State of the Industry: E-Discovery and Cybersecurity

From a subject matter expertise perspective, e-discovery and cybersecurity overlap in several core areas, specifically forensic collection and investigation and information governance. Certifications from the International Association of Privacy Professionals (IAPP), specifically the Certified Information Privacy Professional (CIPP), are valued in both disciples, as are the more vocational forensic certifications such as EnCase, FTK and Cellebrite. Professionals with these attributes will have the most immediate ability to matriculate between industries.

There is an abundance of seemingly trivial, but highly job search-relevant similarities between e-discovery and information security. Right now, both share an evolving technology landscape with software providers vying for dominance in talent cache. A career in either generally commands a premium in compensation. Jobs are abundant in major cities, with some hiring happening in second- and third-tier markets. Both industries have talent pools craving the ability to work remotely from home, but have been slow to adopt remote workers compared to other professions. They share overlapping buyers and stakeholders who are responsible for hiring and driving people, process and technology decisions. Finally, and most potently, cybersecurity currently suffers from a massive drought of talent, just as e-discovery did in its golden age.

The Current State of Cybersecurity: A Deeper Statistical Look

The current cybersecurity job market mirrors the past of the e-discovery job market on a much larger scale (see, i.e., TRU's “Current Cyber State 'Right Now' Video“).

Right now, there is a dangerous shortage of cybersecurity professionals in the United States. The talent gap exists across all roles and geographies. There are 780,000 professionals employed nationally in cybersecurity. But there are 350,000 active jobs open. California has 45,602 open cybersecurity jobs. Virginia and Washington, DC, have 36,342 open jobs. New York has 20,233 open jobs. Illinois has 15,381 open jobs. Currently these states carry more than 33% of the entire cyber job market, much like e-discovery circa 2006.

Compensation in cyber is very competitive. Executives transitioning from federal agencies with the right skills and relationships can command annual salaries ranging from $100,000 to $800,000. The average salary for a cybersecurity consultant is about $110,000. The average compensation for an incident responder is $72,000. That is the lowest average salary in the space.

Salaries aside, the growth rate of new hires and training existing hires is extreme. Forty-seven percent of Chief Information Security Officers (CISOs) plan to hire additional security staff in 2017, while 45% will repurpose existing talent. Corporations will be the first to repurpose, while consulting firms and law firms will hire fresh faces.

An examination of desired certifications in cybersecurity by potential employers exposes the extreme imbalance between the supply and demand of qualified talent. The CISSP (Certified Information Systems Security Professional) is the most commonly accepted and requested certification in information security. There are approximately 70,000 CISSP certification holders in the country, but there are 92,802 open jobs requiring a CISSP. That's only a 75% supply-to-demand ratio. Right now there are 28,878 CISAs (Certified Information System Auditors) in the United States, but there are 50,224 active jobs requiring that certification. That's only a 57% supply-to-demand. Even more shocking, there are 10,447 CISMs (Certified Information Security Managers) in the country, but there are 30,549 active jobs requiring that certification. That's a whopping 34% supply-to-demand ratio.

The current state of cyber awareness in the Fortune 1000 has spiked in recent years. Seventy-four percent of CIOs and CISOs say security was a higher priority in 2016 than in the previous year. Sixty-nine percent of senior executives in the Fortune 1000 are re-engineering their approach to cybersecurity, and a variety of surveys find that roughly 60%-64% of CEOs will boost spending to protect against known security threats. Seventy-two percent believe line-of-business managers must take a greater role in developing security strategies, and nearly half of enterprises will combine security and operations personnel into teams for fortifying mission-critical applications.

Successful and publicly known hacks have reached an all-time high in recent years. In 2005, the United States reported 136 breaches. By 2016, there were over 800 reported breaches. It is estimated that a breach is occurring in the United States every five hours. If companies and individuals do not adapt, a breach will occur every five seconds by 2030. Right now, the average price of a data breach stands at about $4,000,000.

These statistics were taken from a variety of resources including Forbes, Cyberseek.org, Cybersecurity Ventures, BMC, Vice News Media outlets and more. Though the magnitude of cyber has already surpassed anything we have seen in e-discovery, the current statistical state of cybersecurity from a job supply/demand perspective may be a case of “e-discovery deja vu.” The history of e-discovery reflects much of the incongruent supply/demand in today's cybersecurity landscape. If what has happened to e-discovery talent and hiring patterns is what will happen to cybersecurity over the next decade, the history of e-discovery can serve as a road map to the future trends in cybersecurity.

History of One, Future of Another

The last 15 years of the e-discovery evolution can be compartmentalized into several chapters: The Wild, Wild West; Standardization & Stabilization; Depression; Massive Maturation; Consolidation.

2000-2004 'The Wild, Wild West'

It was a time to be a pioneer and was the birth of an industry. The talent supply/demand ratio was wildly in favor of demand over supply. Law firms and vendors were commanding premiums in pricing: $1,000/GB+ to process data. Many believed cost was impeding justice. Salaries increased by 20%-40% at the time of hire, and people were changing jobs every 6 to 18 months. Law firms were throwing money at e-discovery talent, and the same thing is happening right now in cybersecurity. Law firms had the power and were creating revenue centers with non-attorney staff for the first time.

The relationship between corporations, their outside counsel and the vendors was very linear. Corporations leaned on outside counsel for intelligence on e-discovery; law firms either did the work themselves or engaged their vendors who did the heavy lifting. Deliverables were ushered back up the chain linearly. The same thing is happening now in cybersecurity. When a company becomes aware it has been breached or needs cyberinsurance, who's the first person called? A lawyer. If the history of e-discovery is a mirror for the present of cybersecurity, then it is clear that cybersecurity is in its “Wild, Wild West” phase.

2004-2008 'Standardization and Stabilization'

Simple, popular tools were enough to get the job done. Concordance, Summation and IPRO dominated the space. Having solid Access and SQL skills accelerated earning potential. During this time, the idea that e-discovery was as much a client service challenge as it was a technical one came into clear focus. Thus, e-discovery project management as a career path was born. Tenure became a more valuable commodity than skill sets as hiring managers started making investments in talent, rather than filling a staffing void. Salaries were still increasing 10%-30% at time of hire, and new leaders emerged, generally in the form of AmLaw litigation support managers and directors. Times were good. Then the music stopped.

2008 'Depression'

Big banks were failing. Law firm giants were collapsing. Summer internship programs were cancelled. Lawyers got laid off. There was a greater saturation of available attorneys for contract review work. Vendors dropped pricing to compete in a saturated, fractured vendor marketplace with dozens of small to midsize competitors vying for the same business. The bottom fell out on e-discovery processing pricing by the gig and on document review hourly wages. e-Discovery professionals in high demand were now clinging to their jobs. Many were let go. The unbalanced supply/demand ratios of the “Wild, Wild West” days ended, and for the first time the scale tipped in favor of supply over demand. This created an availability of contract talent in e-discovery, first in review and over time in processing, hosting, production and project management. Many cybersecurity thought leaders have speculated as to an “event horizon” like the 2008 economic collapse that could indelibly change the landscape of the cyber job market. War, hacking of critical infrastructure, new technology and, of course, global economic failure are all possible events that could reshape today's cyber climate.

2009-2011 'New Tools, Rules & Schools'

e-Discovery got its act together. New federal rules came into play that balanced cost, transparency and justice. Information governance moved into the spotlight as corporations started to take a more meaningful look at how they managed their data as opposed to making sure they didn't spoil it. Certifications became accepted means of evaluating talent. ACEDS was born. LAW Pre-discovery and Concordance had popular certifying programs, and kCura came onto the scene with Relativity. Temporary litigation support staffing was up 30%, and salaries flatlined for folks changing full-time jobs. In turn, people stopped moving jobs so frequently. There were, however, massive layoffs at the leadership level for litigation support managers and directors in the Am Law 200, many of whom were victims of having the highest non-billable salaries. This is slowly happening today with CISOs, the litigation support directors of the cyberworld (Inside joke: How do you spell CISO? S-C-A-P-E-G-O-A-T), whose salaries are similar.

2011-2013 'Massive Maturation'

e-Discovery grew up quickly. The technology spotlight shifted to predicative data analytics to sort through the massive amounts of data involved in the discovery process. Managed Services started to become the preferred method of buying, increasing the vendors need for talent. This led to massive compartmentalization of EDRM roles. As vendors got bigger, roles were diversified to create greater efficiency and automation. Industrialization 101. As a result, the valuable asset to have professionally became consulting. Consulting capability became king. The demand for e-discovery project managers was explosive. This was also the beginning of massive vendor consolidation.

2013-2016 'Consolidation'

Private equity and venture capital got into e-discovery and massive vendor consolidation began to merge client bases. Vendors also shifted in one very specific direction during these years: they started selling directly to corporations instead of law firms. This shift changed the entire paradigm for buying, selling and pricing models in e-discovery. The once linear paradigm became a triangular one, with corporations buying directly from vendors and forcing outside counsel to use the vendor of their choosing. This trend has not been universal, but occurred often enough to shift the balance of power and revenue. As the vendors got bigger and the managed services contracts squeezed their pricing even more but provided predictable annual revenues, talent demand went up and salaries went down in order to meet the expectation of 24/7 service. These patterns persist.

Conclusion

Understanding the parallels between the current state of cybersecurity and the earliest phase of e-discovery allows us to predict — and more importantly, to prepare — for the future of cybersecurity. We can expect cybersecurity, currently in its “Wild, Wild, West” phase, to develop along similar patterns as e-discovery did, and legal technology professionals would be wise to plan accordingly.

Stay tuned for the final installment of the State of the Industry: e-Discovery & Cybersecurity for a deeper exploration of how professionals from e-discovery can move their career into cybersecurity and what to expect from a future career in information protection.

*****
Jared Coseglia is the founder and CEO of TRU Staffing Partners. He has over 13 years of experience representing talent in e-discovery, litigation support, cybersecurity and broadly throughout legal and technology staffing. Contact him at [email protected].

Part One of this article told the story of cybersecurity's impact on society, sex appeal, the war over talent, and the glamorization by Hollywood, as well as electronically stored information's (ESI) focal shift toward cyber and the stark differences between the current state of both disciplines. Part Two picks up by examining the current similarities between the two and details how the history of e-discovery mirrors the present of cybersecurity and is a predictor of future patterns in the cybersecurity staffing market.

Current State Similarities

Practitioners of both e-discovery and cybersecurity beg their customers to spend more time and money being proactive to their corporate challenges, but they ultimately spend the most time and money being reactive to urgent, time-sensitive problems that have legal ramifications: discovery and breach. According to Jerami D. Kemnitz, e-discovery, information governance, data privacy and data protection attorney at Fredrickson & Byron and former senior discovery counsel and global head of e-discovery at Wells Fargo: “Clients are generally still waiting to take action on proactive issues of information governance, privacy, and security until after a specific event forces them to take action.” The exception to this pattern typically resides in companies that are “highly regulated, namely healthcare and financial institutions, who deal daily in PHI (personal health information), PII (personally identifiable information), and other protected confidential information.” This behavioral kinship between cyber and ESI buyers of service and software continues to propagate aggressive vendor growth in both industries.

From a subject matter expertise perspective, e-discovery and cybersecurity overlap in several core areas, specifically forensic collection and investigation and information governance. Certifications from the International Association of Privacy Professionals (IAPP), specifically the Certified Information Privacy Professional (CIPP), are valued in both disciples, as are the more vocational forensic certifications such as EnCase, FTK and Cellebrite. Professionals with these attributes will have the most immediate ability to matriculate between industries.

There is an abundance of seemingly trivial, but highly job search-relevant similarities between e-discovery and information security. Right now, both share an evolving technology landscape with software providers vying for dominance in talent cache. A career in either generally commands a premium in compensation. Jobs are abundant in major cities, with some hiring happening in second- and third-tier markets. Both industries have talent pools craving the ability to work remotely from home, but have been slow to adopt remote workers compared to other professions. They share overlapping buyers and stakeholders who are responsible for hiring and driving people, process and technology decisions. Finally, and most potently, cybersecurity currently suffers from a massive drought of talent, just as e-discovery did in its golden age.

The Current State of Cybersecurity: A Deeper Statistical Look

The current cybersecurity job market mirrors the past of the e-discovery job market on a much larger scale (see, i.e., TRU's “Current Cyber State 'Right Now' Video“).

Right now, there is a dangerous shortage of cybersecurity professionals in the United States. The talent gap exists across all roles and geographies. There are 780,000 professionals employed nationally in cybersecurity. But there are 350,000 active jobs open. California has 45,602 open cybersecurity jobs. Virginia and Washington, DC, have 36,342 open jobs. New York has 20,233 open jobs. Illinois has 15,381 open jobs. Currently these states carry more than 33% of the entire cyber job market, much like e-discovery circa 2006.

Compensation in cyber is very competitive. Executives transitioning from federal agencies with the right skills and relationships can command annual salaries ranging from $100,000 to $800,000. The average salary for a cybersecurity consultant is about $110,000. The average compensation for an incident responder is $72,000. That is the lowest average salary in the space.

Salaries aside, the growth rate of new hires and training existing hires is extreme. Forty-seven percent of Chief Information Security Officers (CISOs) plan to hire additional security staff in 2017, while 45% will repurpose existing talent. Corporations will be the first to repurpose, while consulting firms and law firms will hire fresh faces.

An examination of desired certifications in cybersecurity by potential employers exposes the extreme imbalance between the supply and demand of qualified talent. The CISSP (Certified Information Systems Security Professional) is the most commonly accepted and requested certification in information security. There are approximately 70,000 CISSP certification holders in the country, but there are 92,802 open jobs requiring a CISSP. That's only a 75% supply-to-demand ratio. Right now there are 28,878 CISAs (Certified Information System Auditors) in the United States, but there are 50,224 active jobs requiring that certification. That's only a 57% supply-to-demand. Even more shocking, there are 10,447 CISMs (Certified Information Security Managers) in the country, but there are 30,549 active jobs requiring that certification. That's a whopping 34% supply-to-demand ratio.

The current state of cyber awareness in the Fortune 1000 has spiked in recent years. Seventy-four percent of CIOs and CISOs say security was a higher priority in 2016 than in the previous year. Sixty-nine percent of senior executives in the Fortune 1000 are re-engineering their approach to cybersecurity, and a variety of surveys find that roughly 60%-64% of CEOs will boost spending to protect against known security threats. Seventy-two percent believe line-of-business managers must take a greater role in developing security strategies, and nearly half of enterprises will combine security and operations personnel into teams for fortifying mission-critical applications.

Successful and publicly known hacks have reached an all-time high in recent years. In 2005, the United States reported 136 breaches. By 2016, there were over 800 reported breaches. It is estimated that a breach is occurring in the United States every five hours. If companies and individuals do not adapt, a breach will occur every five seconds by 2030. Right now, the average price of a data breach stands at about $4,000,000.

These statistics were taken from a variety of resources including Forbes, Cyberseek.org, Cybersecurity Ventures, BMC, Vice News Media outlets and more. Though the magnitude of cyber has already surpassed anything we have seen in e-discovery, the current statistical state of cybersecurity from a job supply/demand perspective may be a case of “e-discovery deja vu.” The history of e-discovery reflects much of the incongruent supply/demand in today's cybersecurity landscape. If what has happened to e-discovery talent and hiring patterns is what will happen to cybersecurity over the next decade, the history of e-discovery can serve as a road map to the future trends in cybersecurity.

History of One, Future of Another

The last 15 years of the e-discovery evolution can be compartmentalized into several chapters: The Wild, Wild West; Standardization & Stabilization; Depression; Massive Maturation; Consolidation.

2000-2004 'The Wild, Wild West'

It was a time to be a pioneer and was the birth of an industry. The talent supply/demand ratio was wildly in favor of demand over supply. Law firms and vendors were commanding premiums in pricing: $1,000/GB+ to process data. Many believed cost was impeding justice. Salaries increased by 20%-40% at the time of hire, and people were changing jobs every 6 to 18 months. Law firms were throwing money at e-discovery talent, and the same thing is happening right now in cybersecurity. Law firms had the power and were creating revenue centers with non-attorney staff for the first time.

The relationship between corporations, their outside counsel and the vendors was very linear. Corporations leaned on outside counsel for intelligence on e-discovery; law firms either did the work themselves or engaged their vendors who did the heavy lifting. Deliverables were ushered back up the chain linearly. The same thing is happening now in cybersecurity. When a company becomes aware it has been breached or needs cyberinsurance, who's the first person called? A lawyer. If the history of e-discovery is a mirror for the present of cybersecurity, then it is clear that cybersecurity is in its “Wild, Wild West” phase.

2004-2008 'Standardization and Stabilization'

Simple, popular tools were enough to get the job done. Concordance, Summation and IPRO dominated the space. Having solid Access and SQL skills accelerated earning potential. During this time, the idea that e-discovery was as much a client service challenge as it was a technical one came into clear focus. Thus, e-discovery project management as a career path was born. Tenure became a more valuable commodity than skill sets as hiring managers started making investments in talent, rather than filling a staffing void. Salaries were still increasing 10%-30% at time of hire, and new leaders emerged, generally in the form of AmLaw litigation support managers and directors. Times were good. Then the music stopped.

2008 'Depression'

Big banks were failing. Law firm giants were collapsing. Summer internship programs were cancelled. Lawyers got laid off. There was a greater saturation of available attorneys for contract review work. Vendors dropped pricing to compete in a saturated, fractured vendor marketplace with dozens of small to midsize competitors vying for the same business. The bottom fell out on e-discovery processing pricing by the gig and on document review hourly wages. e-Discovery professionals in high demand were now clinging to their jobs. Many were let go. The unbalanced supply/demand ratios of the “Wild, Wild West” days ended, and for the first time the scale tipped in favor of supply over demand. This created an availability of contract talent in e-discovery, first in review and over time in processing, hosting, production and project management. Many cybersecurity thought leaders have speculated as to an “event horizon” like the 2008 economic collapse that could indelibly change the landscape of the cyber job market. War, hacking of critical infrastructure, new technology and, of course, global economic failure are all possible events that could reshape today's cyber climate.

2009-2011 'New Tools, Rules & Schools'

e-Discovery got its act together. New federal rules came into play that balanced cost, transparency and justice. Information governance moved into the spotlight as corporations started to take a more meaningful look at how they managed their data as opposed to making sure they didn't spoil it. Certifications became accepted means of evaluating talent. ACEDS was born. LAW Pre-discovery and Concordance had popular certifying programs, and kCura came onto the scene with Relativity. Temporary litigation support staffing was up 30%, and salaries flatlined for folks changing full-time jobs. In turn, people stopped moving jobs so frequently. There were, however, massive layoffs at the leadership level for litigation support managers and directors in the Am Law 200, many of whom were victims of having the highest non-billable salaries. This is slowly happening today with CISOs, the litigation support directors of the cyberworld (Inside joke: How do you spell CISO? S-C-A-P-E-G-O-A-T), whose salaries are similar.

2011-2013 'Massive Maturation'

e-Discovery grew up quickly. The technology spotlight shifted to predicative data analytics to sort through the massive amounts of data involved in the discovery process. Managed Services started to become the preferred method of buying, increasing the vendors need for talent. This led to massive compartmentalization of EDRM roles. As vendors got bigger, roles were diversified to create greater efficiency and automation. Industrialization 101. As a result, the valuable asset to have professionally became consulting. Consulting capability became king. The demand for e-discovery project managers was explosive. This was also the beginning of massive vendor consolidation.

2013-2016 'Consolidation'

Private equity and venture capital got into e-discovery and massive vendor consolidation began to merge client bases. Vendors also shifted in one very specific direction during these years: they started selling directly to corporations instead of law firms. This shift changed the entire paradigm for buying, selling and pricing models in e-discovery. The once linear paradigm became a triangular one, with corporations buying directly from vendors and forcing outside counsel to use the vendor of their choosing. This trend has not been universal, but occurred often enough to shift the balance of power and revenue. As the vendors got bigger and the managed services contracts squeezed their pricing even more but provided predictable annual revenues, talent demand went up and salaries went down in order to meet the expectation of 24/7 service. These patterns persist.

Conclusion

Understanding the parallels between the current state of cybersecurity and the earliest phase of e-discovery allows us to predict — and more importantly, to prepare — for the future of cybersecurity. We can expect cybersecurity, currently in its “Wild, Wild, West” phase, to develop along similar patterns as e-discovery did, and legal technology professionals would be wise to plan accordingly.

Stay tuned for the final installment of the State of the Industry: e-Discovery & Cybersecurity for a deeper exploration of how professionals from e-discovery can move their career into cybersecurity and what to expect from a future career in information protection.

*****
Jared Coseglia is the founder and CEO of TRU Staffing Partners. He has over 13 years of experience representing talent in e-discovery, litigation support, cybersecurity and broadly throughout legal and technology staffing. Contact him at [email protected].