The Perpetual Demand for Cybersecurity Professionals
In case anybody needed reminding, there’s a critical personnel shortage in the field of cybersecurity. For people who might be able to fill such jobs, the current conundrum offers quite an opportunity. A recent article in Forbes magazine underscores the nuts-and-bolts requirements of securing such a career.
The Forbes team's take is best understood in light of the 2021 Cybint Survey, which predicts that there will be 3.5 million such job openings by 2025. To give you a sense of how things are going, there were 1 million unfilled cybersecurity jobs in 2014. Just over a decade on, that number supposedly jumps to 3.5 million.
It seems like a huge change, but according to one compound annual growth calculator, that’s "merely" a 12.5 percent growth rate.
What's Involved in Climbing onto the Cybersecurity Bandwagon?
Aside from the obvious — direct, relevant, hand-on work experience in the field — would-be cybersecurity pros have a lot options to consider in terms of upping their game in this area. The Forbes story, as you might expect, mentions three primary avenues to garner credibility and consideration as a cybersecurity analyst nowadays:
Earn a degree: Quoting a 2020 (ISC)² survey of cybersecurity careerists, half of those who responded also report "holding computer and information science degrees." Among this somewhat self-selecting population (I have to believe that those responding to such a survey are more likely than the general population to attend college), 40 percent had bachelor’s degrees in cybersecurity, and one-third had master’s degrees in the same field. (Eight percent had PhD’s vis-à-vis 1 percent of the overall U.S. population, which kind of proves my point about self-selection). The story does observe that "some employers may require only a two-year degree if you also have extensive experience and/or professional certifications." I agree.
Gain Experience: In fact, nothing beats relevant, hands-on, cybersecurity work experience. That goes double for those seeking to climb the career ladder, who are coming out of tech support, helpdesk, and other traditional entry-level routes into more senior-level IT positions. In fact, at least one-third of helpdesk trouble tickets are password related, according to numerous sources. Over time, IT pros whose prior experience includes a security component can narrow their focus to concentrate in this area. The more such exposure and experience they’ve obtained — and can document, or credibly discuss in an interview situation — the better positioned for a cybersecurity transition they’ll be.
Obtain Certification: I’m of the persuasion that a current cybersecurity cert is MORE valuable than a degree in the same field that’s five years old or older. The field keeps advancing and its skills and knowledge bases turn over so rapidly that current certs (usually no more than 2 or 3 years old) have great value. Indeed, much as cybersecurity skills and knowledge are evergreen, so also are many well-recognized certs in this field, including the (ISC)² CISSP, but also various Comptia (Security+, CySA+, and more), ISACA (CISA, CISM, etc.), EC-Council (CEH, CSA, CPTP, and so forth), and GIAC credentials, among many others.
The Most Potent Combination: Degree + Relevant Certs
Even though there’s been plenty of chatter lately that certification works well in lieu of a degree, most employers still look for a combination of degree(s) and certifications (definitely in the plural, especially for cybersecurity pros). A college degree speaks to one’s ability to stick with a learning program long and well enough to garner a sheepskin.
Even better, for those who have degrees in computer-related fields, it redounds to their benefit in chasing IT positions. But current, relevant IT certs speak more directly these days to job-related skills and knowledge, particularly for cybersecurity job roles where specific concepts, systems, tools and platforms are in everyday use.
What Ifs and Buts
For those seeking entry-level cybersecurity work, the CompTIA trinity of A+, Network+ and Security+ remains a potent combination to establish ready-to-work status. In the same vein, various other entry-level security certs may be helpful, in line with their sponsoring organization’s name recognition and perceived value.
From there, security starts to specialize and narrow. This is where credentials from (ISC)², ISACA, EC-Council, GIAC, and others, really start to come into play. Ditto for security platforms from industry players such as Cisco, Dell, Palo Alto Networks, Check Point, and others of that ilk.
All of these organizations offer cybersecurity training and certifications that can help current and aspiring get into the field, and start climbing a dizzying array of potential career ladders. The important thing is to establish and maintain basic security understanding and capabilities, to build a marketable set of skill and knowledge to take to work.
From there, it’s up to you to choose a direction and find your way into the kind of niches and career ladders that will carry you into the coming decades. One thing’s for sure: You’ll never lack for opportunity in the cybersecurity field, and you’ll be able to choose from a surfeit of options for current and future employment.