Skip to content

76% Of Enterprises Prioritize AI & Machine Learning In 2021 IT Budgets

  • 43% of enterprises say their AI and Machine Learning (ML) initiatives matter “more than we thought,” with one in four saying AI and ML should have been their top priority sooner.
  • 50% of enterprises plan to spend more on AI and ML this year, with 20% saying they will be significantly increasing their budgets.
  • 56% of all enterprises rank governance, security and auditability issues as their highest-priority concerns today.
  • In just over a third of enterprises surveyed (38%), data scientists spend more than 50% of their time on model deployment.   

Enterprises accelerated their adoption of AI and machine learning in 2020, concentrating on those initiatives that deliver revenue growth and cost reduction. Consistent with many other surveys of enterprises’ AI and machine learning accelerating projects last year, Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning finds enterprises expanding into a wider range of applications starting with process automation and customer experience. Based on interviews with 403 business leaders and practitioners who have insights into their company’s machine learning efforts, the study represents a random sampling of industries across a spectrum of machine learning maturity levels. Algorithmia chose to limit the survey to only those from enterprises with $100M or more in revenue. Please see page 34 of the study for additional details regarding the methodology.   

Key insights from the research include the following:

  • 76% of enterprises prioritize AI and machine learning (ML) over other IT initiatives in 2021. Six in ten (64%) say AI and ML initiatives’ priorities have increased relative to other IT priorities in the last twelve months. Algorithmia’s survey from last summer found that enterprises began doubling down on AI & ML spending last year. The pandemic created a new sense of urgency regarding getting AI and ML projects completed, a key point made by CIOs across the financial services and tech sectors last year during interviews for comparable research studies.
76% Of Enterprises Prioritize AI & Machine Learning In 2021 IT Budgets
Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning
  • 83% of enterprises have increased their budgets for AI and machine learning year-over-year from 2019 to 2020. 20% of enterprises increased their budget by over 50% between 2019 and 2020. According to MMC Ventures’ The State of AI Divergence Study, one in ten enterprises now uses ten or more AI applications with chatbots, process optimization and fraud analysis leading all categories. A recent Salesforce Research report, Enterprise Technology Trends, found that 83% of IT leaders say AI & ML is transforming customer engagement and 69% say it is transforming their business. The following compares year-over-year AI and ML budget changes between FY 2018 – 2019 and FY 2019 – 20.
76% Of Enterprises Prioritize AI & Machine Learning In 2021 IT Budgets
Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning
76% Of Enterprises Prioritize AI & Machine Learning In 2021 IT Budgets
Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning
  • Improving customer experiences to drive greater revenue growth and automating processes to reduce costs are the two most popular use cases or application areas for AI and ML in enterprises today. It’s noteworthy that seven of the top 20 use cases are customer-centric, nearly half of all use cases tracked in Algorithmia’s survey.  46% of enterprises are using AI & ML to combat fraud, which will most likely grow given the growth and severity of breaches, including the SolarWinds cyberattack. Capgemini’s recent study of AI adoption in cybersecurity found network, data and endpoint security are the three leading use cases of AI in cybersecurity today, with each predicted to get more funding in 2021, according to CISOs interviewed for the report.
76% Of Enterprises Prioritize AI & Machine Learning In 2021 IT Budgets
Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning
  • AI and ML business cases that provide greater customer revenue growth, reduced costs and greater financial visibility have the highest priority of being funded inside any enterprise today. The combination of improving customer experiences, automating processes (to reduce costs) and generating financial insights (for greater financial visibility) is the ideal combination for getting a proof of concept started for an AI or ML project. The proliferation of AI and ML use cases shown in the graphic below is attributable to how each contributes to enterprises achieving a tangible, positive ROI by combining them to solve specific business problems.
76% Of Enterprises Prioritize AI & Machine Learning In 2021 IT Budgets
Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning

Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
  • According to Burning Glass Technologies, the two tech job skills paying the highest salary premiums today and in 2021 are IT Automation ($24,969) and AI & Machine Learning ($14,175).
  • The average salary premiums for the most in-demand tech skills range from $4,204 to nearly $25,000.
  • Startups valued at $1 billion or more are 33% more likely to prioritize one or several top ten tech job skills in their new hire plans versus their legacy Fortune 100-based competitors or colleagues.

These and many other fascinating insights are from Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech, Burning Glass Technologies’ latest research study published earlier this month. Their latest study provides pragmatic, useful insights for tech professionals interested in furthering their careers and earning potential. Burning Glass Technologies is a leading job market analytics provider that delivers job market analytics that empowers employers, workers and educators to make data-driven decisions. 

Using AI To Find The Most Valuable Job Skills

Using artificial intelligence-based technologies they’ve developed, Burning Glass Technologies analyzed over 17,000 unique skills demanded across their database of over one billion historical job listings. The study aggregates then define disruptive skill clusters as those skill groups projected to grow the fastest, are most undersupplied and provide the highest value. For additional details regarding their methodology, please see page 8 of the report.

The research study is noteworthy because it explains how essential acquiring skills is to translating new technologies’ benefits into business value. They’ve also taken their analysis a step further, providing technical professionals with additional insights they need to plan their personal development and careers.

Key takeaways from their analysis include the following:

  • IT Automation expertise can earn technical professionals a $24,969 salary premium, the most lucrative of all tech job skills to have in 2021. Burning Glass Technologies defines IT Automation as the skills related to automating and orchestrating digital processes and workflows. Six of the ten job skills are marketable enough to drive technical professionals’ salaries above $10,000 a year. At an average salary uplift of $8,851, proactive security (cybersecurity) job skills’ market value seems low. Future surveys in 2021 will most likely reflect the impact of the SolarWinds breach on demand for this skill set. The following graphic compares the average salary premium by tech job skill area.
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech by Burning Glass Technologies
  • Software Dev. Methodologies (DevOps) expertise is the most marketable going into 2021, with 634,600 open positions available in North America based on Burning Glass Technologies’ analysis. Employers initiated 1,714,483 job postings requesting at least one disruptive skill area between December 2019 and November 2020. With each skill predicted to grow at least 17%, technical professionals have several lucrative options for their personal and professional development plans. The following graphic compares job openings by skill areas for the time frame of the study:
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech by Burning Glass Technologies
  • Quantum Computing, Connected Technologies, Fintech and AI & Machine Learning expertise are predicted to be the fastest-growing tech job skills in 2021 and beyond. Demand for technical professionals skilled in building and optimizing quantum computers and their applications will be in high demand for the next five years based on the study’s findings. Connected Technologies refers to skills related to the Internet of Things and connected physical tools and the telecommunications infrastructure needed to enable them. Fintech skills are related to technologies, including blockchain and others, that make financial transactions more efficient and secure. The following graphic compares the top ten tech job skills predicted to grow the fastest in 2021.
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech by Burning Glass Technologies
  • AI & Machine Learning, Cloud Technologies, Parallel Computing and Proactive Security (Cybersecurity) are the most distributed across industries, translating into more diverse job opportunities for technical professionals with these skills. Professional Services leads all industries in demand for nine of the ten tech job skills, except Parallel Computing, the most in-demand skill in Manufacturing. Factors contributing to Professional Services leading all industries in demand for technical job skills include the following factors. First, their business models need to continue pivoting fast to stabilize during the pandemic. Second, better risk and compliance controls of remote operations are urgently needed. Third, better visibility into services costs across all systems to ensure financial reporting accuracy is a must-have, according to the CFOs I spoke with regarding the survey results. The following graphic compares demand for tech skills by industry sector.
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech by Burning Glass Technologies
  • Demand for AI and Machine Learning skills is growing at a 71% compound annual growth rate through 2025, with 197,810 open positions today. Technical professionals with job skills in this area see salary premiums of $14,175. Top positions include Data Scientist, Software Developer, Network Engineer, Network Architect, Data Engineer and Senior Data Scientist.
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech by Burning Glass Technologies
  •  Positions requiring IT Automation job skills are predicted to grow 59% over the next five years and have 282,380 positions open today. Besides being the most lucrative job skillset to have, IT Automation job skills lead to positions including Software Developer, DevOps Engineer, Senior Software Developer, Systems Engineer and Java Developer or Engineer.
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021
Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech by Burning Glass Technologies

10 Ways AI Is Improving Cannabis Yields And Security

  • According to BDS Analytics, the Covid-19 pandemic drove retail sales up 35% above industry forecasts, accelerated by cannabis businesses being declared “essential” for medical purposes in virtually every U.S. legal market.
  • Fueled by strong consumer demand, annual legal (medical and adult-use) sales are projected to grow at a compound annual growth rate (CAGR) of 21%, to reach more than $41 billion by 2025 (from $13.2 billion in 2019), according to New Frontier Data.
  • BDS Analytics predicts that the U.S. Cannabis Industry will generate $20.8 billion in direct spending in 2021 and $39.6 billion in total economic contribution after factoring its indirect economic effects.

Bottom Line:  With an average yield per acre of $1.1 million, legal cannabis agriculture dwarfs all other crops in revenue potential while also providing the resources needed to fund AI-based monitoring to improve yields and security. 

Cannabis’ value per acre dwarfs all other crops being produced in North America today, prompting every commercial grower to consider how they can improve yields further while securing their crops on a 24/7, virtual basis. Recent studies by the USDA, The Rand Corporation, and the Marijuana Cultivators of Oregon find that at an average price of $1,948 per pound at Colorado prices, an acre of marijuana can yield more than $1.1 million per acre. The studies compared the most widely grown crops in the U.S., including corn, soybeans, oats, and wheat, which all yield less than $1,000 per harvested acre. The following graphic from New Frontier Data illustrates how profitable an acre of marijuana is to cultivate than other crops. 

10 Ways AI Is Improving Cannabis Yields And Security

Using AI to Protect & Grow a Cash Crop

AI and machine learning-based techniques based on real-time monitoring data are an integral part of today’s innovation in cannabis farm management.  Supervised machine learning algorithms capable of identifying patterns and sequences in imagery from thermal, infrared, and night vision cameras in real-time can help identify diseases affecting plants early. Identifying and alerting farm staff of a breach or break-in by an animal or person is possible using AI-based smart monitoring systems.

The more advanced a smart monitoring system is in its use of machine learning and real-time monitoring integration, the more effective it is in spotting anomalous activity.  Over time, the best AI-based remote monitoring and surveillance systems “learn” or begin to identify recurring patterns in data. Cannabis farms rely on AI and machine learning to identify which techniques for improving yield rates by specific fertilizer treatment produce the most flowers and overall yield per acre.

The following are ten ways AI is being used for improving cannabis yields and security:

  1. Monitoring real-time video feeds of remote cannabis fields using machine learning-based surveillance systems can identify a breach by an animal or human then send an alert immediately.  Given how valuable a single acre of cannabis is to a farm, knowing in real-time if there’s been an attempted breach or break-in can save thousands of dollars in potential crop damage and theft. Federated cannabis farms with multiple remote locations are starting to use AI and machine learning-based remote monitoring to secure their operations. Machine-learning based video surveillance systems can be programmed or trained over time to identify employees versus unknown people and easily spot animals attempting to break into a field.  The following image from Twenty20 Solutions illustrates how machine learning is used for identifying activity at a remote location:
  • Reducing the dependence on onsite security guards alone and gaining a 24/7, 365-day monitoring view of each grow and farm site. Instead of relying only on onsite security teams to monitor video feeds in real-time, cannabis growers turn to AI and machine learning-based surveillance to isolate the most anomalous or unexpected events given the pattern of previous activity on a site. Reducing the cost and insurance liability of having security teams on site is one of the most significant benefits of relying on a cloud-based remote monitoring system that can interpret and provide alerts based on real-time data.
  • AI-based surveillance monitoring systems can prepare activity reports in minutes for state and federal auditors, saving farmers and administrative staff thousands of hours a year getting the data together for audit teams.  Using machine learning and advanced video analytics, growers and their staff can prepare for state and federal audit reports in minutes instead of the many hours needed in the past.   
  • Helping to keep licensed cannabis growers in compliance by providing a 24/7, 90 day or longer video history of all activities at their farms keeps them in compliance with state regulatory requirements. Included in several states’ requirements are the specific requirements for video footage access, video archiving, access requirements, how cameras are placed, and how quickly video footage can be accessed. State regulatory agencies are initiating audits of licensed cannabis growing facilities in 2021. All states require video footage to be archived, yet 72% of cannabis operators fail to comply with security and surveillance requirements, according to a recent study by the Brightfield Group:
    • California regulations require that all video recordings from surveillance be saved 90 days or longer.
    • Washington requires all video recordings to be archived for a minimum of 45 days.
    • Oregon requires licensed cannabis growers to retain 24/7 video for 90 days with a minimum of 1.3mp per camera at 10fps. The exterior is 5fps.
  • Cannabis farms often experiment with new fertilizers and plant treatments on a pilot acre to see if they achieve the expected results, and machine learning-based analysis of video stream data helps track results.  Agricultural improvements in cannabis farming continue to accelerate as medical and leisure demand continues to grow exponentially. For example, a cannabis grower will often begin planting in the May/June timeframe to achieve a density of up to 4,000 plants per acre. Taking the real-time data stream infrared and thermal cameras of the acre will quickly tell growers how effective their new fertilizer and plan treatments are. Using the data from their monitoring system, the growers will expand the treatment to their entire farm, often over 40 to 50 acres in size.
  • Monitoring every access point to a facility with video surveillance 24/7 combined with sound recording can prove invaluable in stopping a break-in before it happens. Every entrance to a cannabis farm needs to be considered a primary threat vector if the farm will stay safe. Advanced remote monitoring and surveillance systems can provide video analytics that correlates sound, video, and status of infrared and thermal cameras, which together can help identify potential break-ins. And with real-time alerts, farm staff can take action immediately even if they aren’t onsite.
  • A few of the largest cannabis growing companies are experimenting with advanced video analytics combining infrared and thermal camera technologies to monitor insects and rodents’ impact on yield rates.  Real-time video feeds are being digitally analyzed using advanced video analytics techniques by the largest cannabis farms today to find out how effective pesticides, insect, and rodent deterrents are at protecting their cannabis crops.    
  • When a surveillance system is cloud-based, it is possible to access any farm or cannabis sites’ real-time video feeds, history of alerts, and advanced video analytics from any browser-based device at any time. Remote monitoring systems that are cloud-based often provide much greater flexibility in viewing, analyzing, and sharing monitoring data than their on-premise system counterparts. Any device with a browser can access the platform’s reporting features and know what is going on at a remote farm or cannabis production facility. 
  • AI-based remote monitoring systems can also identify potential safety hazards to workers and reduce workplace injuries and potential liability litigation. Using advanced pattern matching supported by supervised machine learning algorithms, cannabis growers can identify when workers in high-risk roles are at risk of getting hurt while on the job. All cannabis facilities in the U.S. continue to have the requirement of everyone wearing a face shield and masks for the site to stay in compliance with CDC guidelines. Remote monitoring systems can tell immediately which work teams need coaching to remain in compliance. 
  1. Define access privileges across a farm facility by the level of access every employee needs to do their job, which is especially useful for new hires. New hires often start in the field and don’t need access to the front offices or the accounting department, for example. One of the most challenging aspects of running a cannabis business is cash management. Using an AI-based surveillance and monitoring system integrated into the local security system and intelligent locks, employees are provided the level of access they need on the first day to be productive.

Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist

Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist

Bottom Line: Cyberattacks enter a new era of lethal impact when threat actors are sophisticated enough to compromise SolarWind’s software supply chain with infected binary code while mimicking legitimate protocol traffic to avoid detection.

To gain greater insights into the SolarWinds breach, its implications on cybersecurity strategy in the future and what steps enterprises need to take today, I contacted Andy Smith, Cybersecurity Evangelist and an industry expert with Centrify. He explained the attack’s specifics, referencing the Cybersecurity and Infrastructure Security Agency’s (CISA) Alert AA20-352A, which details how sophisticated the attack is, citing the sobering fact that it is unknown if all attack vectors are identified. Active since at least March 2020, the advanced persistent threat (APT) has been identified by FireEye, SolarWinds, Microsoft and several other cybersecurity firms.

SolarWinds’ Security Advisory lists 18 known products that have been affected by the attack, including their Application Centric Monitor (ACM), Server Configuration Monitor (SCM) and Network Performance Monitor (NPM). Earlier this month, SolarWinds says the malicious code may have been delivered to nearly 18,000 customers.

Insights Into The SolarWinds Hack

Interested in dissecting the hack from a cybersecurity standpoint, I spent some time investigating the SolarWinds hack with Andy, a leading authority on Identity and Access Management (IAM), particularly around securing and managing privileged access credentials. The following is my interview with Andy:

Louis: There have been large-scale breaches before; why is this particular cybersecurity attack getting so much attention? Why is it so enormous?

Andy: What’s interesting about this particular attack is a couple of things. It follows a very traditional cyber-attack kill chain as many attacks, but the start of this one is impressive. Usually, there’s a vulnerability that allows threat actors to get into the network. What’s unique about this is the initial vulnerability is in vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code.

The exposure to federal agencies and the attackers’ focus going after emails is especially troubling. It appears like it’s a nation/state-related incident that always heightens the exposure and is another reason it’s so large in scale. Some tools that FireEye uses for Red Team evaluation of people’s networks got exposed, so now those tools are in the hands of threat actors to do nefarious activities with them.

That’s one aspect of this hack that makes it remarkable, as sophisticated tools from FireEye are in nefarious actors’ hands. That’s one reason it’s enormous: you just gave something that was being used for good to threat actors intent on gathering as much intelligence across a supply chain of customers as they can.

Louis: How are the cyber-attack methods used in the SolarWinds hack particularly unique?

Andy: It follows a very common cyber-attack kill chain we’ve seen at Centrify for years. We ran the Anatomy of a Hack webinar earlier this year and it always starts with that initial vulnerability and getting in. What’s unique was this case is that the initial vulnerability wasn’t just, “Hey, I phished somebody’s password and logged in.” It was a vulnerability in the software build process for SolarWinds. So that’s a bit unique about how that initial vulnerability was there.

Still, once the attackers are in, the breach starts to look very traditional in the sense that they settle in, sit there for a while, scan the network, move laterally in that environment and hunt for privileged access.

All those things happened precisely by the people who investigated and then you find the data you’re going after. In some cases, it’s been software, as is the case with FireEye, or email servers, as is the case with government agencies. Attackers are patient and they wait to extract the data and then cover their tracks.

Louis: You and many others are an advocate of a layered approach to security. What is that and how would it have helped in the SolarWinds case?

Andy: For me, the biggest takeaway of this hack is that a layered approach to security is the way to go in the future in light of this hack’s sophistication. There’s no silver bullet to stop a hack this sophisticated, though. No one strategy or approach could have prevented it.

When you investigate this attack, it is pretty sophisticated and has multiple vectors to it and one has to assume there will be certain threat vectors compromised. That initial vulnerability will be there and you need those layers of security to prevent it, so you need to look at preventive controls, predictive controls and detective controls. All those need to be combined into a single, unified strategy.

For every organization looking at this hack and considering how future attacks of this sophistication will impact them, it’s a good idea to use this event as a way to get your board and executives thinking about a more resilient, hardened multilayer approach and not relying on a single solution to protect you. I see organizations using this opportunity to evaluate how a layered approach will work for their projects when it might not have been feasible to fund in the past.

It’s an extreme attack that shows how vulnerable the exposures are out there. It’s a good time to shore up your defenses. The Federal Information Processing Standard 200, or FIPS 200, the standard offers excellent guidance, including discussing the different types of layers and controls available today. Minimum Security Requirements for Federal Information and Information Systems defines the minimum security controls for federal information systems and the processes by which risk-based selection of security controls occurs.

If you dig into the National Institute of Standards and Technology (NIST) Special Publication 800-53, that gets a little deeper into the particular cyber controls you have in place. There is guidance available. You’re not out there on your own about what the layers should be and you can evaluate yourself against these standards.

Louis: What are some layers specific to privileged access management? Are there any particular PAM best practices that enterprises should be thinking about right now?

Andy: Absolutely and I’ll start with Privileged Access Management (PAM), which is one of the core layers. Investigations into this hack found specific evidence where they got in and created new accounts with elevated privileges to access data. It’s all over this.

We typically state the Forrester stat that 80% of hacks involve compromised privileged access. This SolarWinds example is no exception: that’s what happened.

Additional points to keep in mind include the following:

  • Before our interview, we talked about how vulnerable passwords are and how using the company’s name, followed by 123, is not a good idea – that ties into going pro with preventive controls rather than just relying on a password. That’s a perfect example of what not to do. Organizations can design preventive privileged access controls and detective controls and both are typically provided in Privileged Access Management solutions. Best practices call for multiple preventive controls – strong passwords, multi-factor authentication, password rotation, maybe use a federated credential and have privileged users log in as themselves for better auditing and accountability.
  • Rethink enterprise cybersecurity from a preventive control perspective that includes least privileged access. Simplistic preventive controls aren’t enough, as the sophistication of this hack shows. Preventive controls need to be strengthened with least privilege. The account creation process needs to provide as little privilege as possible to the server level. Workflows to request additional access need to be used to provide resources for a predefined period. If these types of controls had been in place, malicious code disguised in executable files and dynamic linked libraries would not have traveled as far down the supply chain.
  • Lastly, even if threat actors get through or you don’t have enough of those layers in place, you want detective controls. PAM solutions should have audit capabilities that watch what privileged users do. In the financial markets, there are things like the “four-eye principle,” where people are watching what other people are doing and so you can watch a privileged session in real-time and verify what users are doing. Of course, all that’s audited in the recording. You can send that information off to a SIEM to be correlated with other data to look for compromise indicators. Recent articles I’ve read pointed out the attackers were in the FireEye network for months before being detected. FireEye detected that they had been attacked thanks to detective controls.

Louis: The SolarWinds attack seems to have rejuvenated the case for Zero Trust. How can companies adopt a Zero Trust mindset and take stock of their security layers today?

Andy: Definitely and I see organizations accelerate their Zero Trust initiatives today. Organizations can get started on their Zero Trust frameworks by reviewing the FIPS and NIST publications. Review the layers of your security stack with a Zero Trust mindset. Don’t configure your network to trust someone just because they gained access. That’s how these attackers got in, laying in the network for plenty of time. Zero Trust says, “Don’t trust that authenticated network access. That could still be a compromised credential or a threat actor,” and this is a perfect example of that. This is why Zero Trust is critical: just because they’re on your network doesn’t mean they’re trustworthy.

The concept of least privilege, of authenticating at each step, introduces segmentation. When I give access, it’s just to that machine or that service that I need access to and not broad access across the network a network segment. That’s how you prevent that lateral movement. A Zero Trust mindset that Zero Trust philosophy of security is critical in this case.

Louis: What do you think will happen from the perspective of micro-segmentation and how does this hack change the balance of security relative to ongoing operations of a business?

Andy: I think it’s another evidence of our current breach culture and brings forth more awareness. More and more, events like this will make cybersecurity a higher priority in an organization – one essential to excel at to keep a business operating. So from that perspective, it is a business enabler.

If you do it right, you can start to do things like moving to the cloud and start to do things that make you more agile. The more we can think of security as a business enabler instead of a business blocker, the better we are. Taking the lessons learned from this hack and using them to create a more resilient, hardened organization is a start.

Conclusion

80% of hacks involve the use of compromised privileged credentials and this one is no exception. An important layer of control is Privileged Access Management (PAM) solutions such as Centrify, which typically involve predictive, preventive and detective controls.

In the end, it is security layers and vigilance that make the difference in minimizing the impact of a breach. NIST’s guidance can be constructive in cybersecurity planning, which can also be informed by Zero Trust’s principles. Remember, it’s not a question of if you will be hacked. It’s a matter of when and what you can do to limit the impact through layers.

The Best Tech Companies For Remote Jobs In 2021 According To Glassdoor

  • Glassdoor shows 3,937 companies in the middle of a hiring surge during Covid-19, 960 of which are in information technology.
  • Leading software companies going through a hiring surge right now include Aha! Software, Appen, Clevertech, CrowdStrike, Datadog, Dataiku, Fastly, Hashicorp, Leidos, Liveops, Netskope, Proofpoint, Rackspace, Zapier and Zendesk.   
  • Modern Tribe, Dataiku, Zapier, PartnerCentric, Slack, Fuse, ScienceLogic and SAP are the highest rated companies by their employees on Glassdoor who offer remote jobs today.
  • Between Glassdoor, Indeed, LinkedIn and Monster, there are over 16,500 open remote-based software technical professional jobs available today. Companies with open, remote-based solutions include Aha!, Box, Cloudera, DemandBase, Jobot,  Red Hat, NTT Data, Salesforce and many others.   
  • Freshworks currently has 161 openings, the majority of which are remote. Check out their open positions here on Glassdoor.
  • GitLab alone has 79 remote full-time positions open today and is widely considered a leader in creating a productive, positive remote working culture, with 88% of employees saying they would recommend the company to a friend.  

These and many other useful insights are based on comparing the leading tech companies who offer remote, work-from-home job positions by their Glassdoor scores. Leading tech companies are ranked on the percentage of employees who would recommend their company to a friend and the percent of employees who approve of the CEO. The total number of open job positions by company is in the third column of the table. Hiring companies of note include the following:

PowerToFly has had an impressive growth year and is the go-to remote job search engine for women professionals. The company was launched in 2014 by Milena Berry and Katharine Zaleski to connect Fortune 500 companies, startups and growing companies with women looking to work for businesses that value gender diversity and inclusion. PowerToFly’s number of available remote jobs has soared from 994 earlier this year to over 2,500 open remote positions today. 94% of employees would recommend working at PowerToFly to a friend and 93% approve of their CEOs.  

The best tech companies for remote jobs in 2021 table is shown below. You can download the original Excel data set here. Please click on the image to expand it for easier reading.

  • Angelist has 2,700 enterprise software-related remote positions on their website today with companies including Auth0, Arctic Wolf Networks, Confluent, Couchbase, HackerOne, Slack, MindTickle, MongoDB, Sendoso, Tanium and many others.  
  • FlexJobs has 5,566 remote-based software jobs that include full-time, part-time and freelance positions. Open positions include Senior Software Engineers, DevOps Engineers, Product Managers, Project Managers, Full Stack Developers and more. 
  • Remotive provides a curated list of 192 startups, many of which have open remote-based positions on December 1, 2020.
  • StackOverflow has 815 open remote-based job positions available today, including Canonical (39 open jobs), Octane AI, Shield AI and many others.
  • Torch Capital’s Talent Connect Portal has 980 positions open today, including several from DoubleVerify, Electric, Lexis Nexis, Nexon America, Shopify, Tesla and others.  
  • Working Nomads site currently has 11,216 remote, work-from-home development jobs advertised. There are also 2,021 marketing, 1,922 management, 1,873 system administration, 1,592 design and 1,164 sales remote, work-from-home job postings.  

12 Cybersecurity CEOs On What Each Learned Leading During The Pandemic

Bottom Line: Cybersecurity CEOs’ lessons learned from navigating the pandemic provide a valuable framework for leading and growing a business through anxious, uncertain times.

How each cybersecurity CEO responds to the challenges of keeping employees safe, customers secure and product release cycles on schedule while still achieving customer success – all virtually – provide valuable insights into leading a company during difficult times. Simon Biddiscombe, former CEO of MobileIron (acquired by Ivanti), exemplifies the empathy all CEOs interviewed have for their employees’ welfare. “My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an “always-on business” for our customers,” Simon mentioned during a recent interview.

What made leading during the pandemic even more difficult was the exponentially increasing number of breaches and cyberattacks their customers are experiencing. McAfee Labs Covid-19 Threats Report found a 630% increase in cloud services cyberattacks between January and April of this year alone. The FBI estimates cyberattacks are up 400% due to the pandemic. As DevOps teams fast-track new features and releases, CEOs keep their virtual organizations cohesive and focused on the same goals. 

The following cybersecurity CEOs provide their most valuable lessons learned leading through the pandemic:   

Christy Wyatt, CEO of Absolute Software

About Absolute

Absolute is a leader in Endpoint Resilience solutions and the industry’s only undeletable defense platform embedded in over a half-billion devices. Enabling a permanent digital tether between the endpoint and the enterprise who distributed it, Absolute provides IT and Security organizations with always-connected visibility and Self-Healing Endpoint security.

“What are the most valuable lessons learned leading through a pandemic?” 

There was a clear moment for us where we said, “What is our objective? What is the best response to this?” And the phrase that came out was, “How can we help?” We knew our primary focus needed to be helping our customers solve a massive problem, instead of monetizing this opportunity. Making this decision to come together as a mission-driven organization… that was so incredibly powerful. 

Even as life was changing drastically between breakfast and dinner every single day and employees were navigating their own work-from-home journeys and trying to care for their families, what we heard was that this ability to contribute was the thing that they were hanging onto. They were able to say, “Listen, I’m getting up every morning and I’m helping organizations with something that’s really scary and unfamiliar.” And, they did remarkable things… these teams put themselves through so much to help our customers stand up remote work and learning environments essentially overnight.

I always say you don’t win the race when you’re in the race. It’s the training and the practice, and the talking,and the drills and the teamwork… which we had been working on long before the pandemic hit. So I think my biggest takeaway is that if you put in the training upfront and you focus on doing the right things, the right things will happen. And you really can achieve more than you thought you could.

Flint Brenton – President and CEO of Centrify

About Centrify

Centrify is redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale. Centrify Identity-Centric PAM establishes trust and then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility and reduces risk, complexity and costs for the modern, hybrid enterprise.

“What are the most valuable lessons learned leading through a pandemic?”

“Our customers and the people they serve are all going through rapid change. When you look at the concept of digital transformation, a lot of companies were struggling with that before the pandemic. Now we know that we can’t live without it. The role of the developer is more important than ever and they are driving innovation in a very different environment than they’ve ever experienced.

One of the most valuable lessons I’ve learned during the pandemic is that no matter what the obstacles are, people need connection. For a company like Centrify, that means we need to be connected to our customers intellectually, strategically, virtually and – eventually – physically.

An example of this was very clear recently, as we engaged in discussions with one of the world’s largest financial institutions to replace their existing password vaulting solution. They have a vision for where they want to be, how they are going to get there and how they are going to secure that transformation. But they need the right partner who not only has the technology capabilities and architecture for a cloud-focused, DevOps-drive, digitally-enabled enterprise, but also to understand their vision and be invested in their success.

So the CIO asked me to personally track the rollout of our product against their product enablement success and he was very interested in how our vision of Privileged Access Management will converge with cloud security, DevOps and other modern technologies and empower their vision and plan. Ultimately, he wanted connectedness. He wants a personal relationship built on understanding, honesty and accountability, even if that relationship can’t be forged and nurtured over a dinner or meeting in a conference room.

That’s the biggest lesson I’ve learned leading this year: that customers, employees, partners and peers want to be connected any way possible, even if they can’t do so in close physical proximity yet.”

Steve Havas, CEO of Evernym

About Evernym

Evernym is a pioneer in the field of verifiable credential technology, which gives individuals control over their digital identity and organizations the ability to trust and verify their data. Evernym builds and deploys self-sovereign identity solutions, with the technology and go-to-market resources powering the largest implementations of digital credentials in production.

“What are the most valuable lessons learned leading through a pandemic?” 

The pandemic has been, to say the least, impactful on society and our business. The market changes have required ruthless listening to customer needs and absolute focus on delivering what’s needed today.

We’ve all anticipated a gradual convergence of the digital and physical worlds, but that timeline has been accelerated by the sudden rise in remote work/education and contactless identity verification. We’re fortunate that this is the future we’ve been building toward, although we would have never imagined many of the COVID-19 credential use cases that are now mission-critical for our customers. It’s certainly been a lesson in adaptability and prioritization.

Benji Markoff, CEO of Founder Shield

About Founder Shield

Founder Shield is a tech-enabled insurance brokerage, focusing on rapidly growing businesses that operate in emerging industries. As a broker, we have a unique perspective of protecting our clients against cyber threats and guiding them to recovery should their fall victim. We work with forward-thinking insurers using proprietary cyber risk management tools, while also offering the most innovative insurance coverage possible.

“What are the most valuable lessons learned leading through a pandemic?” 

People say that fortunes are won and lost in times like these and it certainly appears that hackers & social engineering fraudsters have gotten that memo. Over the past 6 months, we’ve seen an increase in both hacking and social engineering attacks on clients of all shape and size $5M Revenue to $500M revenue. The reports suggest that working from home has only increased vulnerabilities of company networks (or lack thereof as employees use home networks) and the ability to induce fraudulent payments from employees who might not be able to lean over to a coworker to fact check a fishy invoice. The valuable lesson? Do a cyber audit and make sure you’re training your team on spotting social engineering and phishing scams.

Anand S – CEO at Gramener: Insights as Data Stories

About Gramener: Insights as Data Stories

Gramener is a data science company that helps solve complex business problems with compelling data stories using insights and a low-code analytics platform. We help enterprises large and small with data insights and storytelling by leveraging Machine Learning, Artificial Intelligence, Automated Analysis and Visual Intelligence using modern charts and narratives (NLG). Our Gramex platform is a low-code framework to rapidly build engaging data solutions across multiple business verticals and use cases. Our products have empowered CXOs, Chief Data Officers, Scientists, Business Analysts and others save millions of dollars by making an impact on revenue and decision making. Gramener was founded in 2010 and has over 325+ clients worldwide, 200+ employees and 5 offices globally including the United States and Singapore.

“What are the most valuable lessons learned leading through a pandemic?” 

As an SMB we leaned more towards cost optimization over premium cybersecurity tools and services, resulting in ring-fencing our office infrastructure more. Due to COVID-19, when we moved 100% remote, our cybersecurity controls fell short to defend us against external threats. We had to extend the security protocols like moving all work to Virtual Desktop Infrastructure (VDI), strengthen VPN tunnel security, implement 2FA for all logins, opt for more security services from our Cloud service provider.

  • We accelerated digitization across operations and increased spending in Cloud security and production application security. We are revisiting our current approach and playbooks for cybersecurity.

–      We are evaluating the current 3rd party service providers offering and reevaluating if they still have same level security controls in place at their end

  • We are conducting an accelerated implementation of Data Security protocols across the organization and not just on client specific projects. This includes updates to Information Security Policy around Data classification, Data tracking and protection.
  • With 100% remote operations, we are moving to VDI for all production and critical services. This means access to all data is through dedicated VPN Tunnels only. This is to mitigate any exposure to data from folks working at home.

–      Our Virtual Desktop Infrastructure allows our IT teams to protect client sensitive data to a restricted cloud environment. All the tools and 3rd party cloud services required by our team members to perform their tasks are provided in the VDI. No data can be extracted or moved from VDI instances.

–      All internal company data around operations, team members, Intellectual Property are a prime target for cyberattacks and ransomware. We have moved to a secure VPN tunnel architecture for all our team members to access company internal systems. Earlier this was restricted to a small group of functions. By mandating access via secure VPN tunnel our IT team has centralized visibility of all traffic across the network and can intervene quickly against any potential threats.

  1. We are mandating 2FA. Earlier employee convenience led to not mandating 2FA for all our services. Now 2FA has been made mandatory across all services.
  2. In order to optimize costs, we are consolidating tools used in the organization to identify overlapping functionalities and getting rid of those which are no longer required.

Apu Pavithran, founder and CEO of Hexnode

About Hexnode

Hexnode MDM is the award-winning Unified Endpoint Management platform from Mitsogo Inc. The company has been helping organizations in over 100 countries to stay agile and competitive in an increasingly mobile world. Mitsogo Inc. is a leading provider of Endpoint Management and security solutions. From SMBs to Fortune 500s, enterprises of all sizes have leveraged Mitsogo’s prowess in device management to drive business productivity and compliance. Mitsogo’s solutions adapt to the most complex of business environments.

“What are the most valuable lessons learned leading through a pandemic?” 

Navigate the path, trust your crew 

Being a CEO, as lucrative as it may seem has its own little big challenges, for example, they don’t tell you that there are no off days. There are always thousands of choices to be made and tons of pathways to be chosen, but the absolute worst thing comes when we face an uncertainty that was never on the radar. 

And when the pandemic hit, the team needed support more than ever, I had to switch through the roles of commander in chief, therapist, cheerleader and even at times a babysitter. After all, you have to be the rock for your employees, or else it shows. But fortunately, I was so lucky to be surrounded by like-minded people who are as passionate as the founder about our business and customers.

We had to establish a fully remote work landscape and it was not what we would have expected, it was at a time when everyone was very insecure about COVID-19. People were worried about their safety, the safety of their families and work started to slip into second gear, some of us were even having mental breakdowns. It was time to be the person that the team could look up to. 

“Customer is king”, is a tired old saying but that is what Hexnode live by, we had a commitment towards our clients, so we had to provide uninterrupted service for them rain or shine. So, we made a decision that would be deemed “mad “from a financial standpoint. 

We rented out hotel rooms and made guesthouses for each of our employees around the globe and ran security and screening protocols equivalent to that of hospitals. Soon the stress levels were back to normal and the team started to enjoy the atmosphere. Productivity became better than pre-COVID levels.

As a leader, your team should be able to trust that you’re going to do everything in your power to navigate them through this tough time. The greatest asset for every business is said to be “finding the right staff”, but I would say it is “how you create the right staff”. The most valuable lesson l learned during this pandemic is “When the crew is great you just have to navigate, they will pull through all the tides and storms coming your way. They always do”. 

Brad Wiskirchen, CEO, Kount

About Kount

Kount’s Identity Trust Global Network delivers real-time fraud prevention and account protection and enables personalized customer experiences for more than 9,000 leading brands and payment providers. Linked by Kount’s award-winning AI, the Identity Trust Global Network analyzes signals from 32 billion annual interactions to personalize user experiences across the spectrum of trust—from frictionless experiences to blocking fraud. Quick and accurate identity trust decisions deliver safe payment, account creation and login events while reducing digital fraud, chargebacks, false positives and manual reviews.

“What are the most valuable lessons learned leading through a pandemic?”  

Open, honest, fearless communication. The Kount team has lived by this motto for more than a decade and never before has it been more tested and more relevant than in navigating the events of 2020. From moving our entire team to remote work to quickly pivoting to help our eCommerce businesses handle dramatic changes in transaction volume, it’s essential that our team communicate at the highest levels. As the impacts of the pandemic are often deeply personal, open, honest, fearless communication has empowered us to balance individual needs, customer needs and company needs while uniting us in our mission to do whatever it takes to stop digital fraud for our customers. 

Simon Biddiscombe, former CEO of MobileIron (acquired by Ivanti)

About MobileIron

MobileIron is redefining enterprise security with the industry’s first mobile-centric security platform for the Everywhere Enterprise. MobileIron’s platform combines award-winning and industry-leading unified endpoint management (UEM) capabilities with passwordless MFA (Zero Sign-On) and mobile threat defense (MTD) to validate the device, establish user context, verify the network and detect and remediate threats to ensure that only authorized users, devices, apps and services can access business resources in a “work from everywhere” world.

“What are the most valuable lessons learned leading through a pandemic?”

As a leader during a pandemic, you must go above and beyond to provide your employees and customers with world-class service and support. My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an “always on business” for our customers. At MobileIron, we quickly enabled our employees around the world to work remotely. We also made it as easy as possible for our customers to issue more corporate-owned devices or enable a BYOD program to keep their employees secure and connected – whether they were working on the frontlines or at home. And we continued to innovate to meet the changing security needs of our customers and communities.

Overall, the pandemic has crammed years’ worth of change into a few short months and it will have long-lasting effects on how, when and where we work in the future. Work in the future will be very different to work in the past, which will present leaders with some challenges. However, it will also offer some significant opportunities to overhaul working practices and support employees who work from home with better collaboration and more intuitive access. The “Everywhere Enterprise” is not a passing phase, it’s the current reality and will continue to grow and expand as workers find new ways to be productive from anywhere.

Ward Osborne, CEO of Osborne Global Security

About Osborne Global Security

Osborne Global Security is a new player in the security space. They are challenging the stereotypes that come to mind when you originally think of security and replacing them with the ideas of trust, care and a shift in general security culture. This is a fascinating company to watch in the future.

“What are the most valuable lessons learned leading through a pandemic?”  

As CISO’s for multiple companies through this pandemic, we have seen so much shift and change. There’s been borderline chaos in many companies – and chaos ALWAYS brings opportunity. For our clients, the ones we’ve worked with and developed mature, risk and capabilities based models for just this situation, they are thriving.

It’s interesting to see the world adapt to a virtual delivery model which we’ve been creating, living, evangelizing for 25 years. Our clients who may not have had the time or prioritization to develop those models and capabilities have taken a hit, but we continue to do what we do, which is develop and provide resilience and growth to our customers.

In a virtual and distributed world, Trust becomes a major factor in every conversation. If a customer can’t Trust that we are there to solve problems when things get tough, then they aren’t able to operate effectively knowing that someone has their back.

Our world has become physically disconnected, but the people and companies that deal with that challenge in a proactive and positive way will always thrive. We are here. Growing our tribe. Doing the next right thing and leading customers to success in the midst of all of this chaos and challenge.

Rodrigo Tumaián, CEO and Co-Founder of Prometeo

About Prometeo

Prometeo provides a single point of access to banking information, transactions and payments across multiple financial institutions in Latam. Inspired by PSD2 and with high security standards, Prometeo brings easy plug & play access to open banking, the future of financial services.  Currently, Prometeo is connected with more than 30 financial institutions across 9 countries of Latam (including México & Brazil) and provides access to more than 45 APIs.

“What are the most valuable lessons learned leading through a pandemic?”  

Prometeo was born with a very strong focus on cyber-security, so the pandemic had no effect on our operation. Our company grew up with the foundation of mobility and work flexibility, this forced us from the beginning to think about the best way to transmit data and protect mobile assets. So when the pandemic arrived, we were already providing remote access (VPN) to all our employees, limiting access by profile. We were already using two-factor authentication to access our services. We already had user nomination and record of the operations generated by our employees on our assets. I think if I had to mention what was the most valuable thing we learned from the pandemic, it’s that the direction we took from the beginning was worth it. We didn’t have to deal with operational issues to handle the high demand for digital products from customers, we just did it. So the pandemic for us strengthened another of our fundamental values, not to make security to be compliance, but to make integral security, both within our company and for our customers.

Jean Le Bouthillier, CEO of Qohash

About Qohash:

Qohash delivers advanced data classification and monitoring capabilities to protect your personal, health, corporate and financial data using transformational technologies such as machine learning and analytics.

“What are the most valuable lessons learned leading through a pandemic?”  

2020 has accelerated digital transformation efforts and highlighted the need for advanced, lightweight data security capabilities. With enterprise employees working increasingly remote, data is flowing faster and in previously unimagined ways. Businesses realize that to keep up with the demands of clients and a digital workforce, data risk models need an update or risk jeopardizing the enterprise.

Qohash clients recognize that the employee Risk Score, a quantifiable measure of trust, mitigates the impact both of bad actors as well as busy, distracted employees.

Remote, digital work will be a part of enterprise operations for the foreseeable future. Organizations need to enable governance risk and compliance teams to better support this transition to Work From Anywhere [WFA] models where talent and business thrive.

Jean-Paul Smets, Founder and CEO RapidSpace

About RapidSpace

Rapid.Space is a cloud provider whose “approach is based exclusively on the use of free, fully auditable and reversible software, hardware and management procedures under open licenses. Thanks to a network of 228 points of presence, Rapid.Space has global presence including in mainland China. It covers similar features as the most sophisticated public cloud provider and introduces exclusive innovations such as industrial edge computing and private 4G/5G vRAN.

“What are the most valuable lessons learned leading through a pandemic?”  

“Rapid.Space learned during the pandemic how to formalize its management procedures and remotely setup points of presence. Thanks to Augmented Reality and smart glasses, Rapid.Space team in Europe and Americas could setup remotely its points of presence in mainland China and Taiwan without having to travel by air plane”.

Software Dominates Deloitte’s 2020 Tech Fast 500 With 71% Of All Companies

  • Software companies continue to deliver the highest growth rates for the 25th straight year, representing 71% of the entire list, the highest-ever percentage in the history of the rankings.
  •  353 of the 500 fastest-growing companies in North America are in the software industry according to Deloitte’s 2020 Tech Fast 500, the most ever in the history of their rankings and a 3% increase over last year.
  • Two of the ten fastest-growing companies over the last three years specialize in cybersecurity, OneTrust and Transmit Security.
  • Notable software companies ranked in Deloitte’s 2020 Tech Fast 500 include Bolt, Illumio, LogicMonitor and Seeq.
  • Biotechnology/pharmaceutical companies are the second most prevalent sector, comprising 14% of all companies, followed by digital content/media/entertainment (5%) and medical devices (4%).  

It’s fascinating to look at the emerging trends in Deloitte’s 2020 North America Technology Fast 500 Rankings as leading predictors of innovation. This year’s report is a quick read and provides a glimpse into the fastest-growing companies between 2016 and 2019. Deloitte chooses Technology Fast 500 awardees based on percentage fiscal year revenue growth from 2016 to 2019. Overall, the 2020 Technology Fast 500 companies achieved revenue growth ranging from 175% to 106,508% over the three-year time frame, with a median growth rate of 450%.

Key insights from the rankings include the following:

  • Five of the top ten winners are software companies, including Branch Metrics, OneTrust, Transmit Security, Drift and CharterUP. It’s noteworthy that cybersecurity is well-represented in the top ten fastest-growing companies between 2016 and 2019. OneTrust and Transmit Security is in the top five fastest-growing companies between 2016 and 2019, accentuating how critical cybersecurity is becoming in all businesses. The following graphic lists the top ten Deloitte 2020 North America Technology Fast 500 winners.
Software Dominates Deloitte's 2020 Tech Fast 500 With 71% Of All Companies
Deloitte’s 2020 North America Technology Fast 500 Rankings
  •  Digital platform and enterprise infrastructure & productivity dominate software companies are dominating software sub-sectors with 56% of all companies. Deloitte’s ranking reflects the increasing urgency all organizations have to launch, scale and excel at new digital selling channels. The pandemic accelerated the urgency faster than the most compelling business case ever could. Having over 50% of all software companies in these categories quantifies the cloud as the platform of choice across enterprises.  
Software Dominates Deloitte's 2020 Tech Fast 500 With 71% Of All Companies
Deloitte’s 2020 North America Technology Fast 500 Rankings
  • Electronic devices/hardware, energy tech and software & SaaS are the three sectors generating the fastest growing businesses over the last three years. Edge computing and the quick pace of innovation in intelligent sensor development and adoption for the Internet of Things (IoT) and Industrial Internet of Things (IIoT) use cases are catalysts driving the 683% growth rate. Sustainability’s bottom-line benefits, including its positive impact on lean manufacturing, help drive to 525% growth rate in energy tech. Software and SaaS median growth rate of 465% shows enterprise software’s evolution is nascent and just getting started.
Software Dominates Deloitte's 2020 Tech Fast 500 With 71% Of All Companies
Deloitte’s 2020 North America Technology Fast 500 Rankings
Software Dominates Deloitte's 2020 Tech Fast 500 With 71% Of All Companies
Deloitte’s 2020 North America Technology Fast 500 Rankings

What Are The Fastest Growing Cybersecurity Skills In 2021?

  • Cybersecurity professionals with cloud security skills can gain a $15,025 salary premium by capitalizing on strong market demand for their skills in 2021.  
  • DevOps and Application Development Security professionals can expect to earn a $12,266 salary premium based on their unique, in-demand skills.
  • 413,687 job postings for Health Information Security professionals were posted between October 2019 to September 2020, leading all skill areas in demand.  

Cybersecurity’s fastest-growing skill areas reflect the high priority organizations place on building secure digital infrastructures that can scale. Application Development Security and Cloud Security are far and away from the fastest-growing skill areas in cybersecurity, with projected 5-year growth of 164% and 115%, respectively. This underscores the shift from retroactive security strategies to proactive security strategies. According to The U.S. Bureau of Labor Statistics’ Information Security Analyst’s Outlook, cybersecurity jobs are among the fastest-growing career areas nationally. The BLS predicts cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%. 

Burning Glass, a leading labor market analytics firm, has been tracking demand for cybersecurity skills based on its database of more than one billion current and historical job postings. This week they published the results of their analysis of the top 10 cybersecurity skills for 2021. Their report of the 10 cybersecurity skills for 2021 can be downloaded here.

What Are The Fastest Growing Cybersecurity Skills In 2021?

Key takeaways from their analysis include the following:

  • Cloud Security skills are the most lucrative of all, predicted to deliver a $15,008 salary boost in 2021. Demand for specific Cloud Security skills is far outpacing the broader demand for cybersecurity skills in the labor market. Burning Glass predicts the fastest-growing skills over the next five years include Azure Security (+164%), Cloud Security Infrastructure (+144%), Google Cloud Security (+135%), Public Cloud Security (+121%), Cloud Security Architecture (+103%). There are 19,477 positions available for cybersecurity professionals with Cloud Security skills.
What Are The Fastest Growing Cybersecurity Skills In 2021?

Burning Glass Technologies: Protecting the Future: The Fastest-Growing Cybersecurity Skills October 2020

  • The fastest-growing cybersecurity skill is Application Development Security, predicted to see a 164% increase in available positions over five years. Cybersecurity professionals with Application Development Security, DevSecOps, Container Security, Microservices Security, Application Security Code Review are predicted to see an average $12,266 salary boost starting next year given the strong marketability of their skills. Like Cloud Security, market demand for Application Development Security professionals’ skillsets far outpaces average cybersecirty jobs growth over five years.
What Are The Fastest Growing Cybersecurity Skills In 2021?

Burning Glass Technologies: Protecting the Future: The Fastest-Growing Cybersecurity Skills October 2020

  • Knowing where the most cybersecurity job postings are by metro area and state provides job seekers with the insights they need to narrow their job search. Cyberseek partnered with Burning Glass to create an interactive U.S.-based heat map that shows cybersecurity positions by state or metro area. The heat map can be configured to show total job openings, supply of workers, supply/demand ratio,and location quotients. You can access the heat map here.    
What Are The Fastest Growing Cybersecurity Skills In 2021?

Burning Glass Technologies: Protecting the Future: The Fastest-Growing Cybersecurity Skills October 2020


Centrify’s New CEO Has A Compelling Vision For The Future Of Cybersecurity

Bottom Line: Flint Brenton’s vision for the future of Centrify and cybersecurity, in general, prioritizes the need for privileged access management to become core to the multi-cloud architectures and DevOps environments he sees pervading customers’ enterprises today.

Every new cybersecurity company CEO is writing their vision of the future by their decisions and the priorities they are based upon. From tech dominance to sales success, each CEO has their own long-term strategy and idea of what they and the company need to excel at to succeed.

Defining Cybersecurity As A Core Part Of DevOps

It is always fascinating to speak with new CEOs at cybersecurity companies and see what their vision for the company is after they’ve been there a few months. I recently had the opportunity to sit down and talk with Flint Brenton, who joined Centrify as President and CEO in July of this year. Flint leads the strategic direction and execution of the company’s vision drawing from an exceptional track record of accelerating growth through product innovation and sales execution. He recently served as president and CEO of CollabNet VersionOne, which pioneered the Value Stream Management market. He previously held president and CEO positions at AccelOps and Tidal Software and has successfully led engineering teams at NetIQ, Compaq, BMC Software, IBM and more.

Flint sees the needs of enterprise developers creating new apps using DevOps as pivotal to the future of Centrify, specifically and cybersecurity in general. A core part of those developers’ needs is securing privileged access management (PAM) in multi-cloud environments while supporting agile development. 

My interview with him provided five key insights into why cybersecurity will increasingly be defined by how well it can be incorporated into “DevSecOps,” and how Centrify’s vision for the future looks to capitalize on that demand and drive PAM into the DevOps pipeline to further automate built-in security practices:

  • Cybersecurity providers’ cloud-based architectural platforms will define the competitive landscape for the next several years in the industry. Since accepting the CEO role in July, Flint has been spending most of his time talking with customers to gain in-depth insights into their greatest challenges. He is hearing about the challenges customers face when attempting to make different cybersecurity vendors’ solutions work together and function in a multi-cloud architecture. “Having a clear architectural advantage where features can be added quickly is going to be key in cybersecurity for years to come,” he explained.
  • Any cybersecurity company’s vision needs to consider the speed at which infrastructure and workloads are moving from on-premise to the cloud – it’s faster than predicted. One of Centrify’s financial services customers in APAC is launching a virtual bank and wants the new venture to be entirely cloud-based. Like many Centrify customers, they are considering a multi-cloud architecture, including Amazon AWS, Google Cloud and Microsoft Azure. Flint explains they will need a security model and identity management controls that run in the cloud to accommodate their current and future computing plans. The FinTech is relying on Centrify to secure privileged access for administrators to its multi-cloud environment.
  • Viewing every enterprise customer as a software business first helps remove roadblocks to delivering more value faster. Cybersecurity companies need to consider how they can streamline DevOps and DevSecOps cycles by providing enterprise developers with new tools to integrate identity management efficiently. “The developer is now building identity management into apps and frequently those apps are built using container-based models and they are then deployed either into cloud, on-prem, or a combination of both,” Flint said.
  • Design in flexibility for the many different buying communities you’re trying to serve early on and continually monitor them to learn about what’s most valuable to them. DevOps leaders’ buying community is among the most self-sufficient, willing to download a trial, install it and buy it. Enterprise sales are more research and time-intensive. Flint observed that a company’s vision needs to encompass each buying community’s unique nature and be willing to extend platform-level features and DevOps tools if necessary.
  • Buy-in from the DevOps community will become increasingly important in cybersecurity in general and is a core part of Centrify’s vision. Prior to taking the helm at Centrify, Flint was the CEO of CollabNet VersionOne, where he helped define value stream management as a market standard. I asked him if he sees any parallels with value stream management’s success and the vision he has for Centrify. “The key with value stream management is to understand how developers wanted or needed to build software more successfully in the future. So you have to get the buy-in of the development community to include it in what they’re building, rather than making an appetite of adding it after it’s already been deployed. So I think that’s a major focus in the DevSecOps market. Make it part of what is built. Don’t allow it to become an afterthought,” Flint said. The future of cybersecurity will increasingly be defined by how easily Identity Access Management (IAM) and Privileged Access Management (PAM) can be designed at the beginning of DevOps and DevSecOps cycles.

Conclusion

What I find most compelling about his vision is how essential every person is to breaking apart complex cybersecurity problems and solving them. Flint’s vision of providing DevOps teams with the tools they need to design in identity access management is groundbreaking. No one is talking about design wins in this area of the market today.

Centrify is quickly turning into a company that actively seeks out their customers’ most difficult obstacles and uses them to challenge itself to grow and do excellent work. They are looking for cybersecurity leaders with cloud-based development skills, AI skills and automation skills who are up for the challenge.

83% Of Enterprises Transformed Their Cybersecurity In 2020

83% Of Enterprises Transformed Their Cybersecurity In 2020

  • 73% of enterprises (over 500 employees) accelerated their cloud migration plans to support the shift to remote working across their organizations due to the pandemic.
  • 81% of enterprises accelerated their IT modernization processes due to the pandemic.
  • 48% of all companies surveyed have accelerated their cloud migration plans, 49% have sped up their IT modernization plans because of Covid-19.
  • 32% of large-scale enterprises, over 500 employees, are implementing more automation using artificial intelligence-based tools this year.

These and many other insights are from a recent survey of IT leaders completed by CensusWide and sponsored by Centrify. The survey’s objectives on understanding how the dynamics of IT investments, operations and spending have shifted over the last six months. The study finds that the larger the enterprise, the more important it is to secure remote access to critical infrastructure to IT admin teams. Remote access and updating privacy policies and notices are two of the highest priorities for mid-size organizations to enterprises today. The methodology is based on interviews with 215 IT leaders located in the U.S.     

Key insights from the survey include the following:

  • The overwhelming majority of enterprises have transformed their cybersecurity approach over the last six months, with 83% of large-scale enterprises leading all organizations. It’s encouraging to see small and medium-sized businesses adjusting and improving their approach to cybersecurity. Reflecting how digitally-driven many small and medium businesses are, cybersecurity adjustments begin in organizations with 10 to 49 employees. 60% adjusted their cloud security postures as a result of distributed workforces. 

83% Of Enterprises Transformed Their Cybersecurity In 2020

  • 48% of all organizations had to accelerate cloud migration due to the pandemic, with larger enterprises leading the way. Enterprises with over 500 employees are the most likely to accelerate cloud migration plans due to the pandemic. 73.5% of enterprises with more than 500 employees accelerated cloud migration plans to support their employees’ remote working arrangements, leading all organization categories. This finding reflects how cloud-first the largest enterprises have become this year. It’s also consistent with many other surveys completed in 2020, reflecting how much the cloud has solidly won the enterprise. 
83% Of Enterprises Transformed Their Cybersecurity In 2020
  • 49% of all organizations and 81% of large-scale enterprises had to accelerate their IT modernization process due to the pandemic. For the largest enterprises, IT modernization equates to digitizing more processes using cloud-native services (59%), maintaining flexibility and security for a partially remote workforce (57%) and revisiting and adjusting their cybersecurity stacks (40%).
83% Of Enterprises Transformed Their Cybersecurity In 2020
  •  51% of enterprises with 500 employees or more are making remote, secure access their highest internal priority. In contrast, 27% of all organizations’ IT leaders say that providing secure, granular access to IT admin teams, outsourced IT and third-party vendors is a leading priority. The larger the enterprise, the more important remote access becomes. The survey also found organizations with 250 – 500 employees are most likely to purchase specific cybersecurity tools and applications to meet compliance requirements. 
83% Of Enterprises Transformed Their Cybersecurity In 2020

 

Conclusion & Wrap-Up  

IT leaders are quickly using the lessons learned from the pandemic as a crucible to strengthen cloud transformation and IT modernization strategies. One of every three IT leaders interviewed, 34%, say their budgets have increased during the pandemic. In large-scale enterprises with over 500 employees, 59% of IT leaders have seen their budgets increase.

All organizations are also keeping their IT staff in place. 63% saw little to no impact on their teams, indicating that the majority of organizations will have both the budget and resources to maintain or grow their cybersecurity programs. 25% of IT leaders indicated that their company plans to keep their entire workforce 100% remote.

It’s encouraging to see IT leaders getting the support they need to achieve their cloud transformation and IT modernization initiatives going into next year. With every size of organization spending on cybersecurity tools, protecting cloud infrastructures needs to be a priority. Controlling administrative access risk in the cloud and DevOps is an excellent place to start with a comprehensive, modern Privileged Access Management solution. Leaders in this field, including Centrify, whose cloud-native architecture and flexible deployment and management options, deliver deep expertise in securing cloud environments.

%d bloggers like this: