Broke Cyber Pros Flock to Cybercrime Side Hustles

We Keep you Connected

Broke Cyber Pros Flock to Cybercrime Side Hustles

Burned-out cybersecurity professionals dealing with layoffs and stressful working conditions are increasingly finding a better way to earn a buck: cybercrime.
March 8, 2024
Cybersecurity professionals are finding it more attractive to take their talents to the Dark Web and earn money working on the offensive side of cybercrime. This puts enterprises in a tough spot: cut into profit growth to keep cybersecurity skills from flowing to the highest bidder, or figure out how to defend their networks against those who know their weaknesses most intimately.
Layoffs and consolidation across the cyber sector is ratcheting up the pressure on the remaining workers, while at the same time salary growth is stalling — making a cybercrime side hustle an increasingly attractive way for cyber pros to make ends meet, according to a new study out of the Chartered Institute of Information Security (CIISec), which analyzed Dark Web advertisements for cybercriminal services provided by professionals with cybersecurity day jobs.
The CIISec report found a raft of offers on Dark Web sites, including a pro Python developer who would make chatbots for $30 an hour to earn extra Christmas present money for their kids. Another seasoned developer will make phishing pages, crypto drainers, and more, while yet another will use AI to help with coding, starting at $300 per hour, CIISec reported.
This alarming trend marks an entirely new era in cybersecurity, according to Devin Ertel, CISO at Menlo Security.
"I'm shocked and troubled to witness skilled professionals turning to cybercrime amidst mass layoffs," Ertel says. "This marks a significant shift, reflecting the urgent need for both employment and ongoing training within the field."
Ertel points to a surplus of cyber talent and economic uncertainty as potential drivers of the "unfortunate trend."
Gartner predicts that by 2025, 25% of cybersecurity leaders will leave their roles due to stress. And despite layoffs in the cybersecurity sector, which have largely focused on non-technical roles in marketing, sales, and administration, there are still hundreds of thousands of open jobs in the US cybersecurity sector alone.
That puts even more pressure on teams that remain, driving down morale across the industry, which cybersecurity expert and consultant Hal Pomeranz worries might also lead to a spike in insider threats.
"Rather than worrying about external threats, I would be on the lookout for insider attacks," Pomeranz says. "Mass layoffs in the tech industry destroy employee morale and breed cynicism and contempt for management. I wonder how many of the remaining employees would feel comfortable selling out their employers if the price was right?"
The solution for many enterprises requires a better understanding of the roles they're trying to fill and matching them with the right employees, Gareth Lindahl-Wise, CISO with Ontinue, says.
"There is, without doubt, a shortage of both skilled and experienced cyber professionals," Lindahl-Wise explains. "However, I would be as blunt as saying there is some misguided expectation on the part of the buyer. Do you really need someone with X years' experience on a security domain tangential to the job you want them to do?"
Once hired, cybersecurity talent should be presented with a additional professional development opportunities as well as a career path, Patrick Tiquet, vice president of security and architecture with Keeper Security, advises.
"Business leaders are challenged with sourcing the necessary cybersecurity talent to keep their organizations secure as they balance distributed remote workforces and a growing number of endpoints with a threat landscape that continues to expand," Tiquet explains. "Beyond competitive compensation, organizations must provide clear career paths for those looking to advance, professional development opportunities, and flexible work arrangements that allow for remote work when possible."
Beyond recruiting and hiring, and closing the cybersecurity skills gap, ColorTokens VP Sunil Muralidhar urges managers to focus on mental health and stress management among their cybersecurity teams.
"Working with security professionals across different roles — from practitioners to executives, to partners — reveals a common thread of high stress levels among them," Muralidhar says. "This is largely due to the disproportionate burden that security bear in safeguarding the organization with significantly limited resources."
Becky Bracken, Editor, Dark Reading

You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Enterprise Cybersecurity Plans in a Post-Pandemic World
The Infoblox Q1 2021 Cyberthreat Intelligence Report
Secure Access for Operational Technology at Scale
FortiSASE Customer Success Stories – The Benefits of Single Vendor SASE
Mandiant Threat Intelligence at Penn State Health
2023 Snyk AI-Generated Code Security Report
Understanding AI Models to Future-Proof Your AppSec Program
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

TNC

LET US MANAGE YOUR SYSTEM
SO YOU CAN RUN YOUR BUSINESS

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE