Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: Cyber Engineers and Architects Saw Salaries Spike in 2022

Cyber Engineers and Architects Saw Salaries Spike in 2022

Find out how much of a pay bump cybersecurity architects and engineers got. Plus, a powerful AI cybersecurity tech is nearing prime time. Also check out the long-awaited security algorithms for IoT devices. Then dive into SaaS governance best practices. And much more!

Dive into six things that are top of mind for the week ending Feb. 24.

1 - Study: Salaries go up for cyber architects and engineers

Employers are showing cybersecurity architects and cybersecurity engineers the money.

Salaries rose overall for U.S. technology employees in 2022, and the pay growth was even higher for cybersecurity architects and engineers, whose compensation benefitted from their highly specialized skills and the criticality of their jobs.

That’s according to Dice.com’s annual “Tech Salary Report,” released this week. Here are some key takeaways from the report, now in its 18th year.

  • Cybersecurity architects and cybersecurity engineers ranked fifth among average tech salaries by occupation with $145,512
  • That average salary for cybersecurity architects and engineers grew 7.7% compared with 2021, which ranks sixth on the list of fastest-growing tech salaries by occupation
  • Among certifications, CompTIA Security+ was the most popular cybersecurity one, ranking third on the list of technical certifications with 16% of respondents having it
  • The average tech salary across all roles grew 2.3% in 2022 to $111,348, and, despite tech industry layoffs, tech unemployment stood at only 1.5% as of last month

Average Tech Salary by Occupation

Salaries go up for cyber architects and engineers

(Source: “Dice Tech Salary Report: 2023 Edition”, February 2023)

However, salaries didn’t trend higher for cybersecurity pros across the board, according to Dice, which is a tech-focused careers website. For example, cybersecurity analysts saw their average salary shrink 5.7% in 2022 to $96,379.

For more details, read the full “Dice Tech Salary Report,” which is based on a poll of 7,098 U.S. respondents, and check out these Dice.com articles and videos that drill down on specific areas of the study:

The 2023 Dice Tech Salary Report

Dice Tech Salary Report: Guide to Increase Your Salary in 2023

2 - A peek at how AI will help cyber teams with complex attacks

Can artificial intelligence help cybersecurity teams make better decisions to prevent and disrupt complex, multi-stage cyberattacks in real time? Apparently AI technology is getting there, according to the results of a study conducted by the U.S. government.

In their paper “Deep Reinforcement Learning for Cyber System Defense under Dynamic Adversarial Uncertainties,” researchers from the U.S. Pacific Northwest National Laboratory (PNNL) tested the efficacy of AI deep reinforcement learning (DRL) algorithms to proactively and autonomously defend systems facing evolving and uncertain attacker behaviors.

How AI will help cyber teams with complex attacks

After putting the technology to the test in a custom simulation environment, the researchers concluded that “application of DRL methods for cyber system defense are promising, especially under dynamic adversarial uncertainties and limited system state information.”

While the technology still needs to be further refined, “evaluating multiple DRL algorithms trained under diverse adversarial settings is an important step toward practical autonomous cyber defense solutions,” the researchers wrote.

To get more details, read the research paper and the lab’s announcement of its findings, as well as coverage from Dark Reading and AI Magazine.

For more information about the use of DRL for cybersecurity:

VIDEOS

Adversarial Policy Training against Deep Reinforcement Learning (USENIX Security ‘21)

Adversarial Policies: Attacking Deep Reinforcement Learning (Computer Vision Seminar)

3 - NIST picks lightweight algorithms to protect IoT devices

With the security of internet of things (IoT) devices a chronic concern among cyber teams, a years-long effort from the U.S. government to help in this area is nearing completion.

The U.S. National Institute of Standards and Technology (NIST) recently announced its selection of lightweight cryptography algorithms designed to protect the data that IoT devices and other small electronics generate and transmit.

NIST picks lightweight algorithms to protect IoT devices

The chosen “lightweight” algorithms, which are known collectively as Ascon and will be published later this year, are designed for tiny devices and sensors with limited electronic resources, such as implanted medical devices, machine controllers and construction stress sensors.

The process for evaluating and selecting potential algorithms took NIST several years. In addition to security, other selection criteria included performance and flexibility with regards to speed, size and energy use.

For more information:

VIDEOS

Common IoT Cyber Attacks Explained (RealTime Cyber)

The Future of IoT Security (TechTarget)

4 - Reduce cyber risk with supply chain mapping

The U.K. National Cyber Security Centre (NCSC) just released guidance on the practice of supply chain mapping, which is the process of methodically and consistently collecting information about your suppliers to reduce cyber risk.
Reduce cyber risk with supply chain mapping

With a comprehensive understanding of their supplier network, organizations can better assess the cyber risks involved and take proactive steps to mitigate them. 

Here’s how to get started creating a supply chain map:

  • Use existing data stores, such as procurement systems, to list all known suppliers, prioritizing the most critical to your organization
  • Decide what information to capture about your supply chain
  • Determine how to do the supply chain information securely and how to manage access to it
  • Decide whether or not to collect information about your suppliers’ subcontractors

To get all the details, check out the NCSC’s announcement of its supply chain mapping guide and the guide itself.

For more information about supply chain cybersecurity:

VIDEOS

Cyber Supply Chain: Risk Management for State, Local, Tribal, and Territorial Governments (CISA)

Securing and Enhancing the ICT Supply Chain (CISA)

5 - Report: Top cyber risks for U.S. in 2023

Geopolitical unrest. Skills shortage. Economic headwinds. Vulnerable infrastructure. These are some of the top cybersecurity risks threatening the U.S. this year, according to the Bipartisan Policy Center, a Washington, D.C. think tank that promotes bipartisan ideas to improve Americans’ health, security and opportunities.

In its report “Top Risks in Cybersecurity 2023”, the group details eight cyber risks that public- and private-sector organizations in the U.S. should monitor closely and prepare for. 

Top cyber risks for U.S. in 2023

Here’s a quick look at four of the risks:

  • Evolving geopolitical environment, such as the Russia-Ukraine war, which lowers inhibitions for cyberattacks, including against critical infrastructure
  • Accelerating cyber arms race between attackers and defenders
  • Global economic headwinds, which hurts revenue and consequently slows down organizations’ investments in technology, making them more vulnerable
  • Overlapping, conflicting and subjective regulations at the national, state and local levels, which makes it complex and costly for organizations to comply

In addition to members of the Bipartisan Policy Center, report contributors included current and former CISOs, CSOs, attorneys general and government officials.

For more information about current global cyber risks:

6 - Revisiting CSA’s top SaaS governance best practices

The Cloud Security Alliance is refreshing our memory on its governance best practices to secure your software-as-a-service (SaaS) environments with an article titled “10 SaaS Governance Best Practices to Protect Your Data.” It distills the essence of its much more detailed “SaaS Governance Best Practices for Cloud Customers” white paper, which is definitely worth a read if you’re tasked with ensuring your SaaS applications are secure and compliant.

Top SaaS governance best practices

In the meantime, here are the 10 best practices at a quick glance:

  • Define information security policies that you apply while evaluating, adopting, using and terminating SaaS products
  • Clarify your security roles and responsibilities as a customer and those of the cloud service provider
  • Inventory your SaaS data assets, identifying their users, ownership and acceptable use
  • Establish access control to your SaaS applications with identity and access management controls
  • Ensure your data is encrypted as it’s transmitted to or from the SaaS provider, whether you’re managing the encryption keys or relying on the vendor to do so
  • Implement operations security, including malware protection, data backup, event logging and monitoring, and vulnerability management.
  • Ensure network security controls are in place both on your end and on the cloud provider’s end
  • Identify the SaaS products’ components and develop risk management policies for them
  • Craft an incident management response plan
  • Ensure your SaaS applications are in compliance with data regulations that apply to your organization

For more information about SaaS security, check out these articles:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.