Redundancies are being made all across the tech playing field. Once untouchable companies like Amazon, Microsoft, and Meta are all feeling the pinch. Needless to say, it’s a strange time to work in any kind of tech recruiting field.

There was a time when “a job in tech,” or especially “a job in cybersecurity” was a safe bet. But have those times changed? What’s happening? Is a job in cybersecurity – especially one at the Big Five – still recession-proof?

Let’s explore things from our perspective as cybersecurity recruiters operating on both sides of the Atlantic.

When Tech Got Big

Let’s start with a bit of a history lesson. Big tech has been on an upward trajectory since the 2000s – as evidenced by their hammock-lounges, their foosball tables in the break room, and their elegant, sprawling campuses. The “noughties” were a pivotal, formative time for many of the household tech names we know today: Amazon, Google, Meta (formerly Facebook), and more – with search, e-commerce, and social media platforms being particular rising stars at the time.

Despite some slowing around the 2007 financial crisis, big tech by and large went from strength to strength; something that came to a head in 2020 with the COVID-19 pandemic.

As we all adjusted to life under lockdown, particularly well-placed tech companies – in both the B2B and B2C realms – started riding high. On the whole, as working from home took hold, B2B tech services like collaboration software saw user numbers grow. And as people were spending more time at home, e-commerce B2Cs benefited as those who could afford it were learning new skills and treating themselves.

We know we’re grossly oversimplifying here and we don’t want the businesses and people who became insolvent during the pandemic to go unrecognised. Yet there was a distinct attitude brewing in tech all this time: that they are too big to fail.

What Goes Up, Must Come Down

Yet, as always, pride comes before a fall.

CNBC reports that big tech companies have laid off 70,000 employees in the last year. Forbes reports that 81,000 employees lost their jobs in major US layoffs in January 2023 alone, including massive cuts at big tech companies. Amazon is laying off more than 18,000 people. Microsoft announced 10,000 layoffs on 18th January. Meta is allegedly setting the stage for layoffs following thousands of “subpar” performance reviews.

All in all, big tech lost $7.4 trillion in 2022. Amazon has broken many records in its years as a tech behemoth, but its most recent “accolade” is becoming the first publicly traded company to lose $1 trillion dollars. Second in terms of losses is Microsoft, who lost $889 billion in value last year. Headlines like these are likely to drive both new and existing investment away.

So… What on Earth Happened?

Let’s zoom out of big tech losses for a second and take a look at the past three years – not as techies, not as recruiters, but as humans.

At the time of publishing, it will have been three years since the onset of the COVID-19 pandemic. A lot can happen in three years, and it certainly has. We’ve seen countless lives inexorably changed by a brutal, ongoing pandemic and a brutal, ongoing war on the frontiers of mainland Europe. We’re seeing a slow-burn workers’ revolt happening around the western world as people are fighting for their work and their worth. And we’re also in the midst of a crushing, inflation-fuelled cost-of-everything crisis.

Needless to say, it’s been a rocky three years for many of us. And now, as whispers abound about a looming recession and further economic uncertainty, individuals, businesses, and investors are all tightening their belts. Collective belt-tightening affects the whole market. It’s simple economics: when people and companies have less to spend, they spend less.

And naturally, when there’s less money to go around, investors start watching the pennies too. Therefore, external investment in anything becomes harder to secure.

When it comes to both boosting profits and seeking investment, big tech firms are in a rather difficult position. They have to endure these inevitable losses under the microscope of public scrutiny, airing their dirty PR laundry for all to see, whether they like it or not. This runs the risk of further withering investment, shrinking opportunities, and exacerbating losses.

Why Are Jobs Being Shed in Big Tech?

Oh, to be a fly on the wall at the big tech firms’ boardrooms when the big layoff sharpie was the only thing being employed. Though even without having the inside scoop, we do have a couple of opinions.

We all know that when economic waters get choppy, companies often jettison costs to stay afloat; and jobs are one of the first, ongoing costs that often finds itself adrift. When it comes to job losses at smaller companies, we feel this is the most likely culprit.

But let’s look at some of the larger tech providers for a second, through the lens of our above modern history lesson. We think it’s the “too big to fail” attitude that did these companies the most damage. Boom hiring practices always set companies up for a fall when the inevitable bust comes, and for those who managed to capitalise on the pandemic, this rise and fall has been particularly acute.

Within many of these companies, more hands were needed to fuel new (possibly pandemic-related) profits; often quite quickly, and therefore without much forethought. So technical hiring managers might have been given somewhat of a blank cheque to make sure the techy lights stayed on – which resulted in them soaking up tech talent like a sponge.

“Growth for Growth’s Sake” is a Bad Goal and a Risky Bet

Now, sadly, the unhindered growth of the noughties and 2010s is no longer tenable. Assuming that nearly two decade’s worth of tech gains were going to continue unabated was a risky, short-sighted bet, yet one that many tech businesses took. Because many leaders are sadly of the mind that growth is automatically good, whenever and however it comes.

These organisations brought people on, firmly stuck in a growth mindset – oblivious (or deliberately blinkered) to any bust that would inevitably come. Let us not forget that infamous quote from Edward Abbey “Growth for the sake of growth is the ideology of the cancer cell.”

Before the recent layoffs, big tech firms were famously oversubscribed, with one industry expert describing them as being “drunk on hiring.” These redundancies redress this balance, but do so in a way that is incredibly painful to thousands of individuals.

But market fluctuations have rocked the tech world before now – just look at the dot com bust. Overconfidence in an internet-fuelled future excited venture capitalists in the late 90s. Eager to uncover the latest .com golden goose, a lot of overconfident, speculative investments were made. Tech rode high, but much like today’s speculative overconfidence in neverending growth, it couldn’t last forever. It’s no surprise that comparisons are being made between the two situations.

The Three Departments That Get Cut in a Pinch

Before we bring it back around to our finishing statements, let’s remind ourselves of three departments that, in our experience, often get cut when the chips are down (not counting any “last-in, first-out” job-chopping). However, we’d argue that sweeping cuts in any of these departments can wind up shooting yourself in the foot, especially when not handled properly.

Cyber, Information, Network, and Development Security

This one’s most relevant to our audience. Sadly, security operations of all stripes can be seen as a bit of a cost centre to those who don’t understand their importance – a black hole that eats up money and resources and spits out little in return. But, if you’re here, you know what a dangerous game that is to play if you don’t retain a certain level of security talent or replace it with an outsourced service like an MSSP.

Yes you can outsource the work, yes you can outsource the risk (to an extent), but you will never outsource the consequences of an attack. And let’s not forget that cyber attacks can lead to job losses in and of themselves.

Internal Recruiters

As recruiters, it pains us to say this. But when jobs are being shed, there’s little use for the people who bring more people on. It’s just one reason why investing in a “pick-up, put-down” recruiting service like ours is particularly attractive to businesses. Sorry, internal recruiters.

Marketing

This one is a little left field, but it does have a shred of relevance. Any investment in marketing often gets chopped in times of uncertainty. Yet when companies pull promotional plugs out without much planning or foresight, they limit their ability to find new business – and to therefore secure the future of remaining jobs.

There’s also an argument to be made that marketing departments’ belt-tightening may have contributed to the reported reduction in ad spend with big tech companies.

Are Information Security Jobs Recession-Proof?

Not 100%, no. But there is a silver lining here.

Despite the massive cuts made across departments at tech firms, Fortune Education reports that they largely impact product teams, recruiters, marketing, and sales roles. They quote VillageMD CISO Dan Walsh in saying that cybersecurity layoffs have been “few and far between.” Walsh continues “There’s still more jobs open than there are people to fill them.”

Let’s not just take one man’s word for it. The global cyber security skills shortfall is still huge, with the (ISC)² Cybersecurity Workforce Study 2022 finding that the world is in need of 3.4 million cybersecurity professionals, a figure that is up by over a quarter compared to the previous year. According to the report, the US was short 410,695 cybersecurity professionals, and the UK was in need of 56,811.

Let’s not forget the most likely reason why those in the infosec world are still so in-demand: because cyber crime isn’t going anywhere. Cutting a couple of jobs may bag the company an extra few hundred thousand pounds/dollars at the end of the year, but one well-placed cyber attack can wipe millions off the profit and loss sheet, and cause unquantifiable reputational losses. Cut the wrong infosec jobs, and a company risks catastrophic losses – and potentially more layoffs as a result.

And as more companies suffer cyber incidents, the more the importance of infosec personnel will be brought into sharp focus.

In the longer term, we feel that we’re still seeing the growing pains of an industry that is still relatively young compared to the likes of old players like banking and manufacturing – industries that have been around for centuries, not decades. As the tech industry matures and stabilises, we feel that it will naturally see cycles of boom and bust.

However, we feel it will get stronger after every “bust” and emerge like a phoenix, powered by ever-developing user needs and the latest tech advances.

A Word of Warning From Our MD

It may be true that infosec jobs will weather the current storm better than other roles but, personally, it does concern me to see a lot of infosec leaders on the market. When employers perceive that they have a choice of talent, it can become a bit of a buyers’ market, wherein salaries get budgeted at less than the roles are worth.

However, lowering security salaries during a fallow period is equally as shortsighted as the issues above. As soon as the market picks up again, the average going rate for security leaders will too; and those on lower salaries may well leave for more lucrative opportunities. The employer will then have to inevitably put their rates back up to industry standard to attract someone new.

What We Feel Tech Companies Can Learn From the Current Situation

  • Don’t Let “Good Times” Money Burn a Hole in Your Pocket; especially when it comes to decisions that may affect real peoples’ lives when times change. Permanent hires are more than just a resource that can be tapped into as needed, they’re humans who rely on you for their ability to exist. No company is safe from fluctuation, but when the pound or dollar signs are flowing your way, don’t spend shortsightedly on personnel.
  • Approach Redundancies Sensibly. We know that in tough times, efficiencies need to be made. But approach layoffs with kindness, grace, and humility. For example, HubSpot apparently handled layoffs with incredible generosity – cutting certain losses in the here and now for the good of both their laid-off staff and for later returns.
  • Remember Your Technical Functionality. When the layoff sledgehammer gets used too liberally within tech teams, companies may be doing the technical/HR equivalent of unplugging random cables without much care for what they do.
  • Align Comms and Actions Through Good Times and Bad. Once spurned, the court of public opinion can be a tough crowd to win back. Approach layoffs behind closed doors with the same sensitivity and humility as you would when facing the public – because once the layoffs are said and done, laid-off individuals are the public!

Our Message to Laid-Off Technical and Infosec Staff

  • Your Job Isn’t Your Identity – These recent layoffs are often due to a multitude of factors outside of your control; some of which are wide-reaching and systemic. Remember that one closed door doesn’t mean that others won’t open with the right approach and attitude.
  • Connect With Others – Network, network, network! Of course this would be an opportune time to network with recruiters and potential employers, but don’t forget to network with people in the same boat as you. Whether you end up commiserating together or finding useful opportunities together, you won’t know unless you try!
  • Keep an Eye Out for Eager Startups – Tech startups with their sights on meteoric growth might be a perfect match for those with infosec experience. If you worked at a big tech behemoth, these smaller fish may even want to pick your brains about how things got done at the companies they are looking to emulate.
  • Infosec Leaders Can Explore NED Positions – Whilst in your previous role, you may not have had the opportunity to explore non-exec director posts but if you have board-level experience under your belt, it may be worth exploring.
We understand that this is a tough time for many, but we’re willing to do what we can for as many infosec leaders as possible. If you’re an infosec leader who has been affected by the recent job cuts, we’d love to hear from you. Likewise, if you are hiring for a security leadership role, please get in touch.
Back to Publications

More Publications

10 Benefits of Talking to a Recruiter – Even if You’re Employed

Read more

Is a 4-Day Work Week Possible for CISOs and Cybersecurity Leaders?

Read more

The C-Suite Jigsaw Puzzle: Does It Really Matter Who CISOs Report To?

Read more