Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

2/23/2017
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Road Map To A $200,000 Cybersecurity Job

Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan.

The economics of supply and demand shape today's cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for a continuation of this trend, with demand for cybersecurity professionals expected to grow steadily through 2018.

Unsurprisingly, cybersecurity salaries reflect this severe talent scarcity. The median annual wages for information security analysts is more than 10% greater than that for all computer occupations, and almost 150% higher than that of all US occupations, according to the Bureau of Labor Statistics. And as high-ranking roles including chief security officers begin reporting directly to CEOs and corporate boards, compensation is likely to jump further.

For those with the right skills and experience, it's a job-seeker's market. But universal demand and negligible supply don't change the fact that cybersecurity is an evolving field. Strategies, threats, and the skills to combat them can and will pivot over the coming months, making it more difficult for candidates to qualify — and stay relevant — for these lucrative opportunities.

Landing the Job, and Rising through the Ranks
Faced with boundless opportunity and constant change, IT professionals need to make strategic choices about their own development to build a long-term cybersecurity career. Here are four areas to keep in mind as you map out your five-year plan:

  1. Progressive certifications: Technical certifications are valuable for any IT professional hoping to stand out in an applicant pool, and the same rules apply to cybersecurity jobs. For entry-level, midcareer, and executive positions alike, employers increasingly want verification of job-seekers' security chops. Foundational certifications such as CompTIA's Security+ are becoming a prerequisite for anyone starting a cybersecurity career, demonstrating a solid grasp on IT threats, compliance, and identity management — but by no means should your education end there. From the International Information System Security Certification Consortium's Certified Information Systems Security Professional (CISSP) and CompTIA's Cybersecurity Analyst (CSA+) and Advanced Security Practitioner to ethical hacking certifications, there are ample opportunities for training and specialization targeted at more experienced professionals looking to move up the ladder.
  2. Strategic communication skills: Cybersecurity does not fall only under a CISO or IT department's purview. Responsibility (and accountability) for defending corporate data and devices lies, in part, with end users, C-suites, and boards of directors as well. Cybersecurity experts must be able to communicate effectively with each audience, whether to educate employees about the dangers or secure buy-in for new security investments. To graduate into senior leadership roles, cybersecurity professionals need to demonstrate communication mastery with external audiences. As more organizations become embroiled in data breaches and legal matters (over issues such as encryption), they'll need experts with not only technical smarts but the capacity to navigate crisis communications and public sector partnerships. 
  3. Government clearances: Almost all industries are in need of more cybersecurity manpower, but the public sector is one vertical playing a fervent game of catch-up. Per the Federal Cybersecurity Workforce Strategy released last July, the government is on the hook to more proactively identify internal cybersecurity gaps, better recruit security experts, and develop career paths to retain top talent. Beyond technical certifications, public administration cybersecurity jobs are almost three times as likely to require security clearances than cybersecurity openings in general. Obtaining the appropriate clearances in advance can set a resume apart, and expedite the hiring process.
  4. Digital forensics: As organizations and governments around the world accept the inevitability of cyberattacks (or, at least, attempts), greater attention and resources must be paid to what happens in their wake. The field of digital forensics — extracting "evidence" from devices and other IT systems to understand, potentially prosecute, and later prevent, cybercrimes — is in need of more than a few good recruits. As threats from state-sponsored actors, organized crime groups and hacktivists rise, the public and private sectors need experts who specialize in reverse-engineering attacks and threat hunting. Professionals who concentrate their training around digital forensics now will be invaluable as the cybersecurity landscape becomes more globalized and litigious.

Despite employers' pressing need for cybersecurity talent, job and promotion-seekers need to take a calculated approach to developing their careers. Tremendous responsibility and generous salaries aren't simply up for grabs — they're the reward for professionals with the most comprehensive, future-proof expertise. 

Related Content:

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
RobAttfield
50%
50%
RobAttfield,
User Rank: Apprentice
2/26/2017 | 12:12:41 AM
Affordability
If only I could afford to do such certifications, I'd be all for it. Having them would really help my chances at a second go in the I.T industry.
kasstri
50%
50%
kasstri,
User Rank: Strategist
2/27/2017 | 10:40:54 AM
Re: keyboard
Having them would really help my chances at a second
Mihap
50%
50%
Mihap,
User Rank: Apprentice
2/27/2017 | 9:29:08 PM
Re: website
The ones that go for the certifications are those that really want to work in that industry. It is useless to go for it if you are not up for that sector.
PaulY656
100%
0%
PaulY656,
User Rank: Apprentice
3/2/2017 | 11:49:12 AM
Well written article, however.....
Your point about securing clearance credentials BEFORE landing a guvmint job is just unrealistic. Do you have any idea how much a TS-SCI clearance costs? There are very few jobs posted that will foot the bill for a clearance if you don't already have one - and the cost is the reason why.
chesteroni
50%
50%
chesteroni,
User Rank: Apprentice
3/3/2017 | 11:36:27 AM
Re: Well written article, however.....
I don't realise. So... how much does it cost to receive such clearance?
utsec12
50%
50%
utsec12,
User Rank: Apprentice
3/3/2017 | 1:27:17 PM
Good tips!
In my view, #2, and #4 are the most important.  For any InfoSec professional to rise to the $200K mark, has to be a good communicator, negotiator, and very organized (strategically speaking).  You have to be able to understand the industry/business goals (C-Suite) and align with these.  And have the experience (technical) like in #4.  I don't think anyone can just decide to pay for a TS clearance.  
JosephM852
50%
50%
JosephM852,
User Rank: Apprentice
3/13/2017 | 1:44:48 AM
Great
Get certs, work hard, get experience. Mind-boggling advice.
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.