As one of the fastest growing niches in the information technology industry, working in cyber security can be a challenging and rewarding experience at the same time. Though demand for qualified applicants is very high, breaking into this complex arena of coding, firewalls and network security infrastructure is not easy. Here’s what you need to know to improve your chances of landing one of these coveted positions.
The Cyber Security Job Market
According to Steve Morgan, founder and CEO of Cybersecurity Ventures, damage from cyber crime will cost over $6 trillion between 2017 and 2021, while spending to limit this damage will top $1 trillion in products and services. Finding qualified professionals to handle this threat will be one of the corporate and governmental world’s greatest challenges in the coming years. Cyber Seek reports that in the United States there are currently over 285,000 unfilled cyber security job openings, with almost 747,000 employed professionals. The employment shortfall is expected to rise to 1.5 million by 2019, and to 1.8 million in 2022. California, Virginia, Texas, Maryland, New York, Illinois, Florida and North Carolina are the states with the highest unmet demand. According to an ISACA report, around 27% of companies in the United States have been unable to fill their cyber security roles. As many would expect, IT companies, banks, consulting firms and defense contractors top the list of employers. With an average national salary of $116,000 per year, which can rise to $380,000 for executive positions, cyber security work can be extremely rewarding financially. Given the scarcity of workers in this field, companies often present qualified potential recruits with highly attractive benefits packages. Contractors can expect to charge between $55 and $150 dollars per hour depending on experience and skill level.
A college degree is considered a basic requirement in this field, but is rarely enough. Candidates are also expected to acquire additional certifications that focus on program, applications and/or network security. For those being certified for the first time, CompTIA Security+ and SSCP are excellent stepping stones towards more advanced certifications. Many cyber security professionals are eventually expected to obtain a CISSP (Certified Information Systems Security Professional), generally considered to be the most common and applicable of information security certifications. As cyber threats continue to rise, however, employers are demanding increasingly specialized certifications that measure specific skills and knowledge areas, according to the highly respected SANS Institute. These include the CISA (systems control and monitoring) and CISM (information security management) certifications offered by ISACA, CEH (ethical hacking), CWSP (wireless security), CCSP (cloud security), OSCP (offensive security) or the GIAC-GPEN (penetration testing). Particular companies and industries may have their own specific certifications that employees are required to obtain such as the Cisco Systems CSS (cyber security specialist), and the HCISPP certification (healthcare industry). Certification exams tend to be pricey, so candidates should be sure to prepare rigorously before taking them. In terms of practical skills, cyber security analysts and engineers need to be proficient in encryption and or decryption in order to design, monitor and test complex firewalls and information security systems. This in turn requires an advanced knowledge of mathematics and computer science. Many applicants who may have the necessary skills and know-how are often overlooked for not having these credentials, or for being former convicted hackers (and thus considered to be potential insider threats).
Despite the high number of job openings and the extreme shortage of qualified professionals to fill them, finding work in cyber security can be a daunting endeavor requiring several years of on the job training. Experienced engineers and technicians working in other IT fields should attempt to transition into cyber security at their current company by making themselves available and committed to learn the required skills and obtain the necessary practical training required by the firm. Prospects should also make an effort to build their brand by attending cyber security conferences and events that put them in touch with experienced professionals and authorities in the field, while also maintaining an active presence on professional networks such as LinkedIn. Gamification is also a very useful tool for aspiring applicants to test and improve cyber security skills anonymously and for free. Students in high school or college should try their hand at building home labs to practice their skills and techniques using open-source technology, while also seeking out internships in the cyber security realm. Campus events such as hackathons and coding challenges are also a great way to connect with recruiters and like-minded students. Corporate apprenticeships, such as those organized by the Midwest Cyber Center (MC2), could become more common in the United States as a way to provide on the job training in cyber security for recent graduates or even workers in other areas of IT looking to make the transition. Whether you’re a young professional or a seasoned pro, higher education in cyber security is something you may want to consider at some point if you are interested in a long-term cyber security career.
Be the Hunted
At HuntSource, placing applicants in desirable and rewarding IT and cyber security positions is our specialty. Understanding that traditional recruiting methodologies have been unable to bridge the supply and demand gap for workers in cyber security, HuntSource leverages technology-driven solutions with expert knowledge of the IT and cyber security markets to optimize employee placements and increase organizational cyber security. Click here to browse job openings and find the best opportunity for you.