Anyone thinking about a career move might want to give the cybersecurity market a look — or a second look for those already in it. The statistics paint an encouraging employment picture.
Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, according to the "Cybercrime Report" by the editors at Cybersecurity Ventures. That's up from $3 trillion in 2015, which is fueling a burgeoning market, with cybersecurity spending expected to reach more than $1 trillion cumulatively from 2017 to 2021.
In 2014 there were 1 million unfilled cybersecurity jobs globally, according to Cisco. By 2021 that number will grow to 3.5 million openings. The cybersecurity unemployment rate has plummeted to 0%, and it's expected to remain there for the next several years. Near term, we expect the world to employ 6 million cybersecurity workers by 2019. There's also a shortfall of cyber defenders at organizations of all sizes and types, ranging from Fortune 500 and Global 2000 corporations to small-to-midsize businesses to governments and schools globally.
The labor crunch has intensified over the past year, with more than 200 cybersecurity startups raising venture capital — much of that intended for new hires. VC funding shows no signs of slowing down in 2018 or in the foreseeable future.
There's also a sound argument that every IT position should also be a cybersecurity position — and that all IT workers should have some level of responsibility for protecting and defending apps, data, devices, infrastructure, and people. If so, then the workforce shortage is even worse than the data suggests.
Estimates from various sources suggest somewhere between 50% to 70% of large companies globally have a dedicated CISO (chief information security officer) today. The most recent "Annual Cybersecurity Jobs Report" (2017 edition) from Cybersecurity Ventures posits that 100% of large companies globally will have a CISO by 2021.
Given the scarcity of experienced people to fill these positions, there will be a lot of first-time CISOs heading up security for their employers over the next decade, an altogether different problem. But this does remove some barriers in the way of climbing the corporate security ladder.
Developing skill sets in specific technical domains is the best way to boost one's salary. Threat intelligence, security software development, cloud, auditing, and big data analysis are some of the hot skills that may lead to a pay raise, according to (ISC)², a non-profit organization that provides education and certification for security professionals.
Or, switching into sales, going to work as a cybersecurity sales engineer could lead to a bump in pay by as much as 50%. Some sales engineers earn upward of $200,000 annually.
CISOs command the top pay, which is expected to average more than $240,000 annually in 2018, according to according to Robert Half Technology's 2018 Salary Guide. The highest cybersecurity salaries are between $350,000 and $400,000 for CISOs in cities such as San Francisco and New York.
Lack of Interest
Expanding the pipeline of candidates is critical for any industry dealing with a workforce shortage. The cybersecurity labor crisis may be due in part to a lack of interest in the field. A 2017 survey by the University of Phoenix says it's not a field that attracts job applicants. "Eighty percent of respondents said [they] have no interest in pursuing a career in cybersecurity," said Dennis Bonilla, executive dean of the College of Information System and Technology at the University of Phoenix, in an interview with WNCN, a CBS local news station in North Carolina. According to a study by Raytheon, less than half of high school students have been approached by a parent, teacher, or guidance counselor about an education or career in cybersecurity.
A lack of interest in cybersecurity careers can't be quantified by one or two surveys. Other data suggests there's growing interest from students entering college, and IT workers thinking about cybersecurity as an upgrade to their current positions. There are more than 125 colleges and universities in the US alone offering a master's degree in cybersecurity. Dozens of those programs offer online-only classes and degrees, so even students who can't attend in person can get a degree.
The cybersecurity numbers add up to a lucrative field that desperately needs more people.