This week, October 18-23, is Cybersecurity Career Awareness Week! At CyberSN, we’re using this week to help open up the conversation around the broken career and hiring system within the cybersecurity industry. A huge part of improving cybersecurity hiring and bringing attention to cyber careers is making sure that professionals in the industry, and those who are looking to join it, have access to comprehensive, easy-to-use career planning tools.Planning your career path
However, the industry is relatively new and constantly evolving, so planning a cybersecurity career path can be a challenge The increase in frequency and complexity of cyber threats has forced cybersecurity organizations to change their business offerings and their teams regularly. Consequently, many jobs, such as DevSecOps and Cloud Security roles, simply did not exist ten years ago, so we have little data about common next career moves.
There is also very little common language used across roles and job descriptions in cybersecurity. Organizations often use vague titles that merge several roles, either because the detail of what’s needed for the role is unclear, or, faced with a severe talent shortage, they’re looking for one person to cover multiple roles. The industry also suffers from a lack of succession planning, insufficient budgets, and overtaxed teams due to its tight labor market; cybersecurity job postings now account for 20% of IT job postings, up 18% from 2020.
A lack of career planning resources means that many highly-specialized cybersecurity professionals have no information about careers they can pivot to, what training they need to progress, and how they can navigate career transitions or hybrid roles.
CyberSN enables all cybersecurity professionals to plan their career path efficiently and easily in our Career Center. At CyberSN, we address the lack of language standardization with our exclusive Job Taxonomy of 45 defined cybersecurity roles. All 45 roles are featured in our Career Center, mapped into a variety of career paths by our team of cyber and recruitment experts. For example, a Security Analyst can move on to become a Cloud Security Engineer, who can then pursue a Cybersecurity Project Manager role.
Our Career Center also specifies the average salary to expect from each role and how this salary will increase, enabling cyber professionals to truly know their worth and plan their salary negotiation points. CyberSN identifies the best certifications and training courses to pursue for each role, providing the clarification that cyber staff need to embark on new pursuits and feel comfortable at work.
Only by developing a clear cyber career plan can professionals figure out the areas of expertise they’re lacking in, the experience they require, and their eventual career and life goals.
This year’s NIST Cybersecurity Career Awareness Week is calling attention to the contributions to society that cybersecurity professionals make, and the innovations they produce. The three goals of Cybersecurity Career Awareness Week align closely with our own: to inspire, engage, and inform society on cybersecurity careers, to demystify cybersecurity careers, and to develop a highly skilled and diverse workforce.
We’re encouraging everyone to participate in Cybersecurity Career Awareness Week and the CyberSN team are here to help with any mentoring opportunities, certification guidance, DEI support, or career planning.
You can visit the NIST website for more information on getting involved in Cybersecurity Career Awareness Week, or get in touch with CyberSN for more information on our cybersecurity career resources.
Visit our Career Center and explore the career pathing tool for yourself.
In this blog - the third in our series addressing the cybersecurity career and hiring crisis - we introduce the CyberSN marketplace, the one-stop destination for all cybersecurity career and staffing needs. To learn more about the cybersecurity career crisis and how to solve it, check out our previous blogs.
At CyberSN we recognize that both individuals and organizations need to be matched with the roles and professionals that best fit them, which is why we’ve developed a brand new solution. The CyberSN Marketplace unites confidential public profiles and organizations looking to hire cybersecurity professionals under one platform, providing them with no-cost access to the jobs, tools, information, and professional connections they need.
In the Career Center, professionals create a confidential public profile rather than just uploading a resume, with their critical task and project experience as the main focus. Employers can then find them without the need for any individual to share their identity on a public platform. This allows professionals to connect with their choice of best-fit jobs without fear of reprisal or unconscious hiring biases, helping to promote diversity and inclusive behaviors within the hiring process.
Using their confidential public profiles, professionals can search and apply to jobs on the CyberSN platform, share jobs with their network, and ultimately let jobs apply to them. Employers are able to source individuals based on the unique task and project information in their job description, giving them the opportunity to reach out even to passive job seekers.
As well as increasing the chances of finding a best-fit job, the CyberSN profile is an effective way of assessing: skills to develop, past projects worked on, and potential training opportunities. Professionals can streamline their career development by using their profile for performance reviews, mapping which certifications they require, and negotiating salary increases. By empowering individuals to know their worth, CyberSN profiles give professionals more control over their career development.
The CyberSN Career Center also allows professionals to browse CyberSN’s exclusive Job Taxonomy consisting of ten job categories and 45 functional cybersecurity roles, from executive management to analyst and everything in between. By using this Job Taxonomy, we provide easily searchable access to every cybersecurity job currently posted in the United States (at date of publication, this number was over 65,000 postings), streamlining the job search process for the professional. Our taxonomy also provides us with a common language of role titles to be used across the platform, allowing us to effectively match professionals with roles and streamline communications.
The CyberSN Marketplace enhances CyberSN’s established agency staffing services. From our free job description builder to our full-service staffing offerings, our Hiring Center provides a better way to find and retain the right professionals for every role.
Tailored toward SEO and applicant tracking systems, our free job description builder uses the same common language as our CyberSN professionals’ profiles, categorized within our 10 role categories and 45 functionals roles to ensure quick and easy matching. Organizations can either create and export job descriptions for free or engage with CyberSN’s pool of engaged professionals by posting their jobs to our Marketplace. Professional profiles are then matched to the job based on the tasks and projects that they have completed and those that the role requires.
Our Hiring Center is one of the only providers of comparable cybersecurity salary information, offering up-to-date data that helps organizations understand the market, craft better job descriptions, and communicate successfully with new hires. Certification mapping and career pathing provides the professional development tools needed to carry out annual reviews with existing staff and identify skills gaps within teams. By leveraging the Hiring Center’s resources, organizations are equipped to hire staff that love their job, improving retention and inspiring long-term changes to company culture.
The CyberSN Provider Exchange, part of our Marketplace, offers a directory of relevant training, products, and event resources for both cyber professionals and organizations. Products and services featured on the Provider Exchange range from diversity & inclusion solutions to hands-on training, penetration testing, professional services organizations, and more. Our entire community of cybersecurity professionals and organizations can access CyberSN’s Provider Exchange for free, making it a go-to catalog for any and all cybersecurity career needs.
Joining the Provider Exchange puts your products and services in front of our ecosystem of engaged cybersecurity professionals, allowing us to come together in support of the industry with the resources required to collectively achieve success. You can find more information on joining the provider exchange here.
The crown jewel of the new CyberSN Marketplace is the cybersecurity industry’s first ‘Deep Job Platform’. Our platform goes beyond simple job listings, providing products and features that complement all posted jobs and speak the language of cybersecurity. The platform organizes our 66,000+ jobs and 28,000+ professional profiles based on tasks and projects, classifying them into the ten job categories and 45 functional cybersecurity roles that make up our Job Taxonomy.
As well as making our jobs easily searchable and understandable, using the common language of our Job Taxonomy means that communication is smoother and more accessible. This is particularly important within cybersecurity, as it is a complex and ever-changing field. The CyberSN platform matches professionals to jobs based on their confidential public profile, so individuals are matched to roles based on what really matters - their task and project experience - and nothing else.
Our Marketplace is now the go-to network for jobs, career expertise, and resources for the cybersecurity industry. We see the cybersecurity hiring crisis as a matter of national security and consider it our mission to fix the broken job searching system that exists today.
With the launch of the Marketplace, CyberSN is providing all the tools and connections that are needed for any type of cyber professional to Pwn Their Career and for hiring firms to build their teams fast and to last. This means matching individuals with organizations effectively, ultimately boosting career satisfaction and improving employee retention.
We’re facing a cybersecurity career crisis. Cybersecurity professionals are feeling underutilized, underheard, and overworked, with resumes and job descriptions lacking the information professionals need to find jobs and fill roles successfully. Following on from the challenges outlined in our last blog, how can we eliminate settling within the cybersecurity industry and ensure that both individuals and organizations are matched with their best fit?
By using a standardized taxonomy of roles and job functions within cybersecurity, we can make sure that job descriptions and profiles, (aka resumes), are understood across the board. With a shared understanding of role names and their relation to one another, one can easily browse and search for the jobs or cyber professionals they need. By focusing on tasks and projects, professionals can easily deduce what is expected of them from our job descriptions. This also allows hiring teams to effectively communicate the industry experience needed for new hires, saving them time and money in the process.
As a result of using a common language and standardized role descriptions, 53% of professionals that were placed by CyberSN over the past 4.5 years are still working for the same company. This means that CyberSN candidates are staying far longer in their roles than the national average. Within the federal government, 27% of all cybersecurity staff hired over the past five years left within a year.
When matching professionals with roles based on tasks and projects alone, we don’t need to know personal information like gender, age, or race. By creating and using confidential public profiles, professionals can find and be found by jobs that match based purely on their unique experience, eliminating unconscious biases and fear of reprisal. When these profiles use a common language that makes sense to the employer, job seekers can effectively communicate the value of their experience and what they have to offer, giving them an effective tool for evaluations and salary reviews.
Existing job boards and public social networks lack the resources that cybersecurity professionals really need. Cybersecurity professionals are empowered to know their worth and plan their next move thanks to CyberSN’s salary information, career pathing, and certification planning, available in our Career Center. Employers are able to use these resources to educate their hiring teams, improve their job descriptions, and find matches fast.
By using a common language to describe job responsibilities, and with access to confidential public profile creation and unified career resources, cybersecurity professionals are equipped to Pwn Their Career. This means professionals can find jobs that truly fit their criteria while having access to the career support they need. This sets professionals up for a career where they are judged on their merit, not their personal information.
Equally, organizations and hiring teams can build teams faster and to last, resulting in retention that far surpasses industry averages. In an era of individualism, coming together to understand and communicate our worth and seek education on diversity, inclusion, and emotional intelligence is the only way to achieve workplace happiness and personal success, while addressing our national cybersecurity crisis.
Once we realized this at CyberSN, we knew we had to design a new system. This meant developing a brand new, dedicated resource that provides no-cost access to the resources that a cybersecurity professional needs to Pwn Their Career. The CyberSN Marketplace is now the cybersecurity industry’s first ‘deep’ job platform. Between self-service options in the Marketplace, and full-service staffing offerings, CyberSN is now the premier one-stop-destination for all cybersecurity career and staffing needs.
Find out more about the brand new CyberSN marketplace with a breakdown of the key features in our next blog.
As we get into the swing of 2021, we thought it would be pertinent to dig in a little bit and figure out what the top cybersecurity jobs are in the current industry landscape that can lead to a prosperous cybersecurity career. As we all well know, cybersecurity careers are very much on the rise as the demand for skilled cybersecurity professionals continues to outpace the available workforce. This is a strange reality, and with it comes the potential for great opportunity.
Today, there are over 521,600 open cybersecurity jobs nationwide. You read that correctly. Over a half-million available positions… For those already working as a cybersecurity professional, the opportunity for job advancement has never been better. The question is, what is the best line from point A to point B as it relates to your success in a cybersecurity career?
To help facilitate that answer, CyberSN has uncovered the top five cybersecurity jobs in 2021 that are both in-demand and present a great path for a highly-successful career in cybersecurity. As you read on, we will detail the top jobs in the cybersecurity marketplace and where they can take you as your cybersecurity career moves forward.
Open Nationwide Jobs: 18,400+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses. See CrowdStrike for more information.
Currently, there are over 18,000 Threat Hunter jobs open in the US alone. As more and more systems and businesses become fully digital, the potential for security flaws increases. These systems, both in the private sector and public sector, need skilled Threat Hunters to uncover threats and monitor adversary techniques to avoid data breaches and successful attacks.
Cyber Threat Hunters can expect to advance their careers through a number of paths, many becoming Cybersecurity Engineers creating frameworks to solve for the latest security threats. Others will move past the engineering stage into leadership roles such as Information Security Managers, Information Security Officers, or even a Chief Information Security Officers (CISO).
Open Nationwide Jobs: 57,100+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
A Cloud Security Analyst has detailed knowledge of common security threats, security controls, and associated technologies and practices related to securing cloud platforms, cloud services, and associated IT resources based on typical cloud technologies. They monitor and maintain existing cloud security environments, security performance, security testing, and setup.
Cloud Security Analysts generally feature educational backgrounds such as a bachelor’s degree in IT, computer science, or a related field. Previous work experience in computer science and network security systems provides job seekers with the best opportunity to obtain this role. Employers are often looking for 2-4 years of applicable experience in a similar cybersecurity working environment.
Currently, there are in excess of 57,000 Cloud Security Analyst jobs available throughout the United States. Given the times, many organizations have either made the switch, or are in the process of making the switch to a more comprehensive cloud based environment for their core business operations.
A Cloud Security Analyst is a great position to advance your career in cybersecurity with further growth opportunities. Cloud Security Analysts can expect to advance their careers through a number of paths which offer broader security reporting and threat monitoring. Others will move past the engineering stage into leadership roles such as Security Directors and, Chief Information Security Officers (CISO).
Open Nationwide Jobs: 6,200+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
A DevSecOps engineer has involvement in and appreciation of every stage in the software project lifecycle, from initial design and build to rollout and maintenance. In a continuous integration/continuous delivery (CI/CD) environment. DevSecOps engineers are responsible for securing software deployment, identifying security threats, and the configuration of network infrastructure. DevSecOps engineers must have some knowledge in network protocols like HTTP, DNS, and FTP. They also need to know how to implement threat intelligence and risk assessment techniques and be up to date with the latest security best practices. Previous work experience in computer science and network security systems provides job seekers with the best opportunity to obtain this role.
There are currently over 6,000 DevSecOps Engineer positions open in the United States. Companies with a solid foundation of preventative thinking are employing more DevSecOps Engineers to help assess cybersecurity risk at the beginning stages of launching cyber based initiatives rather than implementing a solution and addressing system threats as they happen.
A DevSecOps Engineer position can move rather quickly through the cybersecurity career ranks and might expect to further their career by becoming an Application Security Engineer who works to combat cybersecurity threats pre and post system initiation. From that post, one can expect to move further up into a role such as a Security Director or Security Product Manager.
Open Nationwide Jobs: 1,100+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
From the BMC Blogs: a SecOps engineer is a security professional who is responsible for securing and protecting network systems, applications, and data. In short, a SecOps engineer supports enterprise security operations. SecOps engineers help to design and build all of these different computer networks and put tools into place to secure and protect them. These systems typically require regular maintenance, so SecOps engineers must update, tuning and return operations issues arise. Security engineers are also responsible for deploying new security software and hardware.
There are currently over 1,100 vacancies for applicable SecOps Engineer positions throughout the country. This number is likely one that will continue to grow due in part to the number of different applications organizations are designing and integrating to fulfill unique mission tasks. Thus, there will be an increased interest in having a cybersecurity professional like an SecOps Engineer to “own” these vital application environments and protect them from threats.
A SecOps Engineer can expect to experience cybersecurity career growth by taking the next step and becoming the organization’s pointed Security Engineer who would oversee the tasks and goals of an applicable team. From there, it’s realistic to expect to become a Security Director or Security Product Manager down the line.
Open Nationwide Jobs: 29,000+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
From Cybrary: A Security Engineer is tasked with the role of protecting the networks and computer systems of a company from any security threats or attacks. A Security Engineer is responsible for establishing and implementing security solutions that can defend a company and its networking assets. This can be accomplished through a variety of ways. Just a few of the essential duties of a Security Engineer include: establishing security standards and best practices that an organization should follow, evaluating an organization’s systems, networks, and data to determine what types of security protocols are necessary, developing proper security measures to meet an organization’s needs, implementing security controls to protect an organization’s infrastructure and digital files, monitoring and upgrading security measures as necessary, and responding to any security breaches or intrusions that may occur
At this moment there are in excess of 29,000 open Security Engineer positions. This is an area that is ripe with opportunity as businesses everywhere move to employ Security Engineers with the skills necessary to design and maintain stout cybersecurity architectures that facilitate business operations without fear of costly data breaches. System Engineers will often be employed to manage and oversee a team of cybersecurity professionals to see to it that the overall digital architecture is armed and operating effectively to diffuse disruption.
As a Security Engineer, you can expect in due time to have a great shot at becoming a Security Director who would oversee the cybersecurity efforts of an organization.
We’ll end this conversation the same way we started it… There’s A LOT of opportunity in the cybersecurity marketplace right now. With over 521,600 open cybersecurity jobs nationwide, there’s no shortage of positions to be had, and if you’re a cyber professional your path to continued or bolstered success in advancing your cybersecurity career is yours to choose. On the flipside, if you’re a hiring manager looking to solicit the help of a qualified cybersecurity professional, you likely already know that the competition is fierce, so consider your pitch, and put some time and energy into making sure it’s worth the pursuit. If you need help, we’re here for you. Programs like CyberSN’s KnowMore platform offer tools and templates to build job descriptions specifically targeted toward people in the cybersecurity industry for free.
We talk to a lot of people who want to know how to make their next career move. People are looking for not just better pay, they are looking for opportunities for professional development, better work-life balance, and permanent remote offices. Covid-19 has brought some changes to the workplace and the way we interview for jobs, but one thing remains the same—there is still a shortage of qualified cybersecurity professionals.
Here, we’ll talk about advancing your cybersecurity career, whether you are looking for work or are thinking about changing companies, and ways to find a job you’ll love.
With many roles and responsibilities in the cybersecurity field, there are numerous ways for someone in infosec to work their way from entry-level to a more advanced cyber career. For example, starting as an IT auditor or security analyst can give you the experience needed as a penetration tester. From there, roles like security architect and security engineer can take you on to a management role like information security manager.
As you consider your cybersecurity career pathway, it certainly helps to understand the skills and certifications that will position you for advancement into these roles. But, almost as important is understanding where you want to go and what kind of role you want to play.
Talk to the people on your team, and within the cybersecurity industry, about how they got to where they are. Did they start on the help desk? Did they focus on honing specific skills? What are the attributes they consider valuable to advancement? This knowledge will not only show you what to do to land the role you want, but also help you discern which jobs provide the most opportunity for career advancement.
Unfortunately, the economic downturn brought about by Covid-19 has led to downsizing in all industries, even vital roles in cybersecurity. That’s the position Stefan Rajaram, now a global information security assurance analyst at Crane Co., found himself in earlier this year.
“The roles that are out there right now are mainly senior roles and required a lot more years of experience than I already had,” said Rajaram in an interview with CyberSN Founder and CEO Deidre Diamond.
Instead of fixating only on the job hunt itself, Rajaram said he treated getting a new job like a job, spending eight hours a day applying to positions, and also doing online training and advancing his skills. As a pen tester, he focused on red teaming, a skill he later heard from a recruiter was a must for a position he was applying for.
Hear more of what Rajaram learned during his job hunt here
Opportunities for advancement often present themselves when you’ve already got a job, sometimes when you weren’t even looking. Chad Fame started his job hunt when he was approached by a CyberSN recruiter. Although he had been approached by a recruiter before and found that job was not a good fit, the option presented by CyberSN “was a good opportunity to explore.”
“I was coming from a place where I had a job, I was comfortable, I knew where everything was,” he told Diamond. “Coming in to look for a new job, or interview for one, is kind of daunting.”
Among the things to consider is whether the company where Fame was interviewing would be doing well six months down the road. He said if a company is putting the effort into hiring now, “they have the work that needs to be done now and in the future.” However, he still wanted to ask the right questions about where the company was going, including if there were cuts planned.
Asking the hiring manager the right questions is especially important during today’s job climate to ensure the move will be the right fit, including whether the team can remain fully remote, if there is opportunity for training and mentoring, and availability for other benefits that can drive a cybersecurity career in the right direction.
Getting to this stage of career development for Fame was the result of working in a number of different industries, including legal, pharmaceutical, and healthcare. Fame said he gained cybersecurity experience by working on audits and compliance. From there he moved into risk management. Having a variety of experience can give cyber professionals more options when seeking the next opportunity, and helps when negotiating compensations with a new employer during the hiring process.
When leaving his old position, Fame told Diamond he got a counter offer from his previous employer and that anyone looking should be prepared for that conversation too. Companies want to retain their talent and could offer you what you’re looking for if they’re at risk of losing you.
Hear more about Fame’s interviewing experience >> “Career Advancement During Covid”
With career advancement comes increased challenges and responsibility, but also greater compensation. Diamond said in the “Career Advancement During Covid” interview that cybersecurity professionals should be ready to negotiate.
“Compensation is more than just salary,” said Diamond. “When you’re in the conversation of salary, make sure you’re in the conversation of total compensation at the same time.”
Salaries may differ depending on the company’s compensation structure, including bonuses, stock options, benefit plans, vacation time, how often you have to be in the office, the cost of living in that region, and many other factors. Once an offer has been made, professionals should evaluate the opportunity based on the whole package.
“It is ok to keep talking if you don’t have what you want,” she said.
Even with some uncertainty in the job market, there are still many opportunities at leading companies, and it’s clear that organizations are willing to negotiate to get the right person for the position. Building your skills, knowing your worth, and having a great resume to show it off can help any cyber pro make the next move in his or her cybersecurity career.