Specialisms tagged are
Choose your location
Hong Kong SAR
& Middle East
United Arab Emirates
Global Hays Tech
Send your CV
This field is required.
Submit my CV
Data & Advanced Analytics
Projects & Change Management
Register a vacancy
Data & Advanced Analytics
Projects & Change Management
Permanent & Contract Recruitment
Managed Service Programmes (MSP)
Recruitment Process Outsourcing (RPO)
Get in Touch
How to choose between in-house and consulting cyber security jobs
Christine Wright, Senior Vice President, Hays US
7 Months Ago - 558 Views
The cyber security jobs market is growing, and the recent pandemic has widened the skills gap in this area. The
estimates 653,000 businesses (48 per cent) are unable to complete the basic tasks laid out in its
Cyber Essentials scheme
40 per cent of tech leaders
also say cyber security jobs are the most difficult to fill.
This skills gap exists across the cyber security jobs market, with Microsoft Azure jobs, innovation and cloud services roles all growing in demand,
according to a Gartner study
. The study states: “In spite of the shortage in talent supply and increasing overall demand, HR leaders can consider strategies for both short- and long-term workforce planning in this tight and volatile labour market.”
In-house vs. consulting cyber security jobs: the pros and cons
This leaves many cyber security professionals facing a difficult decision: should you take an in-house or consulting role? There are a few factors to take into consideration to help you decide. Let’s examine the pros and cons of each way of working, and the opportunities available in each role.
What does a typical in-house cyber security role entail?
If you work in-house with a specific company, you will work with the same team and IT environment every day. Each cyber security role is different but your responsibilities may include assessing potential threats to your corporate network, prioritising threats, escalating threats and investigating any breaches.
Many cyber security professionals are also involved in training programmes, helping the organisation build a strong culture of awareness and prevention. And you may help to develop and implement a cyber security response or recovery plan for your business.
A standard in-house cyber security role is usually nine-to-five, unless there’s an issue. However, those working in a Security Operations Centre (SOC) may work alternating night shifts.
What are the pros and cons of working in-house?
An in-house cyber security role gives you the opportunity to deep dive into an organisation’s IT infrastructure and business operations. If you enjoy working on such in-depth problems, this is the role for you. You also get the opportunity to work with business leaders and across the organisation.
However, in-house cyber security experts sometimes suffer from a lack of exposure. In some organisations, cyber specialists can get stuck dealing with tickets, where they prioritise and escalate threats day in and day out, rather than investigating these threats.
If you do find yourself stuck in a rut, you could ask for more challenging projects. Alternatively, you may want to start investigating a consulting role or work in a Managed Security Services Provider (MSSP) environment.
What does a typical consulting role entail?
When consulting, you will work on a specific short-term project before moving on to the next one. These projects can vary in length but are usually a few months in duration, where you often work with multiple clients.
In an MSSP role, you typically work with several long-term clients as well. The day-to-day responsibilities are similar to a consulting role but you get the opportunity to work with the same set of organisations.
For example, in a consulting role you may provide a specific cyber security service like penetration tests. At an MSSP, you are likely to provide an extensive range of cyber security services for organisations looking to outsource their SOC operations.
Is a consulting or MSSP role best for you?
Both consulting and MSSP roles give cyber security specialists exposure to a wide range of business and IT environments.
So, these roles are ideal for individuals who want to expand their areas of expertise. They are also very diverse, which is perfect for people who find the routine work of an in-house role monotonous.
But there are downsides to consulting and MSSP roles. These short-term engagements are sometimes exhausting and frustrating in the long-term, as you do not always get the chance to see your work in action or deep dive into a specific problem. In an MSSP environment, for example, you are often rushed and may not be able to give your clients as much attention as you want to.
In a consulting role, you also have little to no opportunity to change the way your employer works. Your input and wider business impact is very limited. If the firm you’re working for doesn’t have an efficient way to onboard and service clients, every engagement can quickly get very repetitive.
With both a consulting and MSSP role, it’s important to assess whether your personality is suited to these fast-paced engagements with multiple clients.
To conclude, cyber security is a dynamic and exciting field for any IT professional to work in. It’s also filled with plenty of opportunities – but you must assess all your career options to find a work environment that suits your interests and goals.
Read more about
working in cyber security here
search for your next role
Technology leaders discuss why organisations must ensure a greener future
The most in-demand tech jobs for 2022
Identifying signs of burnout in the technology sector and how to combat it
Top CV tips for a job in cyber security
Entertainment in the Metaverse: what are the possibilities?
Doing good: why your organisation’s core principles will always help you attract tech talent
Please sign in to comment.
ERP & CRM
Top CV tips for a job involving CRM or ERP software
Neurodiversity in the workplace: building inclusivity by overcoming stereotypes
How your tech skills can help change lives in the medical science sector
The mindset needed to be a tech leader – and knowing when to change it