IT and Cybersecurity Jobs are Converging: What It Means for Tech Pros
For decades, IT and cybersecurity departments occupied equally important but wholly separate divisions within large organizations and enterprises. While the two dealt with numerous technology, data and infrastructure issues, each required unique skills and knowledge sets.
As technology has evolved over the last several years with cloud computing, the Internet of Things (IoT), blockchain and now artificial intelligence (A.I.), these changes have pushed IT and cybersecurity closer together, where skills and knowledge in one area can not only help tech professionals in their careers but are necessary to helping to protect organizations from cyber threats.
“IT and security are tightly intertwined. With security typically sitting in the IT organization, and the broader IT organization subject to, or responsible for implementing security policy, migration from one team to another is not uncommon,” observed Randy Watkins, CTO at security firm Critical Start. “Security leaders can look to the IT team for talent hoping to advance their career and reap the added benefits of increased organizational retention and pre-existing knowledge of the organization.”
As the tech industry looks to stabilize after 18 months of layoffs and reduced spending, and as the unemployment rate for tech pros remains low, a look at some of the highest-paying jobs and increasingly popular positions is showing signs of clear convergence of IT and security, complete with transferable skill sets.
“Security used to be just about the company border—basically where the company met the wider internet, so security was focused on protecting the endpoint. Nowadays, so many security issues can be ‘inside jobs,’ either initiated externally through a phishing attack or insiders bringing in their devices and software that may be compromised,” Scott Dowsett, Field CTO at Anomali, recently told Dice. “As a result, so much of the security issue is now present on the systems owned and managed by the CIO, and not just the CISO. This is what we refer to as a ‘Tale of Two ITs’ and because security has become so intertwined with traditional IT systems the job functions [in cyber] need to as well.”
Conversations with cybersecurity experts and insiders reveal how the convergence of IT and cybersecurity affects tech pros and the skills they need, the role technology plays, and what these changes mean for job and career prospects.
A Changing Tech Landscape Illustrates IT and Security Convergence
In May, the technology career website ClearanceJobs published its list of the top 10 paying jobs in technology, which showed annual salaries ranging from $110,000 to $170,000 for many jobs… with some positions commanding as much as $300,000 for those with superior A.I. skills.
Many of these jobs require skills in IT and cybersecurity to be successful. The full list of jobs includes:
- Data Scientist
- Cloud Solution Architect
- Artificial Intelligence Engineer
- Cybersecurity Manager
- Blockchain Developer
- DevOps Engineer
- Machine Learning Engineer
- Solutions Architect
- Product Manager
- Chief Artificial Intelligence Officer
As Cam Sivesind wrote in a column for SecureWorld, aside from the obvious role of cybersecurity manager, cloud solutions architect, solutions architect and DevOps engineer all have strong security crossover and require skills in cybersecurity and IT. For example, the need to develop more secure code and to understand the software supply chain have each made numerous headlines over the past two years.
Many high-tech roles increasingly overlap as large organizations adopt a more integrated approach to cybersecurity, observed Darren Guccione, CEO and co-founder of Keeper Security.
“This collaboration means security considerations are now embedded into every stage of the IT lifecycle, from initial design and implementation to ongoing maintenance and updates,” Guccione told Dice. “As a result, IT professionals need to develop a deeper understanding of security principles. At the same time, security teams must become familiar with the operational landscape to implement more effective protective measures and respond swiftly to incidents. For individuals seeking jobs or considering career changes, this shift highlights the importance of acquiring both IT and security skill sets.”
In many ways, this convergence trend shows how mature the cybersecurity market has become and how organizations now think about security, said Dave Gerry, CEO of Bugcrowd.
“As more organizations grapple with rapidly advancing threat actors, cybersecurity-focused roles are going to continue to climb in both budget availability and importance across organizations,” Gerry told Dice. “Customers trust organizations to handle their personal information securely and are more cyber-aware than ever before—without a strong security team, and in turn highly paid and qualified individuals, companies are going to struggle to be competitive.”
For others, this coverage of skills and knowledge is not happening fast enough as threats evolve and protecting infrastructure becomes a more complex challenge, said Heath Renfrow, co-founder of security firm Fenix24.
“The career crossover between trained staff in these disparate groups is not happening now in any meaningful way—but I believe this is where things need to go to truly close the gaps in security that have been created by the divide,” Renfrow told Dice. “Both security and IT specialization are still needed, but a true understanding across the aisle is key to both efficiency and security. Such a change would also offer more career flexibility to those in either discipline.”
A.I. as Accelerator
In the last two years that generative A.I. has emerged as the hot new technology trend, IT and cybersecurity teams have started to explore how these platforms can help transform everyday tasks. Additionally, the ClearanceJobs report shows that two positions that are associated with A.I., Artificial Intelligence Engineer and Chief Artificial Intelligence Officer, offer significant career opportunities.
For industry observers like Anomali’s Dowsett, A.I. is accelerating the convergence of IT and security. He points to two scenarios:
- The first is A.I. as a threat: The simplest example is A.I. is making it practically impossible to detect phishing letters which, in the past, used to show themselves through bad grammar and weird constructions. Now A.I. can write the phishing email for you.
- The second is A.I. as a cybersecurity fight tool: A.I. does this by reducing the list of things one needs to learn or, for that matter do—for example, proprietary query languages—before they are ready to tackle an increasing list of cybersecurity tasks. In the case of phishing, the best answer to an A.I. offense is an A.I. defense, making the technology a key tool in fighting A.I.
Keep Security’s Guccione noted that while A.I. and machine learning might still be considered traditional IT tools, they have been playing a role in cybersecurity and there are use cases that make them a boon in this arena. This includes the ability to analyze massive data sets for anomalies faster than any team of humans could.
“This indicates that the future of cybersecurity work will increasingly involve a hybrid approach, combining the strengths of A.I. computing and processing with human expertise and decision-making,” Guccione said. “Professionals in cybersecurity will need to develop skills in both A.I. technologies and traditional security practices to effectively leverage A.I. tools while ensuring robust security strategies.”
