I recently advertised on Kaggle to find a data scientist to help answer a question I was pondering: With the spate of distributed denial of service (DDoS) attacks in the last year, were companies seeking candidates with corresponding mitigation skills? The idea was to scan and analyze job board posts to see if Imperva could find any evidence of a trend.
We ended up working with a small analytics consulting company to help us tease out the trends, and I think you will find the results interesting. On a worldwide basis, they point to a sustained increase in demand for professionals having DDoS mitigation experience across IT security, network engineering and operations, systems administration and DevOps.
Data was mined from the Indeed.com and Dice.com sites using a JSON API to search for job listings which included the keyword “DDoS.” This was repeated for each of 37 countries within the analysis scope. (We were unable to include Simply Hired in the report at this time.)
Indeed.com yielded 1,177 listings going back four months; this forms the basis for our analysis. By contrast, Dice listings were limited in age to 30 days. Its U.S. listings were 20 percent of Indeed’s number, and Dice had only a couple of DDoS-related listings outside of the U.S. We looked into other Dice job sites (Slashdot, Sourceforge and their UK site) and didn’t encounter significant results on those either. So no Dice.
Exploratory analysis was done on the raw data, which was subsequently cleansed and categorized into four profiles: network engineer, sysadmin, security and DevOps. Because about 12 percent of the listings matched a sales and marketing profile, these were omitted from our analysis.
The listings distribution for the required roles over the last three months was plotted on geographical maps, and a linear model was used to fit and observe the trend. While survivorship bias from expired listings could potentially have skewed the analysis, we believe the results are still insightful and useful.
Tools and Expressions Used
The analysis work was done using R, a software environment for statistical computing and graphics. ggplot2 for R was used for visualization, while mapping visualization was performed with ggmap; the latter using both Google maps and OpenStreetMaps.
The following regular expressions were used to determine job profile.
# Network Engineer, System Admin, Developer, Sales, Security
salesKeyWords <- “(Sales)|(Business Development)|(Marketing)|(Alliance)|(Demand Generation)|(Product(.*)M)|(Account(.*)Manager)”
networkEngineerKeyWords <- “Network|(Network Engineer)|(SOC)|(NOC)|(Network Operations)|(Network(*)Architect)|(Network Administrator)”
securityKeyWords <- “(Security)|(Penetration)|(Intrusion)|(Intelligence)|(InfoSec)|(DDoS)|(Firewall)|(Attack)|(Cyber)|(Cryptographic)”
sysAdminKeyWords <- “(System)|(Administrator)|(Linux)|(Infrastructure)”
developerKeyWords <- “(Copywriter)|Architect)|(Software)|(Devops)|((*)Scientist)|(Engineer)|(Developer)|(WAF)|(Analyst)|(Data(.*)Architect)”
Interestingly, or perhaps depressing, is the fact that DDoS is a universal term. Job listings in Chinese, German, French and a host of other languages all included it.
DDoS Mitigation Skills Are in Demand Worldwide
For the analysis time period, we observed 983 open positions across 37 countries. Plotted on a world map, these are shown in Figure 1.
Figure 1: DDoS mitigation skills are in demand across the world
Our analysis revealed that 85 percent of the job postings came from eight countries, shown in Figure 2 below. We were initially surprised to see so many openings in China and can think of three possible explanations:
- There are more DDoS attacks in China.
- The growth of online Chinese companies that cannot tolerate disruption.
- The statistic shows an equivalent trend in China relative to the U.S. based on the size of the workforce in China. We cannot definitively say that there is more DDoS attacks in China than in the U.S., though it’s something we could research.
Figure 2: Top eight countries looking for DDoS prevention skills
Our analysis then examined demand by job profile in more detail (Figure 3). Looking at the trends, we discovered that demand has been increasing for each profile. Not surprisingly, it’s highest among security professionals, with a big jump from May through July. Network engineers also showed a significant increase.
Figure 3: DDoS mitigation skill requirement by job profile
Demand is Growing in the U.S.
Here in the U.S., there were 392 postings for these job profiles over the last three months. Looking at the openings on the map (Figure 4), you’ll notice that listings are concentrated—not surprisingly—in major cities like New York, Boston, Los Angeles, San Francisco, Chicago, Miami, Austin and Seattle. (We assume Austin’s tech scene put it on the map, though it is the eleventh largest city in the U.S.)
Figure 4: Where DDoS mitigation jobs are located
Aggregate demand is shown in Figure 5. Again the trend reflects an increasing number of jobs where DDoS mitigation skills are in demand. Security jobs lead, having shown a big jump in July. We were interested to see growth in the need for DDoS blocking skills among DevOps job openings—yet another skill this already-broad role needs to bone up on. But in thinking about it, keeping a site up or an app running is at the core of a DevOps position, so perhaps this is not too surprising.
Figure 5: The demand for DDoS mitigation skills by role
Figure 6 provides another view where you can see the relative growth slope. As we keep watching this space, we’ll be curious to see if DevOps ramps more quickly over subsequent quarters.
Figure 6: U.S. demand growth shown by job role
Conclusion and Implications
Clearly, organizations are aggressively looking to hire those having DDoS mitigation skills. The growth in global DDoS attacks makes it essential for every organization to have a DDoS planning, prevention and mitigation strategy—as well as the trained staff to execute it.
It can take months to hire a person possessing the right technical skills. We think finding people with robust DDoS mitigation skills is especially difficult, given that attacks often cross the domains of network and application layers, web infrastructure and applications, system administration, data center operations and DevOps. Also, today’s DDoS perpetrators are increasingly skilled and nimble, so IT professionals need to be equally adept at stopping new types of attacks.
We are going to keep an eye on this space by periodically looking at technical job postings in relation to DDoS. To eliminate survivorship bias, we’re planning a follow-up project phase that periodically extracts listings, and then aggregates them over a longer period. This data will be analyzed for:
- demand growth related to DDoS mitigation skills
- corresponding geographical locations of the demand
- posting lifespans, reflecting the difficulty in finding and hiring such skilled professionals
These marketplace trends can then be projected with a high degree of confidence.
I’m curious to learn if you’re seeking DDoS mitigation pros, and if you’re looking to hire them in network operations, security or DevOps. Also, if you have ideas regarding what Incapsula should compare DDoS mitigation growth to—like another security or networking skill or technology—let us know and we may include it in our future analysis.