If you've ever considered working in cybersecurity, now is a great time to be looking for a job.
Security incidents in the news are nothing new, but in recent months, cyberattacks, particularly ransomware attacks, have taken on a significance rarely seen before. Attacks are impacting global supply chains and disrupting the economy. And some victim companies are paying huge ransoms, which are further emboldening the cybercriminals.
As a result, companies are eager to hire cybersecurity professionals. But they can't always find the qualified staff they need.
According to CyberSeek, a website sponsored by Burning Glass Technologies, CompTIA, and the National Initiative for Cybersecurity Education, the U.S. currently has 464,420 open cybersecurity positions. It also classifies the supply of available workers as "very low" in every state but Maine.
As a result, pay for most cybersecurity positions is fairly high. According to CompTIA, the average pay for the nine most common cybersecurity job titles are as follows:
Those high salaries, in turn, have many IT professionals in other fields considering transitioning into cybersecurity. That sort of career move is not at all uncommon. In an ESG and ISSA Research Report, more than three-quarters (76%) of cybersecurity professionals surveyed said that they had worked in another area of IT before going into security.
But while it may be common, the path for getting from one point in IT to another isn't always clear-cut. Job seekers are often at a loss as to how to begin the process of making such a transition.
The following slides offer 10 tips from cybersecurity professionals and other experts about how to break into the lucrative field of cybersecurity.
1. Do Your Homework
If you want to pursue a career in cybersecurity, experts say you should start by reading as much as you can about the topic. Security has its own jargon that is different from other areas within IT, so if you want to be taken seriously, you need to speak the same language as the people in the field. Follow the trends on cybersecurity new sites. (InformationWeek and our sister site Dark Reading are a good place to start.) Hang out in online forums where security professionals discuss their work, and maybe even attend some webinars or conferences. This baseline of knowledge will help you learn what areas within cybersecurity interest you and what kind of organization you might like to work for.
2. Master the Basics
Well-known security blogger Brian Krebs advises anyone who wants to break into cybersecurity to improve their fundamental computing skills. He points to a SANS Institute study that found that many job applicants lack basic understanding of topics like networking (46%), computer architecture (47%) and common exploitation techniques (66%). Rather than a working to improve your theoretical knowledge, tackle some projects that improve your practical skills with Windows, Linux, and networking. You really can't fully grasp advanced cybersecurity topics if you don't have a baseline of knowledge about how networks, operating systems, and computer hardware work.
3. Consider a Specialization
As you're adding to your cybersecurity knowledge, you will quickly realize that security is a broad field with a lot of different specializations. Are you interested in penetration testing, that is, ethical hacking to find flaws in corporate networks? Maybe you have a background in data analytics and are more interested in becoming a security analyst, or maybe you've been a programmer and want to help design more secure applications. Then again, maybe you enjoy the adrenaline rush of trying to halt and mitigate ongoing incidents and you want to be a responder. Other cybersecurity jobs involve network administration, hardware design, project management, or a host of other skills. Think about the skills you already have and the kind of work that you most enjoy. Picking a specialization will make it easier to acquire the necessary skills for the next phase of your career.
4. Plan your Career Path
Once you have an idea of where you want to end up, it's time to figure out how to get there. The Cyberseek website has a helpful tool that can plan a route from an entry-level cybersecurity position to a more lucrative role. It also has a heatmap that provides more information about demand for different roles in different parts of the US. It can help you focus your training and job search efforts so that you maximize your chances of breaking into the security field.
5. Identify Transferable Skills
If you already work in IT, you probably already have some of the skills that you need for a cybersecurity position. And transitioning to a job that requires similar skills is always easier than starting from scratch. Fortunately, you probably already have some of the most helpful skills. According to a study conducted by ESG & ISSA Research, the most useful skills for cybersecurity professionals include networking and infrastructure knowledge and skills (cited by 60% of cybersecurity professionals surveyed), analytical skills (49%), IT operations knowledge and skills (49%), and hands-on technology skills (44%). Other sources also point to programming and cloud computing skills as very helpful for cybersecurity.
6. Close the Gaps in Your Education
While you probably have some valuable skills, you probably also have some holes in your resume that you need to fill before taking a cybersecurity job. According to a Burning Glass report, 88% of cybersecurity positions require a bachelor's degree or higher, so if you don't have a degree, you probably should start investigating your options to get one.
If you already have a degree, you might want to seek out other training opportunities. This might be something formal like a class or workshop, or it might be something less formal, like finding a mentor who works in cybersecurity. In fact, in the ESG and ISSA Research survey, 26% of respondents said that finding a mentor is the best way to develop skills and a career plan for breaking into cybersecurity.
7. Consider a Certification
The topic of IT certifications is always a little controversial. Some tech workers believe they are very helpful for finding a job (or getting a raise), while others are completely convinced that they are a waste of money. If you do decide to get a certification to demonstrate that you have the skills necessary to get a cybersecurity job, you should choose a certification that has a proven impact on earning potential. According to Foote Partners, certifications overall are currently at a seven-year low in terms of their impact on pay. However, some cybersecurity certifications are among the highest-paying certifications, and several gained 10% or more in market value in the three months ending April 1, 2021. Those that recently gained value include GIAC Web Application Penetration Tester, InfoSys Security Engineering Professional (ISSEP/CISSP), and InfoSys Security Management Professional (ISSMP/CISSP). The highest-paying certs include Certified Computer Examiner, Certified Cyber Forensics Professional, CyberSecurity Forensic Analyst, EC-Council Certified Encryption Specialist, GIAC Exploit Researcher and Advanced Penetration Tester, GIAC Security Expert, GIAC Security Leadership, and InfoSys Security Architecture Professional (ISSAP/CISSP).
8. Leverage Your Security Clearance (If You Have One)
If you have previously worked for the US government or a contractor and have a security clearance, that can be a huge benefit when job hunting. Many federal and state agencies are currently hiring cybersecurity professional and some require or prefer a security clearance. The situation is similar for defense and aerospace contractors. Of course, you can usually get a security clearance after you start a new job, but the process is lengthy and can take months or even years. If employers have the choice between a candidate with a security clearance and one without, they will often choose the one with the clearance. If you are lucky enough to already have a clearance, you will maximize your chances of getting a job and your earning potential by looking for positions that prefer security clearance.
9. Network with Other Cybersecurity Professionals
We've all heard that "it's not what you know, it's who you know." While you can certainly find a job by just applying for positions you find through Internet searches, your chances are much, much higher if you know someone (or someone who knows someone) at the company where you are applying. Networking doesn't have to mean attending events in person. You can do a lot of networking virtually through social media like LinkedIn or Twitter or by participating in forums or dedicated Slack channels. You might also want to consider attending virtual events or taking part in a cybersecurity competition as a way to both improve your skills and meet other people working in cybersecurity.
10. Stay Up to Date
Perhaps more than any other area in technology, cybersecurity is changing every single day. New exploits and new ways to counter those exploits are identified on a daily or even hourly basis. In the ESG & ISSA Research survey, 92% of respondents agreed with the statement "Cybersecurity professionals must keep up with their skills or the organizations they work for are at a significant disadvantage against today's cyber-adversaries." If you decide to pursue a career in cybersecurity, the research you do now to help you prepare will be just the beginning of the continuous learning you'll need to do if you want to be successful in this field.
Check out other InformationWeek slideshows.
Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years. View Full Bio