Sakorn Sukasemsakorn | Istock | Getty Images
Demand for cybersecurity workers continues to be high, even as major tech companies lay off thousands of employees.
This isn’t much of a surprise, as cybersecurity is seen as one of the most resilient areas for technology investment in a more cautious economic environment — though even it isn’t immune to a slowdown in the tech sector. But it’s an area for young professionals, college students and workers looking to change careers to focus on as the tech workforce shrinks significantly for the first time in a decade, from the biggest companies to the venture-backed startup community.
As of December, 755,743 cybersecurity job postings were posted online, according to new research from cybersecurity analytics site CyberSeek, a partnership between the National Cybersecurity Education Initiative, CompTIA and labor market research firm Lightcast. This did represent a year-on-year decline in job openings from 769,736 in the 12-month period ending in December 2021. But with a current supply-demand ratio of 68 workers for every 100 openings, the nearly 530,000 additional cybersecurity workers needed in the U.S. have gone year-over-year.
Researchers say the data confirms a trend that has been around for years and will continue: a shortage of cyber talent. When all these positions are filled, this is a workforce that is in for a huge boost. The total number of people employed in cybersecurity is estimated to be 1.1 million, stable year over year.
Here are the essential things to know about a career in cybersecurity.
How to “Major” in Cyber Security in College
When looking for a job, you’re guaranteed to be asked what major you studied in college. While cybersecurity is not a common college major, there are a number of related majors that can make you a potential candidate for a job in the field. The most obvious compositions are computer science, information technology, software development, and even business management.
“Especially because while at school you can find courses or other educational opportunities to learn both the fundamentals of IT and the fundamentals of cyber security, as well as some specific high-value, high-growth skills that employers are increasingly demanding, it will best prepare set you up for success when you enter the job market,” said Will Markow, Lightcast’s vice president of applied research.
However, it’s not so much about the specific specialty, but about the skills that employers are trying to identify.
The question candidates should be prepared to answer isn’t what they earned, but rather, “What did you learn during your degree that prepared you for a career in cybersecurity?” said Markov.
Acquiring technical skills after college
Technical skills in information security, network administration and IT theories are among the core knowledge required by candidates, while strong software skills such as communication and collaboration are additionally important. But whether you’re a college student or a recent graduate, there are many other opportunities to gain the skills you need to enter the field, primarily through certifications.
According to Markov, the nonprofit trade association CompTIA’s Security+ is the most sought-after entry-level account for cybersecurity professionals. By earning the Security+ certification, CompTIA says professionals will gain skills in environmental security assessment, hybrid environment monitoring, security incident response, and more. Other frequently requested certifications are EC Council Certified Ethical Hacker Training and GIAC Essentials of Security (GSEC).
“Cybersecurity is a very complex field, and employers place a lot of weight on certain credentials,” Markow said.
How to start a job search
Some of the more common entry-level positions include cybersecurity analysts, cybersecurity specialists, and cybercrime analysts. These positions focus more on what is defined as reactive work, such as studying the types of threats organizations face and determining when threats need to be investigated and remedied.
As cybersecurity professionals advance, the goal is to gradually take on a more active role in helping organizations develop a secure digital infrastructure.
There are many opportunities for existing technical professionals to make the move into this field, with common launching pads including other IT roles such as network administration, software development, systems engineering and even IT support; and targeting lower level cyber positions.
“Because these roles often have lower barriers to entry than some of the more advanced positions in the industry, and if you can target one of the certifications and get one of those entry-level certifications from CompTIA or other vendors, then you’ll have the best chance of finding an opportunity in one of those roles,” Markov said.
A first-time approach to the vast IT job market can work for new entrants to the workforce, too. “When you’re starting from scratch, it’s often helpful to target some of those positions that can serve as a launching pad for major cybersecurity roles,” Markov said.
The job will often pay more than $100,000
Cyber security jobs also pay well.
The median salary ranges from $100,000 to $120,000.
There will be differences in pay depending on the level of experience as well as the specific role.
“You’re probably not going to start with $110,000,” Markov said. “You can start in the $70,000 to $90,000 range, depending on what part of the country you’re in. But as you gain experience and progress in cyber security, the salaries become bigger and more attractive.”
Locations of job concentrations also vary from region to region and by sector. Demand for cybersecurity jobs in the public sector will grow by 25% to 45,708 in 2022, new research has found. That’s a faster growth rate than the private sector, but far fewer jobs overall compared to the 710,035 private sector postings. Lightcast says the trend in public sector job demand is not a one-year phenomenon, with a 58% increase over the past three years. As a result, the Washington, DC metro area accounted for 19% of all public sector cybersecurity job listings.