Since the invention of the personal computer and the internet, pursuing a job in tech has, for the most part, been a safe choice. Today, one of the hottest fields in tech is cybersecurity. And it’s one in which demand is only likely to grow for the foreseeable future.
Just how in-demand are skilled cybersecurity professionals?
“It’s a war for talent,” said David Cass, vice president of cyber and IT risk at the Federal Reserve Bank (New York Supervision Group), in a cybersecurity chat with Bruce Huang, director of information technology graduate programs at Harvard Extension School.
Simply put, companies are facing a wide—and growing—skills gap in cybersecurity. And because higher ed is only beginning to recognize the demand, the gap is likely to grow bigger in coming years.
Why Pursue a Career in Cybersecurity?
Every industry is facing a growing threat of costly and damaging cyber attacks. And to protect themselves against this threat, they need experts with cybersecurity skills.
Between October 2019 and September 2020, there were over 500,000 cybersecurity-related job postings across the United States. And according to a 2019 report, there may be as many as 3.5 million unfilled jobs in cybersecurity globally by the end of 2021.
Due to this skills gap, professionals with cybersecurity skills or experience can expect more job opportunities and potentially higher salaries.
And unlike many other high tech jobs, cybersecurity jobs are not limited to the tech sector. Every industry now finds itself in need of skilled cybersecurity professionals to better protect their networks, data, and online transactions.
The need for cybersecurity in some sectors—like federal government, finance, and healthcare—is well established. But sectors that have not traditionally worried about cyber attacks now find themselves under threat.
State and local governments, for example, have seen a dramatic uptick in ransomware attacks. As devices such as cars and household appliances are increasingly connected to the internet, sectors such as manufacturing and transportation are now vulnerable to cyber attack. Even the retail and fitness industries find themselves facing financial and legal repercussions from data breaches.
So whether you are just starting out or looking to make a change, developing cybersecurity skills could be the right path to career success.
The 10 Cybersecurity Skills in Highest Demand
According to a October 2020 report by Burning Glass, these 10 cybersecurity skills are in greatest demand. Burning Glass has ranked this list by the anticipated rate of growth over the next five years.
1. Application Development Security
Software developers, cybersecurity engineers, and network architects have the technical skills needed to design and build secure online applications. Within this broad category, the fastest growing need is for DevSecOps (short for development, security, and operations) specialists, who embed security deep inside the applications.
2. Cloud Security
Building the architecture that enables secure interactions between applications and the cloud requires cloud architects, systems engineers, and network specialists. Security professionals who are skilled in cloud computing are likely to see the highest increases in salary.
3. Risk Management
Risk management involves analyzing the types of threats a particular industry and business faces. These professionals must have a solid knowledge of governance, regulatory structures, and strategy. Strong analysis, communication, and problem-solving skills are also critical.
4. Threat Intelligence
Companies rely on these professionals to think both strategically and tactically about how an attack might occur in order to plug potential security holes before they can be attacked. This skill requires technical knowledge as well as analytical and problem-solving skills.
5. Incident Response
Incident response plans form the foundation of every security strategy. The experts who develop these plans must know how to identify an attack and limit the damage, as well as develop the methodology for restoring service and data. These security professionals generally have IT or other technical backgrounds.
6. Compliance and Controls
Knowing the legal and regulatory framework dictating privacy and data protection plays an important role in cybersecurity. This skillset requires in-depth knowledge of law, governance, and business strategy.
7. Data Privacy and Security
Understanding how to safely hold and transfer massive amounts of data is critical for nearly all industries. The combination of database programming and security skills can play a critical role in secure data management.
8. Access Management
Identity and access management (IAM) involves the technologies and processes that monitor and control network access. Experts in this area must be able to design and implement systems for identity authentication, authorization, and auditing for both cloud-based networks and on-premise servers.
9. Security Strategy and Governance
An operational, piecemeal approach to cybersecurity is rarely successful or cost-effective. A comprehensive approach to cybersecurity requires professionals dedicated to creating the strategic policies and processes governing an organization’s cybersecurity architecture.
10. Health information security
The potential legal and financial ramifications of a security breach in the field of healthcare can be astronomical. Cybersecurity in healthcare requires the skills and knowledge to ensure database, network, and cloud security, as well as an understanding of the complex regulatory environment.
Common Technical Skills for Cybersecurity Careers
The cybersecurity field is not limited to IT specialists. Some of the skills in Burning Glass’ list involve knowledge of law, finance, auditing, business strategy, analysis, and risk management.
However, many of the skills on this list do require some degree of technical knowledge.
However, more advanced programming and technical skills offer more cybersecurity career pathway options. The majority of cybersecurity positions require at least an undergraduate degree in information technology, computer science, or software engineering.
And because all stages in the software development lifecycle require the strategic and tactical integration of cybersecurity, further specialization may be required.
Specific specializations include database management, application development, networks and systems administration, and especially cloud computing. Software developers can move into DevSecOps, for example. Expertise in network administration and cloud computing may translate into network security architect, vulnerability analyst, and penetration testing.
How to Build Cybersecurity Skills
The high demand for cybersecurity skills translates into both choice and opportunity when it comes to selecting a career path.
“The exciting thing about cybersecurity is that all of these unfilled positions represent huge opportunities for people who want to enter the field,” said Cass. “There’s no one path into cybersecurity. There are multiple pathways, multiple career options. There are so many ways to get into information security that people can find good roles without having to master all domains to get a job.”
And just as there are multiple pathways into cybersecurity, there are multiple ways to develop the relevant skills. It is often possible to pursue these options as part of your existing career.
If you already have technical skills, you may be able to translate them into a cybersecurity job through on-the-job upskilling.
“The first step is to demonstrate to employers that you have the aptitude and the willingness to learn security,” said Heather Hinton, chief information security officer at RingCentral, in a conversation with Bruce Huang. “[A career in cybersecurity] takes a special mindset. And if your employer is clever, they will jump at the opportunity and say, please come and help us with this.”
A simple first step is attending cybersecurity conferences. Conferences can help you gauge your interest in cybersecurity generally or in a specific subfield. You can gain knowledge and insight in the field and build a network of cybersecurity experts. And you can demonstrate your interest and commitment to your employer.
In addition, working directly with your organization’s security department can offer a hands-on method of skill-building.
“See if there’s a way that you can go and work for them, say, 20 percent of the time,” Hinton said. “Arrange with your manager to assist with a project. If your company has its own in-house security operations center or an incident response team, see if you can apprentice with them or even spend some time shadowing.”
Hinton also recommended coaching or mentoring high school or college students in cybersecurity competitions. The Air Force Association’s National Youth Cyber Education Program is just one of many such programs running across the country. Helping tomorrow’s cybersecurity experts get started may enable you to build your own skills as well.
Benefits of Advanced Cybersecurity Credentials
Pursuing a graduate degree or certificate is another way to gain cybersecurity knowledge and demonstrate your expertise to employers.
Advanced credentials can ensure that you maintain a strong technical foundation. And through careful course selection, you can develop the specialized skills needed to address current issues like computer forensics and investigations, threat analysis and vulnerability assessment, or intrusion detection.
Master’s degree programs also help you develop the nontechnical expertise you need to advance in a cybersecurity field. Coursework on risk analysis, for example, can augment your technical skills. And graduate classes improve your skills in strategic thinking and problem-solving, communication, leadership, and business acumen.
The good news is that many companies are willing to help their employees move into the field of cybersecurity. It’s worth exploring whether your organization has a tuition assistance program that can help pay for your continuing education.
For some cybersecurity jobs, specific technical certifications may also be important. This is especially true for individuals seeking a management or strategic role, or even a future as a chief information security officer.
In-demand certifications include:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- CompTIA Security+
- SANS/GIAC Certification
- GIAC Certified Forensic Analyst
- GIAC Certified Forensic Analyst
A “Future-Proof” Career: Cybersecurity
Of course the future is always uncertain, and no career is 100 percent “future-proof.” Right now, however, cybersecurity may be as close as it comes. There’s no doubt that the need for cybersecurity skills is growing quickly. And these skills are likely to be in demand for years to come.
The good news is that educational institutions are taking notice of the skills gap. Cybersecurity-specific degree and certificate programs are increasingly available to help you move your career in this exciting direction.
If you think you might be interested in exploring a career in cybersecurity, taking a cybersecurity-related course might help give you a better idea of whether moving into cybersecurity might be the right choice for your career and your future.