The global demand for cybersecurity expertise has increased dramatically since enterprises across industries have embraced digitization. In the last half-century, digitalization has become critical to core functionality in finance, banking, consumer durables, and in every small and large domain. The growth of digital technology is essential for worldwide connectivity, global trade, and most importantly, one-touch business transactions that make our lives easier and more convenient.
When was the last time you paid cash over the counter for a business payment, bank transaction, or even for an online booking? Everyone has benefited from the ease of swiping a debit or credit card and using a one-touch payment app. This customer preference for digital/online experiences has resulted in exponential growth in both B2B and B2C online transactions. The need for a secure digital ecosystem is now the ultimate priority for nearly every company.
An organization’s ecosystem includes not only the technology that manages online transactions but also its network, IT infrastructure, servers, payment gateways, and connected devices across the company. A cybersecurity expert can efficiently safeguard these digital assets and protect an enterprise from security threats. This explains why cybersecurity has emerged as a popular career choice among millennials and Generation Z.
The cybersecurity talent crunch is estimated at ~3.5 million, globally.
This article offers guidance on cybersecurity for those considering it as a career choice. It explores the industry size, expectations, opportunities, career prospects, trends, and how to prepare for a job in the cybersecurity workplace.
The Cybersecurity Job Market
The requirements for data privacy, transaction security, and a secure infrastructure are stringent for companies wanting to avoid potential data theft, phishing, or online fraud. Rigorous cybersecurity is based on the CIA triad of three core security principles: confidentiality, integrity, and availability. The goal is to create a well-protected, firewalled ecosystem for digital operations against any malware or malicious activities.
The following are answers to common questions about the cybersecurity job market.
1. How big is the cybersecurity marketplace?
It’s huge! And so are the career opportunities. According to Gartner, spending on global information security and risk management technology will increase 12.4% to reach a whopping $150.4 billion in 2021. This is up from just 6.4% in 2020. Cybersecurity is the largest contributor to this spending and a top priority for approximately 61% of the respondents surveyed in the Gartner 2021 CIO Agency Survey.
To understand the relevance of cybersecurity today, let’s look at a couple of real-life examples.
When a group of malicious actors compromised the billing system of a major U.S. oil pipeline, it was forced to shut down pipeline operations. The hackers stole nearly 100 gigabytes of data and threatened to release it if a ransom was not paid. The shutdown created fuel shortages across the East Coast, impacting major airports and causing fuel shortages at filling stations in at least five states. This caused President Biden to declare a national state of emergency, and the pipeline remained shut down for five days.
In another example, a malicious actor compromised a water treatment plant in Florida by attempting to change the levels of sodium hydroxide in the water. Had the event not been detected, it would have poisoned the water within 36 hours. A successful attack would have impacted the health and welfare of the 15,000 people who rely on the treatment plant for safe drinking water.
2. What are the industry expectations for cybersecurity beginners?
Organizations still grapple with the security implications of public cloud and software as a service (SaaS). On top of this, the growing adoption of automation, machine learning, and artificial intelligence technologies are creating vast cybersecurity career opportunities.
In terms of basic knowledge for cybersecurity jobs, recruiters expect you to understand the architecture, administration, and management of operating systems like Windows, Linux distros, and others. Job requirements also include networking, virtualization, software analytical skills, and general programming development concepts.
In addition, basic knowledge of programming languages like C/C++, Java, and scripting languages like Python, Pearl, PHP, and assembly language is valuable. Also, an understanding of security frameworks and practices can be helpful. The primary and more universally accepted frameworks have been developed by the National Institute of Standards and Technology (NIST), the International Organization for Standardization (ISO), and the Center for Internet Security (CIS). The graphic below depicts the eight competency areas of cybersecurity on which employees should focus.
3. Where is the money concentrated?
Apart from the several domains that are closely knit in the cybersecurity market, career aspirants should focus on the following segments to optimize their competencies and draw attractive pay packages with excellent growth potential.
It is estimated that spending is expected to be concentrated in the following five markets:
- Security services
- Infrastructure protection
- Network security equipment
- Identity access management
- Consumer security software
While the majority of cybersecurity spend may be concentrated in five markets, certain cybersecurity skills are leading the charge in terms of projected growth. The graph below shows the cybersecurity skills expected to be in greatest demand over the next five years.
(Source: Forbes Report)
4. Which service gaps can be filled by cybersecurity beginners?
Exciting new job roles have been emerging with the ever-changing requirements of the cybersecurity industry. According to The U.S. Bureau of Labor Statistics’ Information Security Analyst’s Outlook, cybersecurity is among the fastest-growing career preference in the U.S. Job vacancies are expected to rise by 31% by 2029. Some of the exciting job roles include:
- Chief Information Security Officer (CISO): This role is responsible for strategizing the business plan to be executed within the information security infrastructure of any organization. Every other role related to the IT/data/cybersecurity reports to this person.
- Information Security Director/Manager: This role supports the CISO by providing management and oversight of the business plan related to security. He/she is responsible for implementing, designing, managing, and allocating the technical security measures in an organization. They report to the CISO with other IT/data/cybersecurity roles generally reporting directly to this person.
- IT Security Engineer: This role is directly responsible for planning and implementing security measures for monitoring and protecting the online assets of the enterprise from hackers and other malicious attackers.
- Security Architect: Security architects design the security infrastructure as per the business requirements to maintain network security. They are different from technical architects who focus on networks and applications and governance architects who consider policies, procedures, and practices of the organization.
- Penetration Tester: Sometimes called white hats or ethical hackers, this role serves as an insider hacker trying and testing any and every tactic to breach the environment. Their methods may include networks, applications, and even social engineering.
- Digital Forensics Analyst: This role retrieves, analyzes, and safeguards digital data related to cyber events and cybercrime. This is a key role in preserving evidence to ensure that it can support an investigation and be admissible in court if required.
- Security System Administrator: This person is responsible for installing, administrating, maintaining, and troubleshooting security/network-related issues. They are often the first point of human contact for someone reporting a security issue. They may also support the other security professionals in their duties and eventually develop into one of these roles.
Apart from these roles, there are a plethora of opportunities available for beginners in the cybersecurity industry. Keep in mind government organizations and security companies are actively hiring specialists to handle a wide range of cyber frauds.
5. Where to begin?
Someone starting out can begin by exploring the various cybersecurity certifications.
- Certified Ethical Hacker (CEH): Learn to reverse engineer any potential hacking probability and ensure a safeguarded network system.
- CompTIA Security+: A globally renowned certification to validate your security foundation, vendor-neutral IT security knowledge, and skillsets.
- Certified Network Defender (CND): This certification course focuses on educating participants about protection, identification, and response mechanisms for network security and knowledge of appropriate tools for a better practical approach.
Apart from these, other prominent certifications to consider include:
- Offensive Security Certified Professional (OSCP)
- GIAC Certified Incident Handler (GCIH)
- The Information Systems Audit and Control Association (ISACA) offers a couple of key certifications:
- Certified Information Security Auditor (CISA)
- Certified Information Systems Manager (CISM)
- The International Information System Security Certification Consortium (ISC)² provides a number of advanced certifications, including:
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Architecture Professional (CISSP-ISSAP)
- Information Systems Security Engineering Professional (CISSP-ISSEP)
- Information Systems Security Management Professional (CISSP-ISSMP)
- Healthcare Security & Privacy (HCISPP)
- Systems Security Certified Practitioner (SSCP)
There is absolutely no doubt about the value and future growth potential in the cybersecurity job market. The perpetually evolving digital world and the risks associated with it require continuous and updated training and knowledge to sustain the vulnerabilities. Any aspirant willing to invest in the required technical and management skills can take advantage of this huge career opportunity.