Cybersecurity careers are on the rise. The need for cybersecurity professionals is so great that job openings are outgrowing the available workforce. A Cybersecurity Ventures report predicts that there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million unfilled positions in 2014.
That figure is especially troubling because cybercrime is rising just as quickly. The Herjavec Group's 2019 Official Annual Cybercrime Report estimates that businesses will fall for a ransomware attack every 14 seconds in 2019—and that's just ransomware. Phishing attacks—wherein hackers find their way into companies' data through the IoT or other unsecured devices, networks, and platforms—are on the rise, too.
This is a crisis. But it's also an opportunity—and possibly a goldmine for IT professionals looking for work. Here are five things you might not have known about cybersecurity careers and how to break in to the field.
1. Cybersecurity spans several roles.
Information security is a big industry, and there are several cybersecurity careers for those interested in it. Some of the most common roles include security analyst, penetration tester, security architect, and cybersecurity engineer. Professionals in these roles test an organization's security for vulnerabilities and protect against threats. Management roles, such as security manager and chief information security officer (CISO), lead these teams and make strategic recommendations to leadership to help secure the organization from cyberattacks.
2. The size of the organization matters.
Big companies are more likely than small companies to have robust, well-staffed cybersecurity teams. Large corporations often have a CISO overseeing security in addition to their own staffs of analysts and engineers.
Hackers are increasingly attacking small businesses because they're easier targets, HG.org says. For instance, people at smaller businesses might not be trained to recognize phishing attacks. They might also use unsecured apps, devices, and platforms, and they might believe that they're off cybercriminals' radars. To combat cybercrime, cybersecurity professionals at small and midsized businesses might take on more than one role, identifying attacks, coming up with strategies to secure data, and ensuring that employees are educated to recognize potential threats.
3. Some industries need cybersecurity professionals more than others.
While every industry needs to safeguard its data, some are more actively recruiting cybersecurity professionals. According to the SANS Institute Cybersecurity Professional Trends survey, Michael Warne writes on Medium, the industries most in need of cybersecurity professionals include
- Information technology
Each of these sectors involves the processing and storing of sensitive information, so it's no surprise that they're investing in information security professionals who can protect this data from falling into the wrong hands.
4. Cybersecurity professionals need many skills.
While the specific job title determines the specific skills a cybersecurity professional needs, all cybersecurity careers require certain foundational skills, including
- Risk management
- Networking basics
- Threat awareness
- Tool kit maintenance
Other skills might be required depending on the role. Security architects need to know how to strengthen a network against threats, for example, while penetration testers need to know how to duplicate an attack. CISOs need to be able to design strategies that will ensure that networks are secure and that employees and vendors won't be fooled into creating a vulnerability.
5. You might already be on the path to cybersecurity.
If you've been working in IT, especially if you've been working for a small or midsize business, you're probably already engaged in infosec work. Thanks to the shortage of cybersecurity workers, all IT workers have to know basic security best practices to keep their employers' data safe.
"There is a zero-percent unemployment rate in cybersecurity, and the opportunities in this field are endless," Herjavec Group founder and CEO Robert Herjavec told Cybercrime Magazine. "Gone are the days of siloed IT and security teams. All IT professionals need to know security—full stop. Given the complexity of today's interconnected world, we all have to work together to support the protection of the enterprise."
If you're currently dabbling in cybersecurity at work, you might already be on the road to being a cybersecurity professional. If you're interested in exploring cybersecurity further, the next step is to pursue a degree in cybersecurity and information assurance, which will help you move to a high-paying job in a field desperate for workers.