The demand for Information Security (SI) specialists grows exponentially, as organizations automate processes, implement digital transformation projects, conduct electronic commerce and comply with privacy and data storage regulations.According to Diego Taich, director of PwC Argentina, "the shortage of talent in computer security is worldwide." It worsened ten years ago, when cyberattacks became more sophisticated and criminal organizations and targets of those attacks multiplied, ranging from industrial systems, gas pipelines and banks to governments.Therefore, Taich believes that these profiles "should be increasingly specialized and have a rapid ability to incorporate skills and knowledge.""The candidates in the market are relatively few. The majority work in consulting firms or they began their career in these types of companies. Sometimes it is difficult to convince them to make a job change, a challenge that varies according to the type of company, the project and the salary range, "agrees Stefan Maerker, director of the Retail & IT Division of Michael Page.Although "what is most valued is the trajectory, in the market it is very much requested that they know some regulations, such as SOX and ISO 27,000", adds Maerker.Regarding the salary range, for a SI management position with regional responsibility, the market validates salaries of up to $ 160,000 per month. Meanwhile, for a similar position but with local reach that figure decreases to $ 130,000.An Adecco salary survey, with data as of March 2019, records that a computer security analyst of a large company in Buenos Aires receives $ 113,000 per month, while in a similar firm but located in Patagonia, that amount rises to $ 153,000.For its part, an SI chief of a large company in Buenos Aires receives about $ 132,000 monthly. In a similar firm, but located in the Cuyo region, that reference decreases to $ 108,000.Medium and largeThe demand for these profiles originates in medium and large-sized firms. "Some must comply with market regulations, others want to professionalize their practices or are about to go public. Given these requirements, they intend to incorporate a security officer, who previously provided a consultant as an outsourced service," explains Maerker, from Michael Page.According to Daniel Nocella, Information Security Manager of the Investment and Foreign Trade Bank (BICE), "regulated industries are the ones that most need experts in computer security." It highlights the financial sector (supervised by the Central Bank) and the insurance market (regulated by the National Insurance Superintendence).Nocella adds: "When the Law on Protection of Personal Data was passed, which was accompanied by the creation of the National Directorate of Personal Data, no industry was exempt, at least, from being audited by said agency -for the protection of customers- in order to prevent sensitive information from being disclosed. "A similar vision is provided by Nicolás Ramos, director of Cybersecurity, of EY: "Computer technology is the engine that today energizes the services of companies, and all processes are becoming digital," he says."The mass consumption companies that make their manufacturing based on digitized and automated; the transition from traditional commerce to e-commerce; and government entities, which turn over the Internet a large number of procedures and services that can be done online," exemplifies .The EY manager highlights four types of projects in which SI professionals can get involved:- Privacy and protection of personal and business data- Data recovery and business continuity plan- Protection against cyber attacks- Compliance with regulations and regulationsSecure demandWhat are the most sought after profiles in the sector? Nocella points out that the most requested are CISO (Chief Information Security Officer or Information Security Manager) and Security Analyst.In the first case, it is a role "more executive than technical. Its main responsibilities are to integrate information security with the strategic objectives of the companies and the monitoring of regulatory compliance," he says.In turn, Security analysts - Nocella says - have the mission "to administer, analyze and apply the information security policies of companies to protect information assets, based and in compliance with the internal regulations and communications of the entities external control. "For Jorge Nunes, president of the Buenos Aires Chapter of the Information Systems Audit and Control Association (ISACA), the most required professionals are SI supervisors, certified cybersecurity specialists, Pen Testers and forensic computer experts.They are mainly sued by consultants, telecommunications firms, some state agencies and "Unicorn" companies. Nunes that, increasingly, "SI professionals get involved in work projects in industrial environments".For the PwC executive, today a growing specialization is required, because "profiles dedicated to malware analysis (called Pen Testers) that reverse engineer the code" have emerged."More and more experts are demanded to respond in case of incidents, something that is also linked to the forensic area, since it is about managing a crisis, recovering the information and making everything work again. Subsequently, an analysis must be carried out to know what happened and take action so that it does not happen again, "explains Taich.The specialist adds that it is necessary to know how to apply analytics and Artificial Intelligence tools, "which help to process the analysis of large volumes of information."In raceThose who work in SI graduate from degree programs related to computer science, such as engineering and systems degrees. "In addition, other branches of engineering, auditing and other areas of knowledge, since lawyers with knowledge of the norms related to Cybersecurity, "says Nunes, of ISACA.Nunes advises the programs in Computer Security –which are taught in public and private universities–; Certifications in Security Management (CISM), Cybersecurity (CSX) and forensics, and training in Lead Auditor in ISO 27000 and CISSP.In the case of junior profiles, who enter as advanced university students but have no work experience, attitudinal skills are valued, highlights Natalia Scquizzato, HR Senior Manager of EY."These students, who join as assistants, receive both face-to-face and virtual training, and are also trained in the position working together with the most experienced specialists," he explains.Scquizzato adds that these positions "must be available to learning and analysis, research and adaptation skills, because training in this specialty is permanent and changes a lot."According to Nocella, of BICE, the knowledge that these professionals should have are:- Security management reference frames (such as ISO 27001)- Identity and access management- Exploration and vulnerability management tools- Safe development methodologies (including OWASAP)- IT risk management and Business Continuity Plans (BCP)- Disaster Recovery (DRP)"The specialization is going to be gained, mainly, by the own work experience and the projects in which the professionals are involved. In second term, by the certifications and courses", indicates Ramos."Certifications can be granted by providers of different technologies - SAP, Cisco, Oracle - or international entities, such as the NIST (National Institute of Standards and Technology of the United States) and the CIS (Internet Security Center)," he concludes.