Building a Career in Incident Response
The talent pool is changing dramatically and will continue to do so.
By Karl Sharman, Vice-President, BeecherMadden
When recruiting in cybersecurity, it’s not difficult to understand where the growth areas are and what the
industry is moving into. In the past two years, one domain within cyber has required more people than
most - that’s Incident Response (IR). IR specialists are those that address and manage the aftermath of
a security event, breach or attack. It’s an important and highly skilled job.
IR jobs have increased dramatically in the past two years more so in North America over Europe which
suggests where the market maturity currently lies. The talent pool in North America is still small for IR
and the lack of candidates compared to jobs (like most through cybersecurity) is causing a spike in
salaries for these highly skilled individuals. Salaries for juniors in this domain are now starting at $70,000
a year which has seen a 40% increase in the last 18 months. It is sometimes frightening for companies
to see even people with only 1-year experience within IR asking for $100,000.
The salaries and skillset differ between in-house IR to consultancy positions. This is mainly due to the
different requirements in the role. Consulting in IR, normally consists of working with various on-going
engagements, working on end to end IR. This requires a person to be agile, a strong communicator, well
skilled in reporting and highly technical in both IR and Forensics. In-house positions are a smaller part of
the IR process as most companies will look to get in outside consultancies should an event or breach
occur. This position is often the same environment each day and normally consists of more monitoring
and hunting for incidents or intrusions.