Careers & People

2/23/2017
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Road Map To A $200,000 Cybersecurity Job

Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan.

The economics of supply and demand shape today's cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for a continuation of this trend, with demand for cybersecurity professionals expected to grow steadily through 2018.

Unsurprisingly, cybersecurity salaries reflect this severe talent scarcity. The median annual wages for information security analysts is more than 10% greater than that for all computer occupations, and almost 150% higher than that of all US occupations, according to the Bureau of Labor Statistics. And as high-ranking roles including chief security officers begin reporting directly to CEOs and corporate boards, compensation is likely to jump further.

For those with the right skills and experience, it's a job-seeker's market. But universal demand and negligible supply don't change the fact that cybersecurity is an evolving field. Strategies, threats, and the skills to combat them can and will pivot over the coming months, making it more difficult for candidates to qualify — and stay relevant — for these lucrative opportunities.

Landing the Job, and Rising through the Ranks
Faced with boundless opportunity and constant change, IT professionals need to make strategic choices about their own development to build a long-term cybersecurity career. Here are four areas to keep in mind as you map out your five-year plan:

  1. Progressive certifications: Technical certifications are valuable for any IT professional hoping to stand out in an applicant pool, and the same rules apply to cybersecurity jobs. For entry-level, midcareer, and executive positions alike, employers increasingly want verification of job-seekers' security chops. Foundational certifications such as CompTIA's Security+ are becoming a prerequisite for anyone starting a cybersecurity career, demonstrating a solid grasp on IT threats, compliance, and identity management — but by no means should your education end there. From the International Information System Security Certification Consortium's Certified Information Systems Security Professional (CISSP) and CompTIA's Cybersecurity Analyst (CSA+) and Advanced Security Practitioner to ethical hacking certifications, there are ample opportunities for training and specialization targeted at more experienced professionals looking to move up the ladder.
  2. Strategic communication skills: Cybersecurity does not fall only under a CISO or IT department's purview. Responsibility (and accountability) for defending corporate data and devices lies, in part, with end users, C-suites, and boards of directors as well. Cybersecurity experts must be able to communicate effectively with each audience, whether to educate employees about the dangers or secure buy-in for new security investments. To graduate into senior leadership roles, cybersecurity professionals need to demonstrate communication mastery with external audiences. As more organizations become embroiled in data breaches and legal matters (over issues such as encryption), they'll need experts with not only technical smarts but the capacity to navigate crisis communications and public sector partnerships. 
  3. Government clearances: Almost all industries are in need of more cybersecurity manpower, but the public sector is one vertical playing a fervent game of catch-up. Per the Federal Cybersecurity Workforce Strategy released last July, the government is on the hook to more proactively identify internal cybersecurity gaps, better recruit security experts, and develop career paths to retain top talent. Beyond technical certifications, public administration cybersecurity jobs are almost three times as likely to require security clearances than cybersecurity openings in general. Obtaining the appropriate clearances in advance can set a resume apart, and expedite the hiring process.
  4. Digital forensics: As organizations and governments around the world accept the inevitability of cyberattacks (or, at least, attempts), greater attention and resources must be paid to what happens in their wake. The field of digital forensics — extracting "evidence" from devices and other IT systems to understand, potentially prosecute, and later prevent, cybercrimes — is in need of more than a few good recruits. As threats from state-sponsored actors, organized crime groups and hacktivists rise, the public and private sectors need experts who specialize in reverse-engineering attacks and threat hunting. Professionals who concentrate their training around digital forensics now will be invaluable as the cybersecurity landscape becomes more globalized and litigious.

Despite employers' pressing need for cybersecurity talent, job and promotion-seekers need to take a calculated approach to developing their careers. Tremendous responsibility and generous salaries aren't simply up for grabs — they're the reward for professionals with the most comprehensive, future-proof expertise. 

Related Content:

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JosephM852
50%
50%
JosephM852,
User Rank: Apprentice
3/13/2017 | 1:44:48 AM
Great
Get certs, work hard, get experience. Mind-boggling advice.
utsec12
50%
50%
utsec12,
User Rank: Apprentice
3/3/2017 | 1:27:17 PM
Good tips!
In my view, #2, and #4 are the most important.  For any InfoSec professional to rise to the $200K mark, has to be a good communicator, negotiator, and very organized (strategically speaking).  You have to be able to understand the industry/business goals (C-Suite) and align with these.  And have the experience (technical) like in #4.  I don't think anyone can just decide to pay for a TS clearance.  
chesteroni
50%
50%
chesteroni,
User Rank: Apprentice
3/3/2017 | 11:36:27 AM
Re: Well written article, however.....
I don't realise. So... how much does it cost to receive such clearance?
PaulY656
100%
0%
PaulY656,
User Rank: Apprentice
3/2/2017 | 11:49:12 AM
Well written article, however.....
Your point about securing clearance credentials BEFORE landing a guvmint job is just unrealistic. Do you have any idea how much a TS-SCI clearance costs? There are very few jobs posted that will foot the bill for a clearance if you don't already have one - and the cost is the reason why.
Mihap
50%
50%
Mihap,
User Rank: Apprentice
2/27/2017 | 9:29:08 PM
Re: website
The ones that go for the certifications are those that really want to work in that industry. It is useless to go for it if you are not up for that sector.
kasstri
50%
50%
kasstri,
User Rank: Strategist
2/27/2017 | 10:40:54 AM
Re: keyboard
Having them would really help my chances at a second
RobAttfield
50%
50%
RobAttfield,
User Rank: Apprentice
2/26/2017 | 12:12:41 AM
Affordability
If only I could afford to do such certifications, I'd be all for it. Having them would really help my chances at a second go in the I.T industry.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
CVE-2018-12632
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
CVE-2018-12581
PUBLISHED: 2018-06-21
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
CVE-2018-12613
PUBLISHED: 2018-06-21
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attack...