page loader

So You Want to Get in Cybersecurity?

Malik GirondinMalik Girondin 20/06/2024

In this article, we will explore the current state of cybersecurity and how aspiring students can land a role in this lucrative yet competitive field. We will also discuss the challenges for juniors who are making a career transition into cybersecurity, the struggles they face when trying to penetrate the industry, and how best to address these challenges.

The Opportunities in Cybersecurity

The rapid growth of the digital landscape in our daily lives is further making cybersecurity a critical profession to us all. Even if you are not in the field, per se, it is extremely important to understand basic practices like not sharing your password, and setting up MFA. This alone is not enough, we need specialists now!

(ISC)²—the world's largest nonprofit association of certified cybersecurity professionals—highlighted a significant shortfall in cybersecurity experts according to the 2023 Cybersecurity Workforce Study. The research reveals that the total cybersecurity workforce gap stands at around 4 million workers. This is where you come in.

Changing Perception and Current Events

Technology is continually evolving as are the risks faced by organizations. The (ISC)² study shows that organizations are now starting to realize that security is a necessity and not a luxury. Below are some of the key takeaways from the (ISC)² study:

  • The global cybersecurity workforce is estimated at 5.5 million, a 9% increase from 2022.
  • Despite this growth, there is a workforce gap of approximately 4 million professionals needed, a 13% increase from the previous year.
  • 67% of organizations report a shortage of cybersecurity staff, and 92% report skills gaps, particularly in cloud computing security, AI/ML, and Zero Trust implementation.
  • Economic pressures have led to layoffs, budget cuts, and hiring freezes. 47% of cybersecurity professionals have faced such cutbacks.
  • This has resulted in increased workloads, decreased job satisfaction, and concerns about the ability to respond to cyber incidents.

Pursuing Cybersecurity Certifications

Pursuing a certification in cybersecurity is a strategic move that benefits both the individual and the organization. It enhances career prospects, addresses critical skills gaps, keeps professionals current, and contributes to a stronger, more resilient cybersecurity posture. Seeing the importance, we recommend you check out the Paul Jerimy Security Certification Roadmap. This is a flow chart that contains cybersecurity certifications ranked from beginner to expert and split across multiple domains (e.g., blue team, red team, etc).

To read the chart, bottom-up generally works. But getting everything in a column would be asinine—or row for that matter. It’s a good reference on where certs are with each other, and if you want to progress in an area (domain).

This is a great chart to share with a recruiter, as it makes it extremely easy to explain to someone non-technical why asking for a CCNP in a junior-level role is usually a bad idea.

Certifications are an essential part of any career in information security. They’re also a good way for employers to identify potential hires for their cybersecurity position. Especially if you pursue certifications that include training, these are great ways to gain the skills, knowledge, and experience necessary to advance your career.

According to the CompTIA CyberSeek Flyer 2023, the demand for cybersecurity workers significantly outpaces the supply, with over 660,000 cybersecurity job postings by U.S. employers. Additionally, the cybersecurity job market has experienced a 30% year-over-year growth rate, which is 2.4 times faster than the overall job market. Obtaining a cybersecurity certification can help individuals stand out when applying for jobs or seeking promotion within an organization.

The (ISC)² study linked earlier displays the fact that hiring managers agree that certification is an indicator of an employee’s ability to perform their job. Here are some key points:

  • Hiring managers view certifications as a critical qualification, with 32% indicating that certifications have grown in importance over the past year.
  • There is an increase in job applications from technically experienced individuals with no prior cybersecurity experience. Hiring managers appreciate this trend and are adapting their hiring requirements to recruit more people from non-cybersecurity backgrounds, emphasizing certifications as a means to validate skills.

Keeping up with Changes

As mentioned before, 61% of cybersecurity professionals are primarily concerned by the potential risks of emerging technology (e.g., blockchain, AI, VR, quantum computing, etc.). We are in an age where things are moving rapidly. Are you willing to be in a field that is constantly changing? Are you willing to adapt to the present environment at that time? These are questions you should ask yourself as an aspiring professional.

Aside from Reddit, I use Feedly (pictured below). Feedly allows cybersecurity professionals and teams to follow a wide variety of trusted feeds all in one place, including websites and blogs. Below are some of my favorites:

A cybersecurity career can offer a range of benefits, including job security, high-earning potential, and the opportunity to constantly evolve in an exciting field. If you truly want to thrive, garner your certifications, up-skill using courses, and stay up-to-date with cyber news.

One last point on this topic, networking is extremely important! No, not TCP and UDP! Actual human-to-human communication is imperative to build effective networks. A strong network of connections can be just as effective as a new certification when trying to land a role in the industry.

Dr. Meg Jay, a Clinical Psychologist and an Associate Professor of Human Development at the University of Virginia who specializes in twentysomethings, highlights how important weak ties are for the job market. These are the best sources of employment. A large network of weak ties gives you the broadest reach and the greatest perspective within this competitive market of cybersecurity. Instead of spending “only” time with close friends, look into expanding your network with new individuals who might lead to fruitful relationships down the road.

The Honest Truth about a Career in Cybersecurity

Cybersecurity is a rapidly evolving field essential for protecting digital assets and sensitive information in an increasingly interconnected world. While it offers exciting challenges and opportunities, breaking into the industry often requires a solid foundation in IT basics such as networking, system administration, and helpdesk support—Feeder Roles as defined by CyberSeek. Real-world experience is invaluable, as it equips aspiring cybersecurity professionals with practical problem-solving skills that theoretical knowledge alone cannot provide. Entry-level positions in cybersecurity may not truly be "entry-level" in the traditional sense, often demanding prior experience in related IT roles.

Moreover, despite the allure and perceived glamour of cybersecurity careers, the field is demanding and requires continuous learning to stay ahead of emerging threats. Newcomers should be prepared for a steep learning curve and the need for patience and perseverance. Certifications and degrees are beneficial, but hands-on experience and a deep understanding of network and system operations are crucial for success. Aspiring professionals should aim to build a robust skill set by starting with foundational IT roles and gradually transitioning into specialized cybersecurity positions.

To further underscore the diverse nature of cybersecurity roles, it's important to recognize that the field encompasses a wide range of responsibilities beyond just technical expertise. Bobby Ford, Chief Security Officer at Hewlett Packard Enterprises, articulates this well:

'People think that cybersecurity is something that’s highly technical. Yes, some roles require deep technical expertise, but cybersecurity is a vast domain, and making an organization cyber-resilient also requires generalist roles that need a broader skillset.'

But wait, Malik! You said that cybersecurity is suffering from a lack of skills in key domains but professionals are saying they want broader skillsets. Yep, it gets quite confusing for applicants when they hear information like this.

This lack of clarity seeps into the behavior of recruiters, who often struggle to define the scope of the role individuals are being hired for, which adds to the challenge of attracting talent. In fact, cyber job descriptions are often poorly defined and tend to combine several roles into a single position, which discourages potential candidates from applying. We are all familiar with the ‘entry’ roles asking for 5 years of experience and CISSP. Recruiters and companies with these ridiculous postings are missing out on great talent by constructing these wishlists of job posts together. To use myself as an example, I come from the customer service industry (4 years in total). When I got my first Cybersecurity Job in 08/2022, I lacked a degree and IT experience but my employer was willing to chance on me due to my portfolio showcasing my passion and skills for the field.

Let’s get back to the issue. To expand the talent pool, the industry should promote clear requirements for roles, including job qualities and skills. There will also need to be greater flexibility in hiring that perhaps focuses on capabilities over certifications. Some students are not great takers so certifications might be a handicap for them. If they can demonstrate an interest in a killer portfolio, companies should emphasize that candidate and look into the importance of soft skills including effective communication, problem-solving, strategic thinking, and people management.

According to Trellix survey findings in 2022, recruitment programs that focus on the diversity of candidate backgrounds, not just on computer scientists, have a track record of success. I will tell you an interesting story: Joshua Beaman, the CEO and Lead Trainer at Security Blue Team told me in our weekly company virtual chat that he hired me for my insane energy. That fervent passion and drive in me was so contagious when we first spoke. Funny enough, it motivated everyone on the team to get on their grind again despite ending their shifts—seeing the UK team is 5 hours ahead of me, being a US resident.

Retaining Talent

As a Security Analyst intern at RingCentral back in the Fall of 2022. I noticed the topic of attrition was quite touchy within the cybersecurity chat I frequented. Attrition is the departure of employees from the organization for any reason (voluntary or involuntary), including resignation, termination, death, or retirement. The reason for this was the high burnout among cybersecurity professionals. Pressure and burnout are frequently listed as reasons why cybersecurity professionals leave their jobs. According to this article, 59% of cybersecurity laborers are suffering from burnout.

To improve retention, public and private organizations alike must make sure they manage the underlying factors that contribute to high attrition rates and provide incentives, including flexible work arrangements, as well as employee well-being solutions.

In Summary

Besides being an increasingly in-demand profession, a career in Cybersecurity is also highly rewarding financially. Cybersecurity professionals typically earn more than other tech jobs. With the need for Cybersecurity continuing to grow, it makes this one of the most promising and well-paid careers available today. Aspiring students are attracted to this fact but never take into consideration the work that is required to get and stay in the field. If students are aware of these facts mentioned above during their career transition, they will have a better outlook and insight on their respective journeys. It's key to remember that many factors come into play when it comes to gaining employment (e.g., level of experience; soft skills; where you live; resume quality; and more) within this lucrative and challenging field called cybersecurity. Knowing all this, ask yourself this: Do You Want to Get into Cybersecurity?

Be sure to keep an eye on the CySec Careers blog for more industry insights and top tips. Also, you can follow us on LinkedIn and X for updates! 

Malik Girondin

Malik Girondin

Malik has experience with both technical and educational roles within cybersecurity, and is here to share his knowledge on both! Areas he writes on are careers advice and mentorship.