November 21, 2017 By George Moraetes 3 min read

In my 21 years as an independent contractor in the security industry, I have seen hiring strategies evolve from traditional methods to the heavily outsourced model of today. In fact, I foresaw this shift back in 1996 when I witnessed the emergence of specialized demands within the industry. Today, many organizations are turning to freelance and temporary workers to address the growing cybersecurity skills gap.

The gig economy is not for everyone. It demands an entrepreneurial mindset, thick skin, a Rolodex of contacts, perseverance and, above all, family support. Like any other business, freelancers are responsible for acquiring their projects as well as back-office administrative work such as legal, accounting, procurement of office facilities and computer equipment, transportation, insurance and more. This is how an independent worker operates.

Freelancing is not ideal for those seeking a steady income, but many professionals are forced to freelance due to widespread furloughs and outsourcing of work to third parties. Others who have extensive experience in the industry may think of it as a grand opportunity to provide and deliver sorely needed wisdom and experience to organizations that lack these insights. The gig economy can also benefit millennials seeking to gain a foothold within an organization as well as mid-career professionals seeking job flexibility.

A Paradigm Shift for Hiring Managers

The gig economy grew out of the combination of digital platforms that leveraged underutilized assets. For example, key players in various industries, such as Uber and Airbnb, are tapping into underutilized human assets by using cloud technology. Companies from around the world, along with their consumers, have jumped into this phenomenon head-first, embracing the easy access and variety of choices available from their mobile devices. As a result, the gig economy has evolved from a business-to-consumer (B2C) to a business-to-business (B2B) industry.

Today, employers are in the midst of a paradigm shift from the traditional employee career path to a temporary on-demand model, which lowers costs and generates more competition for talent. This includes executive-level positions such as virtual chief information security officer (vCISO). These opportunities are often available in organizations that lack the internal expertise to augment the executive staffing requirements on a temporary or interim basis. They typically involve delivering a security program, developing and assessing the security posture, producing a road map to achieve maturity goals and conducting other CISO-related responsibilities.

The gig economy mentality also exists internally within many organizations. A CISO might offer freelance opportunities to current employees working in other areas of the business. For example, a network or application engineer may want to gain additional experience by participating in a security project. Likewise, a security application engineer may want to learn more about enterprise resource planning (ERP) systems by diving into mainframe applications such as common business-oriented language (COBOL).

According to Upwork’s “Freelancing in America 2017” report, 57.3 million people freelanced this year and contributed roughly $1.4 trillion to the U.S. economy, an increase of 30 percent since 2016. Security leaders must tap into this growing workforce to fill the expanding cybersecurity skills gap.

Advantages of Hiring Freelancers

There are many advantages to hiring freelance workers. Perhaps the most obvious is that employers are not required to pay taxes or insurance. Most independent contractors carry their own insurance and provide their own equipment. Other freelancers operate under an umbrella organization or staffing agency that provides such assurances.

Furthermore, freelancers are experienced and able to hit the ground running to deliver the skills necessary to complete the project at hand. Some temporary workers are even versatile enough to help with other projects within the enterprise.

One of the most appealing benefits of hiring freelancers is reduced overhead, which vastly improves the contractor’s experience and, in turn, the quality of the work. It also minimizes the need to screen employees for cultural fit.

Finally, freelancers are independent and thus more likely to dazzle with their experience and work ethic. These employees are the masters of their own destiny, so they are typically highly motivated to meet clients’ expectations and needs.

Closing the Cybersecurity Skills Gap

Despite the benefits described above, the transient nature of the gig economy could potentially create security risks. Freelancers often use their own equipment and mobile devices, which could introduce threats into the corporate environment. However, this also holds true for full-time employees working remotely or from personal devices, and security consultants who are responsible for protecting their own data are more likely to advocate and follow security best practices.

Today, the gig economy represents one of the best opportunities for security leaders to close the cybersecurity skills gap. Many seasoned freelance consultants see themselves as part of the businesses with which they work and identify with the values of those organizations. They are valuable resources capable of blending seamlessly into a wide variety of workplace cultures and working in tandem with full-time employees to best serve the organization’s security needs.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today