Sakorn Sukkasemsakorn | Istock | Getty Images
Strong demand for cybersecurity workers is continuing even as big technology companies lay off thousands of employees.
That’s not a big surprise, as cybersecurity is seen as one of the more resilient areas for tech investment in a more cautious economic environment — though even it is not immune from the tech sector slowdown. But it is an area for young professionals, college students, and workers looking to make career transitions to focus on as the tech sector’s labor force contracts significantly for the first time in a decade, from the largest companies to the venture-backed startup community.
There were 755,743 online job postings in cybersecurity as of December, according to new research from cybersecurity workforce analytics site CyberSeek, created through a partnership of the National Initiative for Cybersecurity Education, CompTIA, and labor market research firm Lightcast. That did represent a year over year decline in postings, from 769,736 in the 12-month period ending December 2021. But with a supply-demand ratio currently at 68 workers per 100 job openings, the nearly 530,000 additional cybersecurity workers needed in the U.S. went up year over year.
The researchers say the data reinforces a trend that has existed for years now and will persist: the shortage of cyber talent. If all those positions are filled, that’s a labor force positioned for huge growth. The total number of employed cybersecurity workers was estimated at 1.1 million, steady year over year.
Here are the top things to know about pursuing a career in cybersecurity.
How to ‘major’ in cybersecurity during college
When looking for a job, you’re guaranteed to be asked what major you studied in college. While cybersecurity is not a common major for colleges to offer, there are a large range of related majors that can make you a potential candidate for a job in this field. The most obvious comps are computer science, information technology, software development, and even business management.
“The more that you can find either courses or other educational opportunities while you’re in school, to learn both the fundamentals of IT and the fundamentals of cybersecurity, as well as some of the specific high-value, high growth skills that employers are increasingly demanding, that’s going to best set you up for success when you enter the job market,” said Will Markow, vice president of applied research at Lightcast.
However, it’s not as much about a specific major studied as the skills which employers are attempting to identify.
The question that candidates need to be prepared to answer isn’t what they majored in, but, “What have you learned during your degree that prepares you for a career in cybersecurity?” Markow said.
Technical skills in information security theories, network administration, and IT is some of the primary knowledge that candidates need, while strong soft skills like communication and collaboration are additionally important. But whether you are a college student or graduate already in the job market, there are plenty of other opportunities to gain the skills you need to enter this field, primarily through certifications.
Non-profit trade association CompTIA’s Security+ is the most in-demand entry level credential for cybersecurity professionals, according to Markow. By receiving the Security+ certification, CompTIA states that professionals will acquire the skills to assess an environment’s security, monitor hybrid environments, respond to security events and more. Other commonly requested certifications are EC-Council’s Certified Ethical Hacker training and GIAC’s Security Essentials (GSEC) training.
“Cybersecurity is a heavily sophisticated field, and employers place a lot of weight on certain credentials,” Markow said.
Some of the most common entry-level positions include cybersecurity analysts, cybersecurity technician specialists, and cybercrime analysts. These positions focus more on what is defined as reactive work, for example, learning about the types of threats that organizations are facing, and identifying when threats need to be investigated and remediated.
As professionals progress in a cybersecurity career, the goal is to gradually take on more proactive work helping organizations design secure digital infrastructure.
There are many opportunities for existing tech professionals to make the move into this field, with common launch pads including other IT roles such as network administration, software development, systems engineering and even IT support; and by targeting the lower-level cyber positions.
“Since those roles often have lower barriers to entry than some of the more advanced positions in the field, and if you are able to target one of the certifications and obtain one of those entry level certifications from CompTIA, or other providers, then you will have the greatest chance of finding an opportunity in one of those roles,” Markow said.
The approach of first entering through the broader IT job market can work for new labor force entrants as well. “If you’re starting from complete scratch, it’s often useful to target some of those positions that can serve as launching pads into the core cybersecurity roles,” Markow said.
Cybersecurity jobs pay well, too.
The average salary ranges between $100,000-$120,000.
There are going to be differences in pay based on experience level, as well as the specific role.
“You probably won’t start at $110,000,” Markow said. “You might start somewhere in the $70,000-$90,000 range, depending on what part of the country you’re in. But as you gain experience in and advance within cybersecurity, the salaries become progressively larger and more appealing.”
Where the jobs are concentrated also varies region to region, and by sector. The new research found public sector cybersecurity job demand growing by 25% to 45,708 postings in 2022, a faster growth rate than in the private sector, but still far fewer jobs overall compared to the private sector’s 710,035 listings. Lightcast says that public sector job demand trend isn’t a one-year phenomenon, growing by 58% over the past three years in all. Related to that, the Washington, D.C. metro area accounted for 19% of all public sector domestic cybersecurity job listings.