Operations

2/1/2018
10:30 AM
Steve Morgan
Steve Morgan
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
100%
0%

Thinking about a Career Move in Cybersecurity?

The numbers show career opportunities for cyber defenders.

Anyone thinking about a career move might want to give the cybersecurity market a look — or a second look for those already in it. The statistics paint an encouraging employment picture.

Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, according to the "Cybercrime Report" by the editors at Cybersecurity Ventures. That's up from $3 trillion in 2015, which is fueling a burgeoning market, with cybersecurity spending expected to reach more than $1 trillion cumulatively from 2017 to 2021.

Unfilled Positions
In 2014 there were 1 million unfilled cybersecurity jobs globally, according to Cisco. By 2021 that number will grow to 3.5 million openings. The cybersecurity unemployment rate has plummeted to 0%, and it's expected to remain there for the next several years. Near term, we expect the world to employ 6 million cybersecurity workers by 2019. There's also a shortfall of cyber defenders at organizations of all sizes and types, ranging from Fortune 500 and Global 2000 corporations to small-to-midsize businesses to governments and schools globally.

Situation Worsening
The labor crunch has intensified over the past year, with more than 200 cybersecurity startups raising venture capital — much of that intended for new hires. VC funding shows no signs of slowing down in 2018 or in the foreseeable future.

There's also a sound argument that every IT position should also be a cybersecurity position — and that all IT workers should have some level of responsibility for protecting and defending apps, data, devices, infrastructure, and people. If so, then the workforce shortage is even worse than the data suggests.

CISO Demand
Estimates from various sources suggest somewhere between 50% to 70% of large companies globally have a dedicated CISO (chief information security officer) today. The most recent "Annual Cybersecurity Jobs Report" (2017 edition) from Cybersecurity Ventures posits that 100% of large companies globally will have a CISO by 2021.

Given the scarcity of experienced people to fill these positions, there will be a lot of first-time CISOs heading up security for their employers over the next decade, an altogether different problem. But this does remove some barriers in the way of climbing the corporate security ladder.

Salary Outlook
Developing skill sets in specific technical domains is the best way to boost one's salary. Threat intelligence, security software development, cloud, auditing, and big data analysis are some of the hot skills that may lead to a pay raise,  according to (ISC)², a non-profit organization that provides education and certification for security professionals. 

Or, switching into sales, going to work as a cybersecurity sales engineer could lead to a bump in pay by as much as 50%. Some sales engineers earn upward of $200,000 annually.

CISOs command the top pay, which is expected to average more than $240,000 annually in 2018, according to according to Robert Half Technology's 2018 Salary Guide. The highest cybersecurity salaries are between $350,000 and $400,000 for CISOs in cities such as San Francisco and New York.

Lack of Interest
Expanding the pipeline of candidates is critical for any industry dealing with a workforce shortage. The cybersecurity labor crisis may be due in part to a lack of interest in the field. A 2017 survey by the University of Phoenix says it's not a field that attracts job applicants. "Eighty percent of respondents said [they] have no interest in pursuing a career in cybersecurity," said Dennis Bonilla, executive dean of the College of Information System and Technology at the University of Phoenix, in an interview with WNCN, a CBS local news station in North Carolina. According to a study by Raytheon, less than half of high school students have been approached by a parent, teacher, or guidance counselor about an education or career in cybersecurity.

Higher Education
A lack of interest in cybersecurity careers can't be quantified by one or two surveys. Other data suggests there's growing interest from students entering college, and IT workers thinking about cybersecurity as an upgrade to their current positions. There are more than 125 colleges and universities in the US alone offering a master's degree in cybersecurity. Dozens of those programs offer online-only classes and degrees, so even students who can't attend in person can get a degree.

The cybersecurity numbers add up to a lucrative field that desperately needs more people.

Related Content:

Steve Morgan is the founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jmrazik982
100%
0%
jmrazik982,
User Rank: Apprentice
2/21/2018 | 1:58:42 PM
Re: Career change
Great, you have a piece of paper. Now go do what ALL IT people do, get your foot in the door somewhere.

That likely means you need to apply to jobs like NOC tech and cut your teeth in the trenches.

It will be less than you expected, but until you can demonstrate something to somebody, you are merely a paper tiger.

I would not settle back into your old career, that is foolish and wastes all the time and energy you have thus far applied.

So you should apply for jobs like a NOC, Desktop/System Administrator and look for internships in that arena.

Once you have established a foothold, you will inherently be exposed to the people you want to become, but you will still have to prove yourself before you can get another door to open where you can demonstrate your knowledge.

Don't sell yourself short, apply to any and all IT positions and let them tell you NO, NEVER TELL YOURSELF, NO.

Keep pushing, and if you have to move to areas where there is alot of IT jobs.  Nothing is ever as simple as getting a certification and expecting doors to open.

 

Good luck
Nicho88
50%
50%
Nicho88,
User Rank: Apprentice
2/18/2018 | 10:42:37 PM
Re: Yawn More Rubbish
Hey CYBERMARK, you don't have a job because you have a bad attitude and you can't spell. It has nothing to do with the market.
CyberMark
100%
0%
CyberMark,
User Rank: Strategist
2/17/2018 | 9:32:55 AM
Yawn More Rubbish
I posted on a thread similar to this months ago, articules that throw figures about how the whole world is short of cyber security professionals funny really as I finished my Masters degree in cyber security 6 months ago and am still unable to even get a job interview. 

Write about something that's real, this articule is nearly as bad as the one about 13 Russians that managed to sway the US Elections utter rubbishh. 
Karlss
50%
50%
Karlss,
User Rank: Apprentice
2/13/2018 | 4:40:49 AM
Re: Cybersecurity - YES - InfoTech - NO
That was very interesting to read, thanks
myjo12
100%
0%
myjo12,
User Rank: Apprentice
2/7/2018 | 10:13:30 AM
Career change
I recently made a career change into cybersecurity and completed my master's degree in December 2017. I have been looking for a job ever since but because I have no prior experience I am not even being considered. I am working on getting certifications but feel that it will not do much good. I quit my job in order to make this change so that I could complete my degree in a year's time. However, if I don't find something soon, I will be forced to go back to the type of work I was doing before making this degree a waste of time and money. So if you are planning to make a career change into cybersecurity make sure you have an idea of how to get experience before applying for jobs. It seems that you need at least an internship somewhere. I'm not sure what companies expect those of us who are unable to get one is supposed to do. How do they expect to fill all of these positions if no one is willing to train?

 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/1/2018 | 3:11:28 PM
Cybersecurity - YES - InfoTech - NO
IT - Infrastructure Temorary workers and outsourced staff to Bangalore.  BUT security is a different field now and I heartily recommend ANY interested individual to follow this career path.  Programmers can be sent to Bangalore and general work is mostly for kids.  Building servers - ok, but not a solid path too.  Remember that American management does not appreciate IT in general. 
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17283
PUBLISHED: 2018-09-21
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Inject...
CVE-2018-17282
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
CVE-2018-14592
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2018-15832
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
CVE-2018-16282
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.