Cyberattacks against enterprise networks are on the rise, and the bad guys, from solo actors all the way up to nation states, show no signs of easing up anytime soon. As the cost of a data breach keeps increasing, companies are spending more money on security, resulting in tons of unfilled security positions.
So, what are you waiting for? It’s time to put on that white hat, get certified and make the move into a high-paying security position. According to CyberSeek, an interactive online tool created by CompTIA through a federal grant from NIST, common feeder roles that lead into a career in security include networking, software development, systems engineer and financial and risk analysis.
Security breach statistics are staggering. In 2018 alone, A Marriott breach affected 500 million guests, at UnderArmor it was 150 million records, Quora exposed 100 million records, the genealogy site MyHeritage exposed 92 million records and the list goes on and on. There were a total of 1,232 breaches that we know of in 2018 and the number of compromised records was up 133 percent compared to 2017.
Vectorios2016 / Getty Images
The price tag of a security breach is also rising. The average cost of a data breach worldwide was $3.86 million in 2018, up 6.4 percent over the previous year, according to the Ponemon Institute. In the U.S., the average cost was far higher, at $7.9 million, which includes $4.2 million in lost business. It turns out that U.S. consumers take a particularly dim view of companies that fail to protect their data.
Shortage of security practitioners is getting worse
There is no question that security professionals are in demand. And there is also no question that we’re facing a severe shortage of security practitioners. ISACA, a non-profit information security advocacy group, says there is a shortfall of 2 million security professionals worldwide.
According to the ISACA’s State of Cybersecurity 2019 report, 69 percent of enterprise respondents say their cybersecurity teams are understaffed. “While the number of high-profile cyberattacks are on the ascent on one side, so are the number of cybersecurity vacancies going unfilled,” says Renju Varghese, Fellow & Chief Architect, CyberSecurity & GRC at HCL Technologies, which partnered with ISACA on the report.
Frank Downs, director of cybersecurity practices at ISACA, puts it this way: “The most prized hire within a cybersecurity organization is a skilled professional who not only understands the business operation and how cybersecurity fits into the greater needs of the organization, but also knows how to communicate well.” In the survey, 58 percent of respondents said their organizations have unfilled cybersecurity positions. And the survey results show a 6 percent increase, from 26 percent in 2017 to 32 percent in 2018, in organizations that took at least six months to fill open cybersecurity positions.
CyberSeek puts the total number of cybersecurity job openings in the U.S. at more than 300,000, with around 770,000 cybersecurity professionals employed in today's workforce. And the projections are that the number of openings could hit 500,000 in the U.S. and 3 million worldwide by 2021.
Certifications lead to high-salary positions
The way CyberSeek describes the security career ladder, employees start at entry level roles like security specialist or technician, security analyst or investigator, incident response analyst or IT auditor. Then they move into mid-level positions like security analyst, security consultant or penetration tester/vulnerability analyst. Advanced level positions include security manager/administrator, security engineer and security architect.
Compensation for these highly sought-after security positions follows the basic law of supply and demand, so the pay is excellent and there’s plenty of opportunity for advancement at your current place of employment or somewhere else. In fact, ISACA says that retention is major problem for most companies. “An overwhelming 82 percent indicate that most individuals leave their companies for another because of financial and career incentives such as higher salaries, bonuses and promotions,” according to the report.
In the Robert Half Technology Salary Guide 2019, positions like systems security administrator and network security administrator command salaries of between $93,000 up to $160,000; data security analysts can earn from $105,000 to $178,000 and security managers can expect a salary range from $116,000 to $200,000, depending on experience level and size of the company.
The hottest security-related certifications are certified ethical hacker (CEH), certified information systems security professional (CISSP) and global information assurance certification (GIAC), according to the Robert Half report.
For prospective security practitioners looking to optimize their certification dollars, CyberSeek has put together a listing of the most commonly held certifications and the number of job listings requesting that specific certification. The data shows that 173,000 people currently hold the entry-level CompTIA Security+ certification, but there are only 36,000 openings requesting that specific certification. On the other hand, there are 54,000 people that currently hold Global Information Assurance Certification (GIAC) and there are 36,000 job openings, which makes the odds more favorable.
The most sought-after certification is CISSP. There are 77,000 openings requesting CISSP certification and only 76,000 people currently hold the certification, which means your chances of landing a job are pretty high. And your job prospects are even better if you have a Certified Information Systems Auditor (CISA) certification, because there are only 33,000 people with the certification and there are 45,000 job listings seeking people with CISA certification.
Subscribers: Log in to Insider Pro to download our compilation of the top security certifications.