The economics of supply and demand shape today's cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for a continuation of this trend, with demand for cybersecurity professionals expected to grow steadily through 2018.
Unsurprisingly, cybersecurity salaries reflect this severe talent scarcity. The median annual wages for information security analysts is more than 10% greater than that for all computer occupations, and almost 150% higher than that of all US occupations, according to the Bureau of Labor Statistics. And as high-ranking roles including chief security officers begin reporting directly to CEOs and corporate boards, compensation is likely to jump further.
For those with the right skills and experience, it's a job-seeker's market. But universal demand and negligible supply don't change the fact that cybersecurity is an evolving field. Strategies, threats, and the skills to combat them can and will pivot over the coming months, making it more difficult for candidates to qualify — and stay relevant — for these lucrative opportunities.
Landing the Job, and Rising through the Ranks
Faced with boundless opportunity and constant change, IT professionals need to make strategic choices about their own development to build a long-term cybersecurity career. Here are four areas to keep in mind as you map out your five-year plan:
- Progressive certifications: Technical certifications are valuable for any IT professional hoping to stand out in an applicant pool, and the same rules apply to cybersecurity jobs. For entry-level, midcareer, and executive positions alike, employers increasingly want verification of job-seekers' security chops. Foundational certifications such as CompTIA's Security+ are becoming a prerequisite for anyone starting a cybersecurity career, demonstrating a solid grasp on IT threats, compliance, and identity management — but by no means should your education end there. From the International Information System Security Certification Consortium's Certified Information Systems Security Professional (CISSP) and CompTIA's Cybersecurity Analyst (CSA+) and Advanced Security Practitioner to ethical hacking certifications, there are ample opportunities for training and specialization targeted at more experienced professionals looking to move up the ladder.
- Strategic communication skills: Cybersecurity does not fall only under a CISO or IT department's purview. Responsibility (and accountability) for defending corporate data and devices lies, in part, with end users, C-suites, and boards of directors as well. Cybersecurity experts must be able to communicate effectively with each audience, whether to educate employees about the dangers or secure buy-in for new security investments. To graduate into senior leadership roles, cybersecurity professionals need to demonstrate communication mastery with external audiences. As more organizations become embroiled in data breaches and legal matters (over issues such as encryption), they'll need experts with not only technical smarts but the capacity to navigate crisis communications and public sector partnerships.
- Government clearances: Almost all industries are in need of more cybersecurity manpower, but the public sector is one vertical playing a fervent game of catch-up. Per the Federal Cybersecurity Workforce Strategy released last July, the government is on the hook to more proactively identify internal cybersecurity gaps, better recruit security experts, and develop career paths to retain top talent. Beyond technical certifications, public administration cybersecurity jobs are almost three times as likely to require security clearances than cybersecurity openings in general. Obtaining the appropriate clearances in advance can set a resume apart, and expedite the hiring process.
- Digital forensics: As organizations and governments around the world accept the inevitability of cyberattacks (or, at least, attempts), greater attention and resources must be paid to what happens in their wake. The field of digital forensics — extracting "evidence" from devices and other IT systems to understand, potentially prosecute, and later prevent, cybercrimes — is in need of more than a few good recruits. As threats from state-sponsored actors, organized crime groups and hacktivists rise, the public and private sectors need experts who specialize in reverse-engineering attacks and threat hunting. Professionals who concentrate their training around digital forensics now will be invaluable as the cybersecurity landscape becomes more globalized and litigious.
Despite employers' pressing need for cybersecurity talent, job and promotion-seekers need to take a calculated approach to developing their careers. Tremendous responsibility and generous salaries aren't simply up for grabs — they're the reward for professionals with the most comprehensive, future-proof expertise.