Quit Your Day Job: Filling the Cybersecurity Skills Gap With Freelance Security Professionals

In my 21 years as an independent contractor in the security industry, I have seen hiring strategies evolve from traditional methods to the heavily outsourced model of today. In fact, I foresaw this shift back in 1996 when I witnessed the emergence of specialized demands within the industry. Today, many organizations are turning to freelance and temporary workers to address the growing cybersecurity skills gap.

The gig economy is not for everyone. It demands an entrepreneurial mindset, thick skin, a Rolodex of contacts, perseverance and, above all, family support. Like any other business, freelancers are responsible for acquiring their projects as well as back-office administrative work such as legal, accounting, procurement of office facilities and computer equipment, transportation, insurance and more. This is how an independent worker operates.

Freelancing is not ideal for those seeking a steady income, but many professionals are forced to freelance due to widespread furloughs and outsourcing of work to third parties. Others who have extensive experience in the industry may think of it as a grand opportunity to provide and deliver sorely needed wisdom and experience to organizations that lack these insights. The gig economy can also benefit millennials seeking to gain a foothold within an organization as well as mid-career professionals seeking job flexibility.

A Paradigm Shift for Hiring Managers

The gig economy grew out of the combination of digital platforms that leveraged underutilized assets. For example, key players in various industries, such as Uber and Airbnb, are tapping into underutilized human assets by using cloud technology. Companies from around the world, along with their consumers, have jumped into this phenomenon head-first, embracing the easy access and variety of choices available from their mobile devices. As a result, the gig economy has evolved from a business-to-consumer (B2C) to a business-to-business (B2B) industry.

Today, employers are in the midst of a paradigm shift from the traditional employee career path to a temporary on-demand model, which lowers costs and generates more competition for talent. This includes executive-level positions such as virtual chief information security officer (vCISO). These opportunities are often available in organizations that lack the internal expertise to augment the executive staffing requirements on a temporary or interim basis. They typically involve delivering a security program, developing and assessing the security posture, producing a road map to achieve maturity goals and conducting other CISO-related responsibilities.

The gig economy mentality also exists internally within many organizations. A CISO might offer freelance opportunities to current employees working in other areas of the business. For example, a network or application engineer may want to gain additional experience by participating in a security project. Likewise, a security application engineer may want to learn more about enterprise resource planning (ERP) systems by diving into mainframe applications such as common business-oriented language (COBOL).

According to Upwork’s “Freelancing in America 2017” report, 57.3 million people freelanced this year and contributed roughly $1.4 trillion to the U.S. economy, an increase of 30 percent since 2016. Security leaders must tap into this growing workforce to fill the expanding cybersecurity skills gap.

Advantages of Hiring Freelancers

There are many advantages to hiring freelance workers. Perhaps the most obvious is that employers are not required to pay taxes or insurance. Most independent contractors carry their own insurance and provide their own equipment. Other freelancers operate under an umbrella organization or staffing agency that provides such assurances.

Furthermore, freelancers are experienced and able to hit the ground running to deliver the skills necessary to complete the project at hand. Some temporary workers are even versatile enough to help with other projects within the enterprise.

One of the most appealing benefits of hiring freelancers is reduced overhead, which vastly improves the contractor’s experience and, in turn, the quality of the work. It also minimizes the need to screen employees for cultural fit.

Finally, freelancers are independent and thus more likely to dazzle with their experience and work ethic. These employees are the masters of their own destiny, so they are typically highly motivated to meet clients’ expectations and needs.

Closing the Cybersecurity Skills Gap

Despite the benefits described above, the transient nature of the gig economy could potentially create security risks. Freelancers often use their own equipment and mobile devices, which could introduce threats into the corporate environment. However, this also holds true for full-time employees working remotely or from personal devices, and security consultants who are responsible for protecting their own data are more likely to advocate and follow security best practices.

Today, the gig economy represents one of the best opportunities for security leaders to close the cybersecurity skills gap. Many seasoned freelance consultants see themselves as part of the businesses with which they work and identify with the values of those organizations. They are valuable resources capable of blending seamlessly into a wide variety of workplace cultures and working in tandem with full-time employees to best serve the organization’s security needs.

Share this Article:
George Moraetes

VP, Chief Security Officer and Architect, Securityminders Corporation

George Moraetes is one of the leading information security practitioners with over 20 years of industry experience. He currently serves as the VP, Chief Security Officer and Architect of Securityminders Corporation. In this role, he provides consulting services for Fortune 500 clients, federal and state governments in multiple management role engagements. He is responsible for strategy development, designing and implementing security architectures and overseeing security infrastructure implementations.