Sorry to disagree but just because there may be jobs or people are working it does not mean that there is NO recession.

Has the author visited a grocery store lately or purchased clothes or gasoline?   If so, they would realize that there is a recession happening.  And yes jobs are going away.

We see every day that places like Microsoft are laying off and yes it affected folks in Security.

I think a VERY unfortunate title for the article.

MHOO

d

---

@AndreaMoore wrote:

Cybersecurity will emerge relatively unscathed from this year's recession, a new (ISC)² global survey of c-suite executives found, with the bulk of downsizing hitting HR, finance and marketing. What is the root of this resilience? 

---

Even well before COVID, we saw a shift in security functions. Increasingly, security is being pushed out to frontline employees. BYOD, remote work, cloud computing, all these things have changed the role of the old IT/InfoSec department. As such, when someone concludes that layoffs in other areas will occur but not in security, I wonder if they are trying to apply present day data to an old paradigm. Security is (or should be) increasingly cross functional. Just the question of "will you hire cybersecurity professionals?" seems a bit simplistic.

For example, one of the best assets I have had in my present job are the people in HR. These are HR professionals who are very good at training and instructional design. Their ability to integrate policy enforcement and security awareness at onboarding and throughout the year is fantastic. If they get laid off, it may show up as "HR" but the impact is on security.

Really, maybe what the study reveals is that the C-suite still struggles to understand and integrate information security into operations. If I were looking at a crystal ball, I would say the businesses that will succeed in the future are those that move past the idea of hiring "security professionals" and instead move toward "hiring professionals who think securely."

If HR, marketing and finance are the ones being impacted, this generally means that there should be less promotion for goods and services of the business, less headcount to deal with and less financial operations performed by business leading to the reduction of the perceived value of the whole enterprise. As a result, expenses for cybersecurity will likely be shrunk proportionally because the value of the assets and business activities that require protection and security departments would be subject to the efficiency studies and value-seeking programs, just like any other department. It may be so that significant number of survey respondents managed to secure additional funding and headcount for their respective departments, however it remains to be seen whether they would be able to deliver the value on the extra resources provided throughout 2023.