Recession fears notwithstanding, cybersecurity skills — both credentialed and noncredentialed — continue to attract higher pay and more job security.

4 Min Read
cybersecurity job skills
Source: Frances Roberts via Alamy

Company executives continue to voice concerns that a recession is likely in 2023, but cybersecurity professionals — along with IT workers and developers with cybersecurity knowledge — appear well-positioned to weather an economic downturn, according to technology-job experts.

Overall, professional certifications have provided declining salary premiums since 2018, but information security certifications continue to command significantly above-average pay premiums, according to an analysis of more than 4,000 employers in the US and Canada by Foote Partners LLC. Cybersecurity-related skills — such as AWS Certified Security, GIAC Certified Incident Handler, and Okta Certified Developer — make up more than half of the "winner" skills, those that have attracted the most pay and have gained the most in market value.

Noncertified security skills — such as cryptography, DevSecOps, and risk analytics — also attract high premiums, says Bill Reynolds, research director at Foote Partners.

"Obviously, security skills and certs are still commanding cash premiums beyond salary at the 4,057 employers [we surveyed] in the US and Canada," he says. "That’s a pretty large sample for a survey, so it’s quite meaningful."

Positioned to Withstand Recession?

The robustness of the cybersecurity job market comes as company executives continue to worry about a recession in 2023. The vast majority of company executives (83%) expect a recession in 2023 — as do 82% of investors, according to another online survey — and about half of organizations are pre-emptively cutting expenses. In many cases, that means layoffs. In the cybersecurity industry, nearly a score of companies have cut workers in the last three months, according to tracking site

The fears of a downturn have even affected the valuations of startup companies in the cybersecurity industry.

Because of the difficulty in hiring and retaining knowledgeable cybersecurity workers, however, layoffs will likely come from less-technical groups, leaving knowledgeable cybersecurity workers. In fact, the majority of companies (60%) still planned to increase the head count of their IT departments as of July 2022, according to the IT Spending and Staffing Benchmarks 2022/2023 report published by Computer Economics.

"Expected growth is modest, but this is an indication that IT organizations cannot simply rely on increased efficiency from the cloud and virtualization for growth," the report stated. "Some hiring will still need to be done."

Cybersecurity Skills Fetch a Premium

Overall, cybersecurity workers remain in demand, with 770,000 positions currently unfilled, compared with a cybersecurity workforce of 1.1 million — a 69% shortfall in workers, according to data from the CyberSeek project. The gap between supply and demand is much greater than the 7.4% for the Businesses and Professional Services industry and the 6.9% gap in the Information sector, according to the US Bureau of Labor Statistics.

Workers with specific cybersecurity skills will continue to see opportunities, according to Foote Partners 2022 Tech Compensation Survey Reports. Ten of the 17 skills listed on the firm's IT Winners list, which includes skills that command an above-average premium and which have seen those premiums accelerate in the past few months, are security-related. The same criteria for noncertified IT skills show that 10 of 39 are security-related.

GIAC Certified Forensics Analyst (GCFA), InfoSys Security Engineering Professional, and Okta Certified Developers each have an average pay premium of 12% over base pay, according to Foote's data. For noncertification-based skills, security auditing, cryptography, and identity and access management each had an 18% premium over base pay.

What else is important? Soft skills, says Foote's Reynolds. A worker's ability to collaborate, deal with stress, manage time, have passion for the work, ability to listen, and include others all matter a great deal, he says.

These are "things that have nothing to do with certifications and this appears to be gaining in importance," he says.

Avoid "Alphabet Soup" of Certifications

Workers should take care to not collect certifications, as hiring managers and recruiters are wary of an alphabet soup of certifications on applicants' resumes, according to a recent Axios brief.

Foote's Reynolds agrees. Just because workers with a particular certificate get a pay premium isn't the right reason to get the certificate.

"It's like the argument of whether a college degree is mandatory for job consideration," he says. "Just because you have a college degree doesn't mean you're qualified for a particular job. It's more about what you've done with that college degree on the job. Tangible, measurable experience matters a lot."

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights