Tech professionals in Vietnam prefer foreign companies: IT salary report

Six takeaways from the most-updated nationwide report reveal what IT professional salaries and expectations in 2022-2023 look like.

Designed to address and understand the multifaceted IT job market with tons of "rosy myths" about salary and tasks, "Salary & Job Expectation of IT Professionals in Vietnam 2022-2023" builds on a detailed analysis of 1,257 IT workers’ responses across the country.

With an employee-based orientation, the latest report reveals, including but not limited to, IT professionals’ salaries based on positions and experiences, expectations among employers, and desired improvement areas.

Information technology (IT) jobs have been in high demand as technology products and services become more integral to our lives. The U.S. Bureau of Labor Statistics (BLS) projects the computer science and IT industry’s employment rate to grow 21% from 2021 to 2031, much faster than the average for all occupations.

The job market in Vietnam is not an exception, which is witnessing an expansion in the IT field regarding the number of companies and jobs. While there are still unexplored facets in the field, the report titled "Salary & Job Expectation of IT Professionals in Vietnam 2022-2023", for the first time ever, has been released to reveal in-depth aspects of IT jobs based on 1,257 responses from IT professionals.

Positions with the highest salary

Game, Data, and AI/Machine Learning positions have the highest salary, compared to others with the same years of experience.

According to self-report salaries from IT professionals in different types and years of experience, IT professionals in the field of Data and AI/Machine Learning, who have at least three working years, can earn monthly salary of VND30,500,000.

Meanwhile, with the same experience, Front-end Developers and Designers make only VND23,000,000VND and VND28,000,000 per month, respectively. Even professionals with more experience in the job market receive salaries that are lower or just slightly higher than those in Data and AI/Machine Learning positions.

Four-year experienced Back-end and Full-stack Developers, for instance, have a median monthly salary of VND30,000,000 and VND29,000,000, correspondingly. Mobile Developers with five experienced years can make VND33,500,000 per month. In contrast, by merely acquiring two years of experience, a Game Developer can receive a monthly salary of VND27,000,000.

Salary by IT for position & years of experience scatter chart in the report. Photo courtesy of itviec

Trendy programming languages

Trendy and specialized programming languages like Python, TypeScript, and Go may guarantee higher pay than other skills. IT professionals mastering these languages have a monthly salary of VND30 million to VND40 million with three to five years of experience. HTML/CSS, conversely, is the lowest-paid skill, with a salary of VND16 million per month.

With skills in Dart and C# programming languages, it may be more challenging for IT professionals to earn a competitive salary. Their monthly median salary is VND22,500,000, with four-year experience, and VND28,500,000, with five-year experience, respectively.

JavaScript, Bash/Shell, and Ruby languages are worth keeping an eye on if IT professionals want higher earnings, thanks to their essentiality and productivity.

Advertising

Hybrid working

The Covid-19 pandemic might impact the way employees in all professions think about their working modalities. A total 70.2% of 1,257 IT professionals participating in the research were attracted and cared more about job offers that allowed hybrid working mode. Nevertheless, it was not their top concern when applying for a job.

The top four topics an IT professional would love to discuss during a job interview include the working style of future leaders, company culture, company/product development potentiality, and new challenges to conquer.

Interestingly, while salaries do not appear as IT workers’ most prioritized consideration, a large number of them expected to receive at least a 20% salary increase to accept a new job offer.

Salary is the main deciding factor for IT employees when it comes to reasons for quitting their current job. Unsatisfying salaries and rare/no chances to raise wages are the top two motives leading IT professionals to give up. Two more are no challenges in working tasks and rare/no promotion opportunities. Employees may find no conquering tasks when their assignments are too easy, on a small scale, or already in shape. Factions and politics at the workplace also contribute to employee decisions to resign.

Regarding an ideal company, IT professionals tend to refer to corporations originating from European countries, America, or Canada. Vietnamese companies come in third place, which is moderately higher than Australian and New Zealand corporates.

Once again, flexibility to work at home or no timekeeping required plays an important role to make employees stay loyal. Other factors concerning company culture are getting along with colleagues and reasonable workload, particularly, limited overtime tasks.

A clear vision of prospective growth from the company, leaders and themselves is the most significant preference of IT professionals when considering staying with a company. They would love not only to know their development and promotion potential but also to have leaders who can provide explicit foresight and orientations.

Training suggestions for HR departments

Most IT professionals want to enhance their technical skills & knowledge for short-term plans, covering 60% of responses, while switching to management skills and positions involve long-term objectives.

The top two improvement areas that they focus on are English and technological expertise. They are looking forward to learning new programming languages including Python, Go, and TypeScript at 25,3%, 22,4%, and 15%, respectively. If you find those languages familiar, yes, you read it from the second takeaway. It is reasonable to learn skills that bring you more stipend.

The report has been released for the very first time, conducted and published by ITviec, the leading job site for IT recruitment in Vietnam. The report's findings aim to provide employers a better understanding of each IT position/type, thus, developing more successful job offers.

Qualitative information was gathered via in-depth interviews with professionals in typical IT roles. An online survey was employed consisting of multiple short questions and can be completed within 20 minutes. Qualified respondents are ITviec users and from other sources that do not relate to the ITviec platform. The report does not include IT freelancers and people who do not work in IT.

https://ampe.vnexpress.net/news/business/tech-professionals-in-vietnam-prefer-foreign-companies-it-salary-report-4532037.html

Top Ten Cybersecurity Trends

Cyber security is a fast-moving sector, as both hackers and security providers vie to outsmart each other. New threats – and innovative ways to combat them – emerge all the time. In this overview, we explore the latest trends in cyber security.

1. Remote working cybersecurity risks

The Covid-19 pandemic forced most organizations to shift their workforces to remote work, often quite rapidly. Many surveys suggest that post-pandemic, a high proportion of the workforce will continue to work remotely.

Working from home poses new cybersecurity risks and is one of the most talked-about new trends in cyber security. Home offices are often less protected than centralized offices, which tend to have more secure firewalls, routers, and access management run by IT security teams. In the rush to keep things operational, traditional security vetting may not have been as rigorous as usual – with cybercriminals adapting their tactics to take advantage.

Many employees are using their personal devices for two-factor authentication, and they may well have mobile app versions of instant messaging clients, such as Microsoft Teams and Zoom. These blurred lines between personal and professional life increase the risk that sensitive information could fall into the wrong hands.

Therefore, a critical cyber security trend is for organizations to focus on the security challenges of distributed workforces. This means identifying and mitigating new security vulnerabilities, improving systems, implementing security controls, and ensuring proper monitoring and documentation. Read our detailed guide to working from home safely for more information and advice.

2. The Internet of Things (IoT) evolving

The expanding Internet of Things (IoT) creates more opportunities for cybercrime. The Internet of Things refers to physical devices other than computers, phones, and servers, which connect to the internet and share data. Examples of IoT devices include wearable fitness trackers, smart refrigerators, smartwatches, and voice assistants like Amazon Echo and Google Home. It is estimated that by 2026, there will be 64 billion IoT devices installed around the world. The trend towards remote working is helping to drive this increase.

So many additional devices change the dynamics and size of what is sometimes called the cyber-attack surface – that is, the number of potential entry points for malicious actors. Compared to laptops and smartphones, most IoT devices have fewer processing and storage capabilities. This can make it harder to employ firewalls, antivirus, and other security applications to safeguard them. As a result, IoT attacks are amongst the discussed cyber-attack trends. You can read more about IoT security threats here.

3. The rise of ransomware

Ransomware isn’t a new threat – it’s been around for about two decades – but it is a growing one. It’s estimated that there are now over 120 separate families of ransomware, and hackers have become very adept at hiding malicious code. Ransomware is a relatively easy way for hackers to gain financial rewards, which is partly behind its rise. Another factor was the Covid-19 pandemic. The accelerated digitization of many organizations, coupled with remote working, created new targets for ransomware. Both the volume of attacks and the size of demands increased as a result.

Extortion attacks involve criminals stealing a company’s data and then encrypting it so they can’t access it. Afterward, cybercriminals blackmail the organization, threatening to release its private data unless a ransom is paid. The burden of this cyberthreat is significant given the sensitive data at stake as well as the economic impact of paying the ransom.

Ransomware made history in 2020 by contributing to the first reported death relating to a cyber-attack. In this incident, a hospital in Germany was locked out of its systems, leaving it unable to treat patients. A woman in need of urgent care was taken to a neighboring hospital 20 miles away but did not survive.

Ransomware attackers are becoming more sophisticated in their phishing exploits through machine learning and with more coordinated sharing on the dark web. Hackers typically demand payment in cryptocurrencies which are difficult to trace. We can expect to see more ransomware attacks on organizations that are not cyber secure in the near term.

You can read about the most significant ransomware attacks of 2020 here and about different types of ransomware here.

4. Increase in cloud services and cloud security threats

Cloud vulnerability continues to be one of the biggest cyber security industry trends. Again, the rapid and widespread adoption of remote working following the pandemic increased the necessity for cloud-based services and infrastructure drastically, with security implications for organizations.

Cloud services offer a range of benefits – scalability, efficiency, and cost savings. But they are also a prime target for attackers. Misconfigured cloud settings are a significant cause of data breaches and unauthorized access, insecure interfaces, and account hijacking. The average cost of a data breach is $3.86 million, so organizations must take steps to minimize cloud threats.

Aside from data breaches, network security trends and cloud security challenges facing organizations include:

• Ensuring regulatory compliance across jurisdictions
• Providing sufficient IT expertise to handle the demands of cloud computing
• Cloud migration issues
• Dealing with more potential entry points for attackers
• Insider threats – some accidental, some intentional – caused by unauthorized remote access, weak passwords, unsecured networks, and misuse of personal devices

5. Social engineering attacks getting smarter

Social engineering attacks like phishing are not new threats but have become more troubling amid the widespread remote workforce. Attackers target individuals connecting to their employer’s network from home because they make easier targets. As well as traditional phishing attacks on employees, there has also been an uptick in whaling attacks targeting executive organizational leadership.

SMS phishing – sometimes known as ‘smishing’ – is also gaining prominence, thanks to the popularity of messaging apps such as WhatsApp, Slack, Skype, Signal, WeChat, and others. Attackers use these platforms to try to trick users into downloading malware onto their phones.

Another variation is voice phishing – also called ‘vishing’ – which gained prominence in a Twitter hack in 2020. Hackers posing as IT staff called customer service representatives and tricked them into providing access to an important internal tool. Vishing has been used to target numerous companies, including financial institutions and large corporates.

There is also SIM jacking, where fraudsters contact the representatives of the mobile operator of a particular client and convince them that their SIM card is hacked. This makes it necessary to transfer the phone number to another card. If the deception is successful, the cybercriminal gains access to the digital contents of the target’s phone.

Organizations are increasing their protection against phishing, but criminals are always looking for new ways to stay ahead. This includes sophisticated phishing kits which target victims differently depending on their location.

6. Data privacy as a discipline

One of the key data security trends is the rise of data privacy as a discipline in its own right. Numerous high-profile cyber-attacks have led to the exposure of millions of personally identifiable information records (PII). This, coupled with the introduction of stricter data laws worldwide, such as the EU's GDPR, means data privacy is increasingly being prioritized.

Organizations that don’t comply with regulation and consumer expectations run the risk of fines, bad publicity, and losing consumer trust. Data privacy affects almost all aspects of an organization. As a result, organizations are placing more emphasis on recruiting data privacy officers and ensuring role-based access control, multi-factor authentication, encryption in transit and at rest, network segmentation, and external assessments to identify areas of improvement.

7. Multi-factor authentication improving

Multi-factor authentication (MFA) is regarded as the gold standard of authentication. However, malicious actors are finding new ways to bypass it – specifically, authentication carried out via SMS or phone calls. As a result, in 2020, Microsoft advised users to stop using phone-based MFA, recommending instead using app-based authenticators and security keys.

SMS has some in-built security, but the messages sent – including for authentication purposes – are not encrypted. This means malicious actors can carry out automated man-in-the-middle attacks to obtain one-time passcodes in plain text. This presents a vulnerability for activities such as online banking, where authentication is often done via SMS. Increasingly, we will see banks and other organizations turn towards application-based MFA such as Google Authenticator, Authy, and others, to address this issue.

8. Continued rise of artificial intelligence (AI)

The sheer volume of cyber security threats is too much for humans to handle alone. As a result, organizations are increasingly turning to AI and machine learning to hone their security infrastructure. There are cost savings to doing so: organizations that suffered a data breach but had AI technology fully deployed saved an average of $3.58 million in 2020.

AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection. AI also makes it possible to analyze massive quantities of risk data at a much faster pace. This is beneficial both for large companies dealing with vast amounts of data and small or mid-sized companies whose security teams might be under-resourced.

While AI presents a significant opportunity for more robust threat detection among businesses, criminals are also taking advantage of the technology to automate their attacks, using data-poisoning and model-stealing techniques.

The practical applications of AI are still developing – we expect security tools driven by AI and machine learning to continue to grow in sophistication and capability.

10. Mobile cybersecurity becoming front and center

The trend towards remote working is also accelerating the growth of mobile. For remote workers, it’s normal to switch between a range of mobile devices, such as tablets and phones, using public Wi-Finetworks and remote collaboration tools. As a result, mobile threats continue to grow and evolve. The ongoing rollout of 5G technology also creates potential security vulnerabilities which, as they become known, will need to be patched.

Mobile threats include:

• Specialized spyware designed to spy on encrypted messaging applications.
• Criminals exploiting critical security vulnerabilities within Android devices.
• Mobile malware with various possible application scenarios, ranging from Distributed Denial of Service (DDoS) attacks to SMS spam and data theft.

Mobile cybersecurity is a broad topic that covers other elements such as back-end/cloud security, network security, and also a network of more and more connected objects (i.e., the Internet of Things), such as wearables and automotive devices. There is no single method to protect apps in insecure environments – instead, it’s about ensuring additional layers of security to increase the overall level of security. Security specialists are combining mobile software security with hardware-based security solutions to reinforce sensitive data storage.

In this age of accelerated digital transformation, cybercriminals are constantly looking for new ways to target and cause harm to individuals and organizations, which means cybersecurity issues continue to evolve. Using a high-quality antivirus software solution such as Kaspersky Total Security will help you stay safe in the face of the latest cyber threat trends.

Refer: Kaspersky