You’ve likely heard about the cybersecurity talent crisis – the huge expected shortfall in security workers (1.5 million globally) through 2019/2020, even though salaries and job satisfaction are increasing.
One reason for the shortfall is the speed with which organizations have made security a high priority, mainly in response to the escalating number of cyberattacks and the proliferation of malware (including ransomware). This uptick in importance came with more money budgeted for additional security equipment, software and services, as well as personnel to install, manage and maintain the systems. As a result, security trainers, educators and recruiters have felt the squeeze, and simply haven’t been able to keep up with employer demand for skilled workers.
What kinds of jobs need to be filled?
Employers are looking to fill all types of cybersecurity positions, especially those associated with cloud, networking, mobile, application development and the Internet of Things (IoT). Among those areas, risk management and the National Institute of Standards and Technology Risk Management Framework (NIST RMF) figure prominently, extending to jobs across industry’s, such as financial services, healthcare, high tech, insurance, government, national defense and more. (ISC)2, ISACA and several other security-focused organizations highlight risk management as a significant tool for controlling threats to business assets and preventing breaches.
One of the most common security job roles that pops up on sites like Indeed.com, ZipRecruiter.com and LinkedIn Jobs is the “security analyst.” During a recent search, a total of 7,890 security analyst jobs in the U.S. appeared across all three sites. Employers also look for risk management analysts, risk managers, security engineers, auditors, network and systems administrators, project managers, penetration testers, vulnerability assessors, security software developers and the upper-echelon security architects and chief information security officers (CISOs).
What can be done to meet the risk management or cybersecurity staff shortage?
For several years, a combination of security certifications and general IT experience served as a conduit into most entry- and intermediate-level IT security jobs. Today, employers look for workers who can join an organization and provide value from day one, with minimal training. That often means having a bachelor’s and/or master’s degree, certain certifications, and relevant, focused experience.
Although experience trumps all other qualifications, of the 7,890 security analyst job descriptions mentioned previously, about 60% stated a college degree (predominantly a bachelor’s or master’s) as preferred or required. A degree can help a person develop hard and soft skills, both of which are highly important to employers. Being able to list a degree on a resume or application also makes one candidate stand out among others during the screening phase.
A graduate degree qualifies you for more advanced positions and can boost you’re salary, often by thousands of dollars annually. For example, the U.S. median income of a risk management analyst with a bachelor’s degree and up to 3 years of experience is $73,442 (as of December 28, 2016), according to Salary.com. Compare that to a risk manager, where the median income is $105,596 with a bachelor’s degree and seven years of experience. However, many employers require a master’s degree for risk managers, which increases the earning potential further and, in some cases, reduces the number of years of required work experience.
Some graduate degree programs are more job-centric than others, providing a curriculum that emphasizes application of knowledge, intensive hands-on labs, internships and mentoring, all of which contribute to gaining the technical chops needed to be successful from the start in risk management and cybersecurity.
If the projected number holds, there will be 1.5 million opportunities for job seekers who want to move in to cybersecurity or move up within a security career. Why not make 2017 the year you get started?