Cybersecurity Career Trends
Frederick Scholl, Ph.D., Cybersecurity Program Director, Quinnipiac University
March 19, 2019
Three new articles 1,2,3 on this topic prompted me to summarize the reported trends. I will highlight the underlying demand for cybersecurity professionals, today’s most desirable skills and compensation.
First of all, what is driving demand for new cybersecurity professionals? Cyber Seek is reporting 313,735 job openings today 4. In general we are witnessing an unprecedented digitization of everything. Cyber risks are multiplying proportionally. The Internet of Things (IoT) will be presenting more and more challenges. This includes everything from smart toasters and smart homes to smart cars. The security challenge is how to “patch” these systems when security vulnerabilities are found. On a larger scale, smart cities will gradually come into play as digital technology is added to community services such as transportation, infrastructure, safety, health and governance. E-commerce, which started with Netscape in 1995, is now growing at 15% per year and today comprises 14.3% of retail sales. At this rate of growth, by 2033 all sales will be online!
Overlying these tech trends are regulatory requirements. The EU implemented GDPR (General Data Protection Regulation) in 2018; industries now face huge privacy fines if they lose customer information. It is likely the US will follow with some type of national privacy legislation. The negative effects of social media reverberate globally after today’s disastrous shooting in New Zealand. It is clear that new regulations will be imposed on the social media giants. Security professionals are the ones in the trenches between the lawyers, business leaders and the technology implementors.
In fact, the 2019 ISACA job survey states that the greatest security skills needed are technical proficiency with business acumen. “Technically proficient cybersecurity professionals continue to be in short supply and difficult to find.” Hiring managers I have spoken with say that they are looking for individuals who have deep technical knowledge in at least one area but understand the system implications of security changes they make. The largest percentage of unfilled security jobs today is represented by technical positions. Additionally, 75% of organizations surveyed see an increase in demand for these skills in 2019.
At the same time, my view is that there are now significant opportunities for career changers, with valuable business or military background and training. The survey results list technical proficiency AND business acumen. With the right technical aptitude and motivation, individuals with business or military background have the potential to help close the skills gap in the next few years. One of the most desirable “soft skills” for security professionals is a proven track record of business integrity.
What are the expected pay ranges for the technical positions highlighted in the ISACA report? According to the WSJ article cybersecurity salaries average:
|Job Title||Average Salary (Nationwide)|
These positions are non-executive roles, requiring strong technical expertise. The architect is responsible for the technology design of the organization’s security controls and would report to the CISO (Chief Information Security Officer). The security engineer is responsible for planning and implementing those controls while the security analyst focuses on monitoring performance and security. The risk analyst should look at how well the controls are meeting business needs. In fact, all the jobs below security architect are sometimes called “security analyst.” The prospective employee must ask questions to figure out exactly what such a position entails.
QU’s new MS Cybersecurity is focusing on training technically proficient security defenders that are also business savvy. We do this with a broad, hands on 30 credit hour curriculum planned and taught by top business and security professionals. For more information go to QU’s online programs.
1“Recent and Emerging Trends in Cybersecurity for Economic and Business Development,” Camoin Associates, February 20, 2019.
2“State of Cybersecurity 2019”, www.isaca.org.
3“The Hot, Lucrative Market in IT Security Talent”, Wall Street Journal, February 21, 2019.