Today CISOs are facing a much different set of challenges than they were 20 years ago. From a marked increase in the risk of breach to the growing difficulty in filling security jobs these security leaders are facing an uphill battle. Add to that the pressure to provide security assurance to the board and it’s easy to see why the more organisations are harnessing the power of the gig economy.
In the last few years the gig economy has flipped the job market on its head. From ordering groceries to renting a house for a week, the gig economy has opened up new revenue channels for businesses and income opportunities for individuals. But while the issues that have driven this market -- difficulty hiring, a distributed workforce, and people spending less time at companies -- are nothing new, it was the maturity of software that enabled the gig economy to really take off.
Personally, I’ve felt the effects of this issue while leading the security organisations at Okta and IOActive. It’s a well represented fact that there is a large and growing number of unfilled cybersecurity jobs today. Today, the fast majority of the highly specialised security professionals who can do this work are largely outside of the country - not near the majority of companies that need them. Simply put: it’s become increasingly difficult to find enough talent to keep today’s applications secure. And with a growing number of motivated adversaries able to make real money by attacking companies, most companies are facing a losing battle. Enter the gig economy and crowdsourced model.
If we look at the way that people work today it’s easy to see a few trends emerge. First, more people are spending less time at individual jobs and companies. This means individuals are changing jobs much more often than they were even 10 years ago. Second, more people are working remotely. The pervasiveness of the Internet has facilitated the ability to work remotely. With the ability to work anywhere, anytime more and more people are doing just that. Third, and to some extent building on the previous two, is the growing number of individuals working on contract. Most often today when you hire a consultant firm you are hiring a team of outside contractors who prefer to work on specialised projects for several companies instead of keeping one full time job.
Getting what we want, when we want it
In the security industry where the best engineers and researchers span the globe, it’s nearly impossible to build out the team you need close to home. Often these individuals who are highly specialised prefer to work on projects related to their speciality and usually on more than one at once. Using a crowdsourced model, the gig economy allows me to harness these skilled people in a way that also makes sense for my team. Paying a consulting firm by the hour adds up quickly, but if I can pay individuals for results (and better yet if they are competing to get these results) I’m going to get the most bang for my buck.
So why is this model just picking up steam now? Technology has only recently enabled the effective adoption of this model. Also, it’s a matter of breaking from the traditional way of doing things. This isn’t the first major change for the security industry. Twenty years ago there was just IT. Then security functions became specialised, expensive and very difficult to hire. Hence, it became the norm to hire external firms. The move to crowdsourced security is a natural next step.
From growing teams organically to bringing on outside contractors and finally subscribing to a crowdsourced model, I’ve tried a little of everything in my 20-year career. Crowdsourcing my application security testing not only solved the difficulties I faced around building out my red team, it also freed up my internal resources so they could focus on other areas like building security into the design of products. Further, it offered a significant ROI because I was only paying for results, not for the effort spent getting to them.
From rides to groceries to just about any task, the gig economy has enabled us as individuals to get what we want when we want it. This is true not only for those doing the hiring - from the consumer to the CEO - it is also true for individuals who have the skills to do the work that needs to be done. There is no doubt that we’ll continue to see the evolution of the gig economy in the years ahead. The security industry is certainly one of the harbingers of this trend. Driven initially by the difficulty hiring full time security professionals, the security industry will continue to pave the way here, having realised the benefits of a model that values results over effort.
David Baker, VP of Operations, Bugcrowd
Image source: Shutterstock/MaximP