The escalating number of data breaches and threats like ransomware has created a mad dash for information security help. Organizations are scrambling to fill jobs and to compete for top talent, and scores of positions go unfilled for months.
One would think that this kind of job-market frenzy creates big appeal for a person just entering college or considering a career. Especially since information security is one of the few fields where people get snatched up as soon as they walk out with their certificate or diploma (and often, long before.)
Yet there’s hardly an influx of newly-minted security professionals eager to flex their freshly acquired white-hat skills. The shortage of infosec workers is expected to grow — reaching 1.8 million by 2022, according to research by Frost & Sullivan. And there is not enough incoming talent to help narrow the gap.
Since there’s no danger of this field becoming oversaturated with practitioners in the foreseeable future, pursuing a career in information security is a smart move. The job security should help every parent of a high-school grad sleep better at night.
For those mulling over new career choices, information security could also provide the next step. This is one of the rare interdisciplinary fields you can enter from various other backgrounds, including business and even liberal arts.
On the fence on whether this is a promising and stable career? Consider the following reasons that make this field enticing.
Top Ten Reasons to Pursue a Career in InfoSec
Job Prospects Are Excellent
Digital transformation, the Internet of Things, cloud computing, big data — these growing trends are colliding to create a major challenge for organizations. As massive amounts of data are collected, shared and stored, every business becomes vulnerable to having the crown jewels exposed — whether that’s personally identifiable information (PII), intellectual property or other sensitive data.
Since there’s no shortage of thieves after those crown jewels, organizations of all sizes are trying to protect themselves the best they can. Additionally, the more mature ones are moving beyond prevention to proactively detect and predict threats. That’s where information security professionals come in. These experts are the connected world’s equivalent of knights in the shining armor, and every industry needs them.
A variety of professions currently have a talent crunch, but not many will see job growth as robust as information security.
Currently, CyberSeek (a project by the National Initiative for Cybersecurity Education) estimates the national supply-to-demand ratio for cybersecurity workers at 2.5, compared to 6.5 for all jobs. As the cloud, IoT, big data and other trends grow, the black hats will find new ways to take advantage of weaknesses — which means the jobs for the white hats will continue to grow.
Technology such as machine learning and automation will help solve some of the problems organizations face in protecting their data and infrastructure, but humans will not be replaced any time soon.
There’s Lots of Entry-Level Work
One of the entry-level jobs that many people land, information security analyst, is practically guaranteed to keep you employed. The U.S. Bureau of Labor Statistics (BLS) ranks it No. 16 out of the fastest-growing occupations across all industries.
The salary, employment rate and job growth propelled infosec analyst to the spot of second-best technology job of 2018, according to the U.S. News & World Report rankings.
Based on salary, the BLS projects that demand for infosec analysts will grow 28 percent in a 10-year span through 2026. Compare that to the 7 percent average job growth for all careers and it’s starting to sound better and better.
The Upward Mobility Is Good Too
If you have a knack for managing and aren’t afraid to polish your communication and people skills, you’ll find good prospects for climbing the ladder. Sure, you’ll have to pay your dues — years of working in the field, getting all the right certifications (and there are many) — but the good news is that the demand is growing for senior roles as much as it is for front-line specialists.
Consider this: Some regulatory bodies, like the New York Financial Services, are already requiring organizations to designate a chief information security officer for overseeing and implementing a cybersecurity program and for enforcing policies. Many industry experts view this groundbreaking rule as a flagship others will follow.
According to a survey by The Enterprise Strategy Group (ESG), CISOs are more likely to leave their job for better compensation or for an organization that emphasizes a culture of security. As the average CISO tenure is only two to four years, organizations are constantly headhunting.
The Pay Is Far from Modest
Payscale.com estimates that the entry-level salary for an information security analyst is in the $49,188-$92,293 range, with a median of $65,605. BLS estimates the median annual wage for this job is $95,510 (for all career levels), with 10 percent earning $153,090 or more.
That’s just one of the dozens of specialties — and plenty of the infosec specialties pay north of $100,000. For example, a 2018 salary report from Mondo shows network security engineers earning a high of $172,500 and an application security engineer reaching a high of $182,500. While you’re not going to command top dollar when starting out, you’ll likely be earning more than many of your peers in other professions.
While the salary often depends on geography and the employer’s sector, Infosecurity Magazine estimates that infosec salaries overall will grow 7 percent this year. That’s more than double compared to all occupations across the United States, and a comfortable clip if you consider the 2.4 percent inflation rate forecast for 2018 by Kiplinger.
The Job Is Highly Portable
Perhaps surprisingly to some, the area that employs the highest concentration of security talent is Washington, D.C. — which makes sense, since it takes a small army to protect the government’s data. The demand for this job is good across the country, both on the East Coast and West Coast. You may even be able to work remotely, if you’re dreaming of the life of a digital nomad.
It’s Not Just for Nerds
Many people think of hackers (ethical or otherwise) as real-life versions of Elliot Alderson — the nerdy, antisocial recluses as portrayed in the TV show “Mr. Robot.” But many infosec professionals never touch a line of code or configure a server.
Just like in the medical field, information security has numerous specializations. The roles branch out from ethical hacking and digital forensics into risk management and governance. You need technical savvy for all of them, of course, but you can succeed in this career even if you enter from a field outside of IT.
Gib Sorebo, chief cybersecurity technologist at cybersecurity-risk company Leidos, says that some of the best incident investigators and penetration testers come from outside of a STEM background, because they can “anticipate human failings as well as computer vulnerabilities and are often more comfortable thinking in shades of gray rather than black and white.” As he explains on the RSA Conference blog (see Sources), failure to secure networks comes from the failure to understand people rather than technology. Those with backgrounds in the humanities and other fields excel at understanding how people behave.
In senior roles, the ability to lead and manage is even more important than technical savvy. In the ESG survey, 52 percent of the 343 respondents said leadership was the most important quality for a successful CISO, with communication skills as No. 2. Technical acumen was only No. 7 on the list.
Ethical Hacking Training – Resources (InfoSec)
Work in Any Sector
If you grew up dreaming of some other kind of cool career like making movies, flying into space or saving polar bears, you can still contribute to those fields or many others by working in information security. With a few other exceptions, like lawyers, accountants (and perhaps movie stars), not many other careers can lead to jobs in practically any sector.
You may not be setting foot in a rocket or on a movie set, but you can still be a highly valuable part of the team by protecting data and other assets for the organizations doing that work.
You’ll Always Be Learning Something New
Love to constantly learn new things? You’ll be doing that constantly in this job. Because the ecosystem is changing all the time and new technologies are emerging, the jobs will evolve with it and your skills will need to adapt.
You’ll be Doing Something Good
The salary is a perk in itself, but many people are attracted to this profession because they feel they are doing something for the greater good. Expect this idea to get traction as the sector learns how to better position itself; industry leaders are working hard to show new generations what a positive impact they can make in this job.
Besides protecting organizations, information security professionals are the ones who help protect critical infrastructure as well as the privacy of the everyday consumer. If you’ve always wanted to be in a respectable and valuable profession, this one fits the bill.
Get a Highly Satisfying and Interesting Job
The ISG survey found that 40 percent of the cybersecurity professionals said they were very satisfied with their jobs and 48 percent were somewhat satisfied. Besides compensation, factors contributing to high job satisfaction included incentives for career advancement and the business management’s commitment to cybersecurity.
If you want a career where you’re helping others, learning and growing, information security is a job you can impress your friends with. And if you love solving puzzles and problems, and enjoy a good challenge, the job will always be interesting. As Mark Nunnikhoven, head of cloud research at Trend Micro, puts it, “it’s a career you’ll never be bored with.”
Cybersecurity Supply and Demand Heat Map, CyberSeek
10 Best Technology Jobs of 2018, U.S. News & World Report
Entry-Level Information Security Analyst, PayScale
Cybersecurity Salaries to Increase 7% in 2018, Infosecurity
Why Study Cybersecurity?, RSA Conference