Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

2/23/2017
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Road Map To A $200,000 Cybersecurity Job

Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan.

The economics of supply and demand shape today's cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for a continuation of this trend, with demand for cybersecurity professionals expected to grow steadily through 2018.

Unsurprisingly, cybersecurity salaries reflect this severe talent scarcity. The median annual wages for information security analysts is more than 10% greater than that for all computer occupations, and almost 150% higher than that of all US occupations, according to the Bureau of Labor Statistics. And as high-ranking roles including chief security officers begin reporting directly to CEOs and corporate boards, compensation is likely to jump further.

For those with the right skills and experience, it's a job-seeker's market. But universal demand and negligible supply don't change the fact that cybersecurity is an evolving field. Strategies, threats, and the skills to combat them can and will pivot over the coming months, making it more difficult for candidates to qualify — and stay relevant — for these lucrative opportunities.

Landing the Job, and Rising through the Ranks
Faced with boundless opportunity and constant change, IT professionals need to make strategic choices about their own development to build a long-term cybersecurity career. Here are four areas to keep in mind as you map out your five-year plan:

  1. Progressive certifications: Technical certifications are valuable for any IT professional hoping to stand out in an applicant pool, and the same rules apply to cybersecurity jobs. For entry-level, midcareer, and executive positions alike, employers increasingly want verification of job-seekers' security chops. Foundational certifications such as CompTIA's Security+ are becoming a prerequisite for anyone starting a cybersecurity career, demonstrating a solid grasp on IT threats, compliance, and identity management — but by no means should your education end there. From the International Information System Security Certification Consortium's Certified Information Systems Security Professional (CISSP) and CompTIA's Cybersecurity Analyst (CSA+) and Advanced Security Practitioner to ethical hacking certifications, there are ample opportunities for training and specialization targeted at more experienced professionals looking to move up the ladder.
  2. Strategic communication skills: Cybersecurity does not fall only under a CISO or IT department's purview. Responsibility (and accountability) for defending corporate data and devices lies, in part, with end users, C-suites, and boards of directors as well. Cybersecurity experts must be able to communicate effectively with each audience, whether to educate employees about the dangers or secure buy-in for new security investments. To graduate into senior leadership roles, cybersecurity professionals need to demonstrate communication mastery with external audiences. As more organizations become embroiled in data breaches and legal matters (over issues such as encryption), they'll need experts with not only technical smarts but the capacity to navigate crisis communications and public sector partnerships. 
  3. Government clearances: Almost all industries are in need of more cybersecurity manpower, but the public sector is one vertical playing a fervent game of catch-up. Per the Federal Cybersecurity Workforce Strategy released last July, the government is on the hook to more proactively identify internal cybersecurity gaps, better recruit security experts, and develop career paths to retain top talent. Beyond technical certifications, public administration cybersecurity jobs are almost three times as likely to require security clearances than cybersecurity openings in general. Obtaining the appropriate clearances in advance can set a resume apart, and expedite the hiring process.
  4. Digital forensics: As organizations and governments around the world accept the inevitability of cyberattacks (or, at least, attempts), greater attention and resources must be paid to what happens in their wake. The field of digital forensics — extracting "evidence" from devices and other IT systems to understand, potentially prosecute, and later prevent, cybercrimes — is in need of more than a few good recruits. As threats from state-sponsored actors, organized crime groups and hacktivists rise, the public and private sectors need experts who specialize in reverse-engineering attacks and threat hunting. Professionals who concentrate their training around digital forensics now will be invaluable as the cybersecurity landscape becomes more globalized and litigious.

Despite employers' pressing need for cybersecurity talent, job and promotion-seekers need to take a calculated approach to developing their careers. Tremendous responsibility and generous salaries aren't simply up for grabs — they're the reward for professionals with the most comprehensive, future-proof expertise. 

Related Content:

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
RobAttfield
50%
50%
RobAttfield,
User Rank: Apprentice
2/26/2017 | 12:12:41 AM
Affordability
If only I could afford to do such certifications, I'd be all for it. Having them would really help my chances at a second go in the I.T industry.
kasstri
50%
50%
kasstri,
User Rank: Strategist
2/27/2017 | 10:40:54 AM
Re: keyboard
Having them would really help my chances at a second
Mihap
50%
50%
Mihap,
User Rank: Apprentice
2/27/2017 | 9:29:08 PM
Re: website
The ones that go for the certifications are those that really want to work in that industry. It is useless to go for it if you are not up for that sector.
PaulY656
100%
0%
PaulY656,
User Rank: Apprentice
3/2/2017 | 11:49:12 AM
Well written article, however.....
Your point about securing clearance credentials BEFORE landing a guvmint job is just unrealistic. Do you have any idea how much a TS-SCI clearance costs? There are very few jobs posted that will foot the bill for a clearance if you don't already have one - and the cost is the reason why.
chesteroni
50%
50%
chesteroni,
User Rank: Apprentice
3/3/2017 | 11:36:27 AM
Re: Well written article, however.....
I don't realise. So... how much does it cost to receive such clearance?
utsec12
50%
50%
utsec12,
User Rank: Apprentice
3/3/2017 | 1:27:17 PM
Good tips!
In my view, #2, and #4 are the most important.  For any InfoSec professional to rise to the $200K mark, has to be a good communicator, negotiator, and very organized (strategically speaking).  You have to be able to understand the industry/business goals (C-Suite) and align with these.  And have the experience (technical) like in #4.  I don't think anyone can just decide to pay for a TS clearance.  
JosephM852
50%
50%
JosephM852,
User Rank: Apprentice
3/13/2017 | 1:44:48 AM
Great
Get certs, work hard, get experience. Mind-boggling advice.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17537
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
CVE-2019-17538
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
CVE-2019-17535
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17536
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17533
PUBLISHED: 2019-10-13
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.