There has never been a better time to have a career in IT security. That's because the demand for IT security people of all skill levels continues to skyrocket and, what's more, it shows no sign of coming back down to more moderate levels.
Last year there was an estimated global cybersecurity staffing shortage of three million people, and that has now grown to over four million, according to research by ISC2. Put another way, the global IT security workforce needs to grow by almost 150%, according to the research. That means there will be plenty of jobs, and plenty of opportunities to switch to more interesting, more specialized, or simply better paid roles for those with the right mix of skills and experience.
The corollary of this massive staff shortage is that there is strong upward pressure on salaries for IT security roles, with those roles with the biggest supply gaps seeing the biggest raises. This is being borne out in the real word: IT security jobs are seeing average salary increases of 7%, compared to just 3% for software developers, according to a Robert Walters salary survey. Anecdotal evidence suggests that the most senior IT security roles are seeing salary inflation of as much as 12%.
Cylance just released a 44-page report that provides detailed salary profiles for five popular security positions: Security Analyst, Threat Intelligence Specialist, Security\Cloud Security Architect, Penetration Tester and Security Director\Manager. The report looks at location (North American jobs tend to pay more than elsewhere), degrees (they don't improve salary), industry (banking and finance pay the best), experience (quality counts more than experience) and gender (a significant shortage of women), among other issues.
In-demand security positions
When it comes to specific roles that are in demand, it's worth bearing in mind that these can change rapidly due to evolving circumstances. However, the roles currently in high demand include:
- App security engineer
- Cyber security consultant
- Data protection officer
- Chief security officer
- Security analyst
- Security engineer
- Security architect
- Security and penetration testing expert
Certifications in high demand
One way for candidates to be sure of getting an IT security job at the top end of the pay scale is to hold the most in-demand security certifications. The certifications where demand is likely to outstrip supply the most in 2020 include:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
That's not to say that people who lack the skills and experience for these roles will struggle to find any IT security job, according to Graeme Enfields, an IT recruitment consultant at Henry Nicholas. "It's not always about specific skills. Many companies will get one or two higher-level IT security experts in the door, and then recruit graduates and teach them," he says.
Most companies would like graduates to have studied a relevant course but few specify a particular qualification. Among those that do, the most commonly specified qualifications are CREST penetration testing and ethical hacking ones, he adds.
Best places to get an IT security job in 2020
According to Cyberseek, there are a handful of U.S. states where IT security skills are particularly in demand and will remain so next year, and these include:
- New York
- North Carolina
At a local level the IT security skills demand hotspots are more geographically dispersed, with notably high demand in areas that include:
- Salt Lake City
- Colorado Springs
What will AI mean for the IT security job market?
The use of artificial intelligence (AI) in IT security is likely to explode over the next few years: 69% of SMEs are planning to use it in some security role or another in the next five years, according to research carried out by Senseon.
The important question to ask, then, is what effect will AI have on the job market? Which roles will be threatened, and which ones will see demand increasing?
According to the Ponemon Institute, the most common applications of AI in IT security are the automation of malware analysis, threat detection, and log analysis, with automated response to threats also becoming increasingly common. Ponemon found that 79% of IT departments already use automation to some extent or plan to do so within the next three years.
The obvious conclusion is that jobs relating to these activities will be directly threatened by AI and automation, but the truth is likely to be somewhat different, according to Larry Ponemon, the Ponemon Institute's chairman and founder.
"Contrary to the popular belief that the rise of automation will threaten the job market, organizations now feel these technologies will help ease the current strain on resources, and offer the potential to promote job security for highly skilled staff while strengthening cyber security defenses" he said in a recent Ponemon Institute report.
Many companies have plans for strengthening their security postures, but when senior staffers are busy working on the front line of security reacting to incidents they have little time to implement these plans. AI and automation will increasingly allow these staffers the time to think about the big picture and evolve the security stance of their organizations.
There will also be an increasing need in 2020 for security experts who can manage, govern and integrate these AI-driven security systems.
What about DevSecOps?
DevSecOps will continue to flourish in 2020, and that means that developers with security expertise will be in high demand. But the demand for security experts with developer skills is also increasing, as organizations look at automating their security systems.
That means that anyone with existing DevSecOps experience will be in high demand, and specific language skills will also be sought after as script-based security processes proliferate. Particular language skills that will make it easy to walk in to an IT security job in 2020 include:
- C and C++
Best areas to specialize
Regardless of how the economy develops in 2020, security jobs in certain specific industries and fields will be in particular demand. Here are some of the safest bets:
Critical infrastructure: Protecting critical infrastructure from cyber attacks is a matter of national security as well corporate security, so companies in critical infrastructure industries will continue to boost their defenses against criminals and government-sponsored hackers. Critical infrastructure industries, as defined by the Department of Homeland Security, include chemicals, communications, energy, financial services, and twelve other industries.
Industries subject to complex regulations: Compliance with regulations such as the Payment Card Industry (PCI) regulations and the Health Insurance Portability and Accountability Act (HIPAA) mean that security jobs in industries related to these regulations will be plentiful.
Risk management: All IT security activities are exercises in risk management to a greater or lesser degree, but some of the less glamorous ones are often overlooked - yet vital nonetheless. Valmiki Mukherjee, chairman of the Cyber Future Foundation, told CNBC that people with skills such as translating specific risks in dollar terms or business needs, or anticipating trends in regulatory affairs, will be ones where demand outstrips supply in 2020.
IoT security: The Internet of Things continues to proliferate at a prodigious rate. Thanks to the introduction of 5G wireless services, which are due to be rolled out throughout 2020, richer and more valuable data will be collected by IoT sensors. This data will be an increasingly tempting target to criminals, so IoT security skills will be particularly sought after.
Blockchain skills: Although still in its infancy, the use of blockchain technology for security purposes is just starting to become a reality. One of the first commercially available applications of the technology is in self-sovereign identity systems, but other applications are likely to follow in 2020. That means that anyone with blockchain skills will be well positioned to find employment in a security-related project in the next 12 months.
What all of this adds up to is another bumper year for the IT security job market in 2020, with vacancies for recent graduates and experienced practitioners plentiful and salaries increasing. Since cybersecurity threats show no sign of going away there will be strong demand for "boots on the ground" in the IT security job space and plenty of job security for many years to come.