This post was originally published by (ISC)² Management.
The gig economy has grown rapidly in recent years and now includes more than one third of U.S. workers who describe themselves as consultants, freelancers or self-employed. It isn’t surprising then that 31% of organizations say that consultants and contractors are the top source they tap into for cybersecurity talent, according to the (ISC)² 2020 Cybersecurity Workforce Study. In fact, this group is the second-most popular talent source overall, just after new university graduates.
The largest number of consultants (40%) work with small and mid-sized businesses (SMB), which could include small sole-proprietary businesses (think a self-employed CISSP starting his or her own business), as well as those advising multiple clients while working for a small solution provider organization. 23% work as independent contractors or freelancers. Another 23% work for large advisory firms. In addition, 10% say they work for large technology vendors or service providers, and 2% for defense contractors.
The term “consultant” carries some ambiguity since just about anybody can work as a consultant of some sort. Adding to the mystery, a consultant can be employed full time by one company while providing services to another organization, in which case the person might not qualify as a gig economy participant.
Whatever the case may be, working as a consultant typically implies a minimum level of expertise and experience in a particular field. In fact, nearly half (45%) of all consultants who responded to the (ISC)² study hold a CISSP certification, and 20% hold a CISSP with a concentration in architecture, engineering or management. In cybersecurity, according to the workforce study, consultants deliver a range of services, including risk management, forensics and software development.
Many CISSPs Fit the Consultant Mold
The most prevalent role for cybersecurity consultants, the research shows, is risk management (59%), followed by compliance (54%) and security operations (49%). Other roles include security administration (37%), operational technology security (28%) and working with industry-focused solutions (23%).
Knowing how cybersecurity consultants define their roles helps to get a clearer picture of the cybersecurity workforce’s composition, although not entirely. For instance, knowing someone works with “industry-focused solutions” is helpful but still leaves room for interpretation as to what the role actually entails.
Another finding regarding consultants relates to recruiting and hiring. From a total market perspective, the largest source of cybersecurity talent consists of educational institutions, at 32%, followed closely by consultants and contractors (31%).
There are some regional differences, according to the study. “Organizations in Latin America and the Asia-Pacific region are more likely than others to recruit from educational institutions and security or hardware vendors, while organizations in North America and Europe are more likely than others to recruit consultants.”
Interestingly, compared to Latin America and Asia-Pacific, Europe and North America currently have smaller skills gaps. The widest gap, of about 2 million, is in Asia-Pacific, and Latin America follows with 527,000 needed cybersecurity professionals. Those compare to 376,000 in North America and 168,000 in in Europe.
It’s possible that a wider availability of consultants and contractors makes it easier to fill gaps, even if temporarily, in Europe and North America. Whatever the case, it’s clear that consultants make up a significant portion of the cybersecurity workforce. The flexibility it provides to both the organization and the individual cannot be overlooked. Businesses save on typical employee costs like profit sharing and healthcare, while leveraging hard-to-find talent to augment their in-house cybersecurity staffs. The consultant has the freedom to take work from their choice of client, or from multiple clients, and can sell their services on the open market.
If the gig economy continues to expand, as it is projected to, we may see in the near future an even larger number of consultants, including freelancers and independent contractors, serving the field.
Read more here: blog.isc2.org