Global software supply chain attacks increased dramatically last year. According to a report from Sonatype, “in 2021, the world witnessed a 650 percent increase in software supply chain attacks, aimed at exploiting weaknesses in upstream open source ecosystems.” This is up from a 430 percent increase noted in the 2020 version of the report.
In response, the United States has taken steps to secure the supply chain through policy recommendations and official guidance. For example, the Biden administration issued an executive order, NIST outlined specific security measures for critical software use, and major tech companies, such as Microsoft and Google, launched initiatives to expand the cybersecurity workforce.
All of this means the job outlook for cybersecurity professionals is excellent. Dice calls employer demand for cybersecurity engineers “ravenous,” as job listings jumped 31 percent in the third quarter of 2021, compared with the previous quarter.
In this article, we’ll look more closely at the current job outlook and provide resources to put you on a career path in cybersecurity.
In a survey by Black Hat USA way back in 2015, only 27 percent of respondents felt their organization had enough staff to defend itself against current threats. Since then, the problem has only gotten worse.
According to tracking by Cybersecurity Ventures, the number of unfilled cybersecurity positions grew by 350 percent globally in the past eight years—from one million positions in 2013 to 3.5 million in 2021. And the company predicts the number of openings to be the same in 2025, reports Steve Morgan.
The U.S. cybersecurity landscape currently includes more than 1,053,000 workers and nearly 598,000 jobs yet to be filled, according to CyberSeek, which, Morgan says, “reflects a global supply and demand problem around recruiting candidates with cybersecurity certifications.”
Nationwide, per CyberSeek’s data, more than 116,000 current job openings seek Certified Information Systems Security Professionals (CISSPs), but only about 93,000 people are certified as such. Similarly, more than 45,000 advertised jobs request Certified Information Security Manager (CISM) credentials, but only about 19,000 people hold that certification.
This demand is not confined to the United States, notes Morgan, citing a report that “India alone is expected to have more than 1.5 million job vacancies in cybersecurity by 2025.”
The U.S. Bureau of Labor Statistics specifically examines the role of Information Security Analyst, noting that median pay was $103,590 in 2020. According to the summary, the role typically includes the following tasks:
- Monitoring an organization’s networks for security breaches
- Investigating security breaches when they occur
- Installing and using software, such as firewalls and data encryption programs, to protect sensitive information
- Doing penetration tests
- Researching the latest IT security trends
- Developing security standards and best practices for the organization
Other cybersecurity-related job titles and average salaries, per CyberSeek, include:
- Cybersecurity Analyst: $100,603
- Cybersecurity Manager: $101,802
- Cybersecurity Specialist: $99,652
- Incident & Intrusion Analyst: $86,959
- IT Auditor: $105,600
- Penetration & Vulnerability Tester: $101,231
CyberSeek’s interactive career pathway details key jobs within cybersecurity with information on current openings as well as related skills and credentials. The list includes roles such as system administrator and network engineer, because, as Morgan points out, “every IT position is also a cybersecurity position now. Every IT worker, every technology worker, is (or should be) involved at some level with protecting and defending apps, data, devices, infrastructure, and people.”
Challenges Amid Opportunities
The cybersecurity industry is not without internal challenges, however. For example, a study from (ISC)² showed that minority representation within the field is 26 percent and that racial and ethnic minorities tend to hold non-managerial positions. Pay discrepancies are also a problem, especially for minority women.
“The lack of diversity blinds us to the myriad ways that actors can attack us, and robs us of the talent and engagement of important parts of the global population,” write Lauren Zabierek and Algirde Pipikaite for the World Economic Forum. “A lack of different perspectives and diverse representation mires us in the issues of today. It saps our energy and ability to look ahead to future threats.”
Additional research by Respect in Security found that almost half of cybersecurity employees had “experienced harassment at work socials (48%) and in the office (47%), while more than a third admitted to having experienced bullying at industry events (36%),” says Sabina Weston.
“Executives and managers need to do a better job of creating a safe space for knowledge-sharing if they hope to make their organizations more secure,” notes security analyst Regina Bluman.
- 35+ Initiatives to Get More Women into Cybersecurity from Comparitech
- Certifications to Boost Your Open Source Career from FOSSlife
- Cyber Security Resources from SANS Institute
- Getting Started in Cybersecurity from FOSSlife
- Job Outlook for Entry-Level Software Developers from FOSSlife
- New2Cyber Summit 2022 from SANS
- Systemic Racism Is a Cybersecurity Threat from Council on Foreign Relations