attack. While efforts to prevent attacks must always be important, individuals with the skills and experience to respond quickly to incidents, put in place mitigation strategies, and develop clear learning plans to avoid future issues may find themselves in high demand. 

If you're looking to make 2022 a new start for your future career, upload your CV today or browse our range of cyber security openings to find one that's suitable for you.