Although the detrimental effects can be felt on a global scale, the current pandemic has significantly disrupted the U.S. economy and workforce. Unemployment rates have spiked and were recently the highest on record since the Great Depression, fluctuating between 13% and 14% over the past few months. With so many people currently unemployed or underemployed, securing new job opportunities is more competitive than ever before. However, a glimmer of hope can be found within the cybersecurity community, which has been largely immune to the current economic climate and workforce struggles.
Demand for cybersecurity professionals remains high
It's no secret that the demand for skilled cybersecurity professionals has skyrocketed in recent years. With the growing logistical uncertainty and new cybersecurity challenges that a largely remote workforce has urgently presented, security pros were deemed as "essential" out of pure necessity and for fear of increased cyber attacks, and rightfully so.
Threats such as ransomware, phishing and malware are adapting to the remote environment faster than the employees can adapt to their new normal. Recent FBI estimates have shown a nearly 400% increase in cyber attacks over the last few months and Google also reported that it blocked nearly 18 million malware and phishing emails over the span of a week. In response, almost every industry and business has placed a greater emphasis on improving security postures, requiring the support of more individuals who have even baseline cybersecurity knowledge.
As the demand for talent increases, the supply of potential employees has also risen dramatically. Given the dramatic unemployment rates, there are motivational factors at play for people to consider cybersecurity career opportunities. For example, potential security talent is stemming from traditional IT departments. Those previously holding positions in IT have been reading the writing on the wall as IT roles and responsibilities continue to merge into the realm of security. But this is just a fraction of the percentage of the population that was laid off, furloughed or had their hours cut, not to mention the numerous high school and college students who are now home for the summer without traditional summer jobs to fill.
With newly allotted free time, many people now have the flexibility and time to look into online training options as they search for new opportunities. I know I can personally speak to seeing a major surge of new members and active users at Cybrary. Recent news surrounding the Estée Lauder, Marriott and easyJet breaches, among countless others, have also helped generate awareness and interest for cybersecurity as a career path.
With new challenges comes new opportunities
Regarding the student population, the pandemic has accelerated the adoption of alternatives to traditional learning and higher education. Many high schools and universities shifted to online courses as they finished the 2020 school year, but the cybersecurity industry has been using this approach for years.
Although a traditional four-year college education offers many benefits, it's simply not the right fit for many job seekers right now, especially if they are financially strained. Plus, most entry-level and lower tier cybersecurity jobs do not require it. In fact, you can learn the necessary skills to acquire certifications for these positions through online learning providers. These non-traditional options often don't have as many barriers to entry. Due to the nature of the profession and the need to stay up to date on the latest trends, the cybersecurity industry has a long and storied history of giving back to its community and providing open-source resources.
A balancing act for companies
So how do the short-term opportunities compare to the long-term needs across cybersecurity? As for the short-term, the uptick in interest for entry level jobs will continue as more potential employees get their feet wet in the industry. However, the mid-to-senior level positions might be difficult to fill immediately. If in a secure job, it's unlikely experienced professionals will transition out of their role given the current economic uncertainty. Also, those in senior level positions and other cybersecurity "superstars" will have much more autonomy within their company, as C-suite executives will need to rely on them heavily.
As for the long-term, this "new normal" of remote work and borderless networks will become the employment standard. Younger and smaller companies can likely offer more flexibility but might be unable to offer job scalability like they used to. Whereas large enterprises can likely offer better resources and incentives but it will be more difficult to get in the door.
Advice for job seekers
Most importantly, how can the supply of cybersecurity professionals keep up with the growing industry demand? The organization (ISC)² estimates that the industry is more than 4 million professionals short. For those actively looking for a new opportunity, applying to open positions may feel like a full-time job in itself. Because lower level opportunities will be flooded with applicants, the need to stand out from the crowd is of the utmost importance. Although specific knowledge of tools such as Splunk and Java is nice, employers and hiring managers are often looking for applicants who can convey a core understanding of the threats and topics that the industry is coping with right now. Specific tools are much easier to learn on an as-needed basis, and not all companies have the same preferences.
Displaying self-sufficiency is also important now, more than ever. With an increased remote workforce, supervisors aren't able to regularly check in on their direct reports. Also, it's not sustainable for teams to be on a Zoom or WebEx video conference all day to upskill team members, so employees should be willing and able to learn new skills on their own. Lastly, hiring managers appreciate honesty. Don't try to hide weaknesses, especially because they're easy to discover and cybersecurity is a humbling industry. Be upfront about what you do or don't know because employers are looking for people who are willing to fit the role and learn new things.
As for those already in the industry, never stop learning and teaching others. Considering that cyber attackers have the same, if not more, free time, the odds they will rapidly evolve and find new vulnerabilities remain extremely high. Constant reminders to other security team members as well as non-security savvy coworkers to stay educated on the latest cyberthreats and lures can go a long way.
Regardless of the serious challenges that businesses and the job market are currently facing, cybersecurity career opportunities will only continue to grow and be sought after by up-and-coming talent. Therefore, it's more important than ever to stay educated, stay motivated and stay secure.
Jonathan Meyers is the head of IT and a principal infrastructure engineer at Cybrary. He is responsible for designing, maintaining and securing all corporate infrastructure including their security enablement platform supporting over 200 companies and 2.5 million users worldwide. He previously worked as a senior DevOps and senior operations engineer at Forcepoint (formally RedOwl Analytics) where he oversaw the operations and deployment of its hosted and on-premises UEBA e-surveillance product. Jonathan holds an information technology degree from The U.S. Military Academy at West Point.