Software applications, networks, and endpoints are all vulnerable to cyber attacks and require the knowledge and skills of cybersecurity professionals to stay secure.
As cybersecurity threats are increasing, there’s a shortage of cybersecurity talent in the market, creating increasing demand for experienced pros.
See below to learn all about the state of the cybersecurity job market, from opportunities to what it takes to succeed in the field:
The market for jobs in cybersecurity
The need for security analysts alone is projected to increase 33% from an estimated 141,200 positions in 2020 to 188,300 by 2030, according to the U.S. Bureau of Labor Statistics.
Cybersecurity professionals work in several core fields: infrastructure security; application security; network security; cloud security; and Internet of Things (IoT) security.
(ISC)² recently announced the creation of a new education program aimed at individuals looking to complete one of their entry-level cybersecurity certification exams. The move is intended to address their assertion that there is a cybersecurity talent shortage exceeding 2.7 million.
ISSA says that more than 57% of organizations are being impacted by a lack of skilled cybersecurity professionals.
Also influencing the cybersecurity job market is the increasing attention to standards, guidelines, and best practices that are making the move from “nice to have” to “need to have,” with questions of legal liability and responsibility being raised. Reviewing the cybersecurity mandate of the National Institute of Standards and Technology (NIST) demonstrates the direction of the cybersecurity market for U.S. industry and federal agencies.
Job types
Many career paths are available for individuals wanting to work in the cybersecurity market. These are some examples of common positions related to cybersecurity and their focus:
Position | Focus |
Security analyst |
Monitor devices and networks for security issues Install and maintain security-related software |
Security engineer | Plan, design, and build the requisite tools used to monitor and protect the security of information, networks, and devices |
Security manager |
Ensure the protection of assets and employees from security threats May also be responsible for budgeting and HR-related tasks |
Security consultant |
Analyze and assess the current security measures being used by an organization Recommend solutions to protect against possible threats and breaches |
Chief information security officer | High-level administrator responsible for overseeing all policies and infrastructure related to security and privacy |
Cryptographer | Responsible for securing networks and software applications by creating methods to encrypt data |
Penetration tester | Work to identify vulnerabilities by performing simulated attacks on existing systems |
Security architect | Plan, research, design, and implement security architecture |
Data protection engineer |
Ensure data is stored securely Maintain and test infrastructures used to generate and store data Ensure data is in a format that can be analyzed and queried as needed |
Education
Most professionals working in cybersecurity have a bachelor’s degree in computer science or information science. But this is not necessarily a requirement, as experience in this field is highly valued.
With a growing need to address the increasing number of cybersecurity threats, the need for security-skilled IT professionals is critical. So much so that in the fall of 2021, Microsoft launched a national campaign with U.S. community colleges to train 250,000 people in this field by 2025.
Certifications
Cybersecurity-related certifications are an option for individuals looking to supplement their education or professionals already working in IT who want to demonstrate their competence in an area.
The most in-demand cybersecurity certifications include:
- (ISC)² Certified Information Systems Security Professional (CISSP)
- ISACA Certified Information Systems Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
- CompTIA Security+
- EC-Council Certified Ethical Hacker (CEH)
- GIAC Security Essentials Certification (GSEC)
- (ISC)² Systems Security Certified Practitioner (SSCP)
- CompTIA Advanced Security Practitioner (CASP+)
- GIAC Certified Incident Handler (GCIH)
- Offensive Security Certified Professional (OSCP)
Openings
Many cybersecurity-related positions are currently being recruited for, including:
- Cybersecurity engineer
- Security operations center analyst
- Threat analyst
- Cybersecurity incident handler
- Vulnerability analyst
- Cybersecurity forensics analyst
- Cybersecurity risk and compliance analyst
- Data protection engineer
Salaries
The following table contains the median annual salaries for a sampling of cybersecurity-related positions, estimated by Glassdoor:
Position | Median Salary |
Security analyst | $99,275 |
Security engineer | $107,446 |
Security manager | $74,453 |
Security consultant | $99,000 |
Chief information security officer | $173,705 |
Cryptographer | $52,522 |
Penetration tester | $102,405 |
Security architect | $126,981 |
Data protection engineer | $109,717 |
Conclusions
To date, two primary factors have influenced the lack of qualified cybersecurity professionals: lack of relevant education and lower-than-expected salaries.
These two shortfalls are being addressed, as organizations see the value of protection from data breaches and cyber attacks against resources.
This need became amplified in 2020 when the pandemic shifted many workers into needing remote access to networks and data. Demand continues to grow and evolve with the increasing importance of cloud, edge, and IoT security.