Six Reasons to Consider a Career in Cybersecurity Home Insights Blog Six Reasons to Consider a Career in Cybersecurity October 22, 2019 Six Reasons to Consider a Career in Cybersecurity Part 1 in a series. If you’re a young person thinking about your future career, or perhaps a more experienced worker wondering if your current job is the best for you, you may be asking yourself some questions. The unemployment rate is low at the moment, but there’s always uncertainty about the future. What sectors are growing? What career will provide the greatest security? What pays the best? Are you adequately trained to take advantage of these opportunities? Great questions all. And there’s good news: there are currently several fields which feature a strong near- and long-term outlook. One of the most promising – perhaps even the most promising – is the booming world of cybersecurity. Let’s look at some facts and figures. The cybersecurity job outlook is incredibly bright Fifty-three percent of companies report a troubling shortage of information security talent in their organizations, and that number has been increasing every year since 2015. Cybersecurity job listings are up nearly 75% since 2014 but there are currently almost a half million unfilled positions in North America and over 2.7 million worldwide. Those numbers are projected to increase to 1.8 million in the US by 2022 and 3.5 million globally by 2021. Cybersecurity unemployment currently sits at -2%. And that isn’t new – the fact is the industry has been struggling with negative unemployment for a few years. In other words, there are plenty of career opportunities in the cybersecurity field, and demand for talent is expected to increase indefinitely. The why is simple: the number of threats and bad actors continues to climb and there’s no reason to expect this will change. Less than 40% of organizations worldwide say they’re prepared for a sophisticated cyber attack Internet of Things (IoT) hacks increased 600% in 2017; there will be roughly 200 billion connected devices by next year – and each is a potential target It usually takes six months to detect a data breach Various app stores combine to block more than 24,000 malicious apps each day There are a number of motivations for cyber attacks, including financial, political / “hacktivism,” state-sponsored cyberwar and even basic terrorism – none of which is expected to disappear anytime soon. Security expert Dr. Larry Ponemon sums up the imperative for organizations: …attackers are getting better funding, many are nation state-backed, so if you don’t get the right people to secure the organization, the consequences to many companies could be severe, even to the point of bankruptcy. The message is clear: cybersecurity threats are with us for the long haul, which means cybersecurity career opportunities are, too. Cybersecurity job salaries are high This piece of the equation is straightforward, Econ 101 supply-and-demand. Cybersecurity is critical – for many organizations it’s nothing short of an existential threat. There are far too few qualified candidates to fill the jobs. Demand is increasing. The US Department of Labor ranks it as the third-fastest-growing career field in the country, with a projected year-over-year growth rate of 28%. Cybersecurity career salaries range from $90,000 to upwards of $200,000 for top positions, including titles like information risk managers and security engineers. You don’t necessarily need a technical background Nearly a third of current cybersecurity pros originally came from non-IT backgrounds, and while technical skills are undoubtedly helpful they’re not necessary. As the Springboard blog explains: Not surprisingly, having technical skills is a benefit if you’re trying to figure out how to get into cybersecurity. You’ll be able to decode certain computer-related aspects of the job at a faster pace than those without an IT background. Programmers, web developers, and software engineers are just a few of the technical jobs where the skills you already have will be transferable to a cybersecurity role. For example, being a programmer will help you know what malicious code looks like, and how to protect against it. Web developers will be quick to learn how to defend against cross-site scripting, if they don’t already know how to. And software engineers know how to mitigate vulnerabilities such as buffer overflows. However, cybersecurity skills are teachable and not being a programmer doesn’t mean there’s no place for you in the field. In fact, you may not even need a college degree. … it’s possible certain coding or development skills aren’t even necessary to be hired. Cyber policy analyst and technical writer are examples of non-technical cybersecurity jobs. These are positions you could obtain with skills you might already have. For example, a college degree may be the only thing required for an entry-level policy analyst position. If you’re an avid writer and have a grasp on grammar, starting as a technical writer isn’t a bad idea to get your foot in the door. Everyone starts somewhere and you could always get an entry-level technical position to start your cybersecurity career. Cybersecurity certifications – such as Security+ and Certified Ethical Hacker – can put you on the fast-track with getting a technical cybersecurity position. These certifications take a lot less time to earn than a college degree. Depending on your pace of study, you can earn these in just a few months. Cybersecurity offers opportunities for women and minorities Not surprisingly, diversity has historically been a weakness in the cybersecurity field. Men, for instance, currently comprise 86% of the workforce while 74% are white. No, this part isn’t great news, but the dynamic simply isn’t sustainable in an industry facing such dangerous talent shortages. Smart firms are being more aggressive about diversity and inclusion in their recruiting, meaning minorities and women shouldn’t be shy about throwing their hats in the ring. There are more and more coding clubs and cybersecurity camps tailored for women and girls, and these can be invaluable resources for aspiring cybersecurity professionals. Minority candidates are encouraged to explore the variety of programs and scholarship opportunities offered by the International Consortium of Minority Cybersecurity Professionals (ICMCP). The security industry provides socially responsible work Many job-seekers are interested in careers that make a difference in the world. Cybersecurity isn’t non-profit/charity work, but it is incredibly important to society and the community. Experts aren’t really sure how many individual threats exist. Most agree it’s in the hundreds of millions, and perhaps even exceeds a billion. And many of them pose a critical risk to our very way of life. Everything is vulnerable, from the power grid to your bank accounts to your social security number – even your smart devices and home assistants. Security professionals motivated by a desire to serve the wellbeing of others will know they’re doing more than collecting a check. They’re working to safeguard their fellow citizens from a wide range of potentially devastating attacks. For instance: State-sponsored cyber espionage. A recent report showed a 168% year-over-year increase in state-sponsored government breaches. These actors account for 79% of all breaches by foreign sources. Nations actively operating or tacitly approving of such campaigns include strategic opponents like Russia, China, North Korea and Iran. Corporate Espionage. The Center for Strategic and International Studies estimates that corporate espionage costs businesses $445 billion annually. Disinformation campaigns. The integrity of government institutions in the US and abroad is threatened by hostile entities seeking to disrupt democratic processes. Ransomware. The most significant malware threat facing cybersecurity professionals in 2018 was ransomware, and these attacks are expected to cost businesses more than $75 billion in 2019. IoT BotNets. Experts say the explosion of unsecured Internet-connected devices (home assistants, smart appliances, etc.) poses a significant threat to the power grid. Business Process Compromise (BPC). A relatively recent development, BPCs involve attacks on specific business processes for some financial gain. According to Foresite, “an attacker may try to silently watch internal communications and map out the normal process for a funds transfer. Once they gain enough information, they can transfer money to an account, retrieve the money and close the account. Another example of BPC would be a payroll attack, where the attacker gains access (after learning) the process to add payroll with direct deposit.” Add to all this the emergence of Artificial Intelligence (for both cyber defense and cyber crime) and the picture becomes clear. The future is as exciting and challenging as it is important. The compensation is great and because of the consistent challenge that bad actors pose, career opportunities in cybersecurity will continue to expand. Finally, cybersecurity promotes broader cultural acceptance In a world where there’s a glut of talent, organizations can get away with insisting on stricter codes of appearance and behavior. But that isn’t the environment now. Younger, urban professionals may not be interested in wearing a suit or a dress to work, and companies trying to hold that more formal line are likely to miss out on the skilled workers they need to operate effective cybersecurity programs. This means more relaxed workspaces where tattoos and earrings are tolerated, if not welcomed. Workers are judged on their abilities instead of their willingness to conform to dress codes. Think about it Whether you have no degree (or a certificate in an IT area) or a degree in journalism, social work, IT, networking or business, cybersecurity companies hire people in sales, marketing, PR, HR and administration as well as technical roles. And many of the technical roles can be taught. It’s certainly worth exploring. Sources Bureau of Labor Statistics Business Insider Cisco CNBC ComputerWorld CSO Online Cyber Defense Magazine Cybersecurity Ventures Cybint Solutions Electricity Consumers Resource Council Federal Energy Regulatory Commission Forbes Foresite IBM Infosec Institute International Consortium of Minority Cybersecurity Professionals IoT Security Foundation Nextgov Owlcation phoenixNAP Scientific American SecureWorld Security Magazine Springboard Verizon Vizier Washington Post Disinformation Espionage Costs Wikipedia By: Optiv Share: Careers How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.