Cyber Talent

In recent months, I have had the opportunity and necessity to look more closely at how we are, in general, in the cybersecurity community. This observation includes not only market volume in comparison to other types of projects/services but also its relevance to the business, training offerings, and the creation of new products and companies. Despite the challenges becoming increasingly numerous and significant, we have seen clear and evident growth and improvement in all possible indicators. Companies specializing in cybersecurity have barely noticed the crisis, and for those opting for entrepreneurship, there is a large volume of investment available in our sector.

1. ?? Growth and Resilience of the Cybersecurity Market

Cybersecurity in Spain has shown significant growth, reaching a market volume of 1.95 billion euros in 2022, with continued growth expected. The companies in the sector have demonstrated significant resilience against recent economic crises.

2. ?? Impact of Digital Transformation

Companies that effectively integrate cybersecurity into their digital transformation processes experience more effective transformations, which improves their growth and competitiveness in the market.

3. ?? Strategic Importance of Cybersecurity

Cybersecurity is gaining strategic importance within companies, increasingly being included in board discussions. This integration helps better manage risks and optimize business operations.

From an institutional standpoint, there has long been a "recommendation" that cybersecurity be represented on the board of directors. Nationally, we are discussing what the most appropriate governance would be, but in any case, it seems clear that there is an intention to push forward cybersecurity initiatives:

• One of the key objectives of the CNMV's Cybersecurity Code is to raise awareness among management bodies and teams about their role and responsibility in cybersecurity. It is recommended that at least one board member has experience in cybersecurity management. Additionally, the document emphasizes the importance of continuous training and awareness in cybersecurity as fundamental tools for strengthening protection against cyberattacks.(*1)
• The transposition of the NIS2 Directive also aligns with these initiatives, establishing a framework for managing cybersecurity at the national and European level, which includes creating a coordination body to improve resilience against cyber risks.

And yet, while young talent leans towards security, at the senior level, there are more and more examples of CISOs transitioning to CIO/CTO/CDO positions or looking to make such transitions or simply focusing on communication, coordinating Masters, and different types of "side hustles."

Those of us who have been around for a while remember how the CIO was ignored in relevant issues and decisions were made without considering their opinion. However, finally, all stakeholders understood that they could no longer ignore what the CIO contributed to the business.

In our case, as we face day-to-day realities, despite changes in the market and regulations, the same is not happening.

Regarding the positions of CISOs, despite exposure for better or worse for all of us, in most cases, there is no proportional "weight" in the organization relative to the task entrusted, and there is a real possibility of lacking complete visibility of the organization's security posture.

Something similar is happening with the rest of the security positions, to which traditional Iberian market IT outsourcing criteria are applied.There is tremendous pressure on the costs of professionals, without taking into account, for example, what happens with specialized platforms which keep the same global pricing (cybersecurity platforms and pentesting including their own MDRs or services based on independent researches with the same pricing in all countries are widely growing in Spain)

(*1) For more details on the Code and its implications, you can consult information disseminated by the CNMV and other related articles regarding these corporate governance practices in the context of cybersecurity ([El Derecho](https://elderecho.com/la-cnmv-lanza-el-nuevo-codigo-de-buen-gobierno-de-la-ciberseguridad)) ([Economist & Jurist](https://www.economistjurist.es/actualidad-juridica/la-cnmv-difunde-entre-las-empresas-el-codigo-de-buen-gobierno-del-foro-nacional-de-ciberseguridad/)) ([CyberSecurity News](https://cybersecuritynews.es/la-cnmv-difunde-el-codigo-de-buen-gobierno-de-la-ciberseguridad-para-fortalecer-la-proteccion-ante-ciberataques/)) ([Protección Data](https://protecciondata.es/codigo-de-buen-gobierno-de-la-ciberseguridad/)).