While you were looking for ways to boost your career and sidestepping arguments about politics at work, many major companies spent last year looking for ways to deal with data breaches.
Between Yahoo’s loss of more than a billion users’ data and the denial of service (DDoS) attacks that affected internet giants like Netflix and Twitter (and left you unable to binge or tweet for a bit), hackers were popping up in the headlines all over the place.
And these breaches bring heavy costs. Data security research firm the Ponemon Institute says the average cost of cyber crimes for U.S. companies was more than $17M in 2016.
So it’s no wonder that employers of all sizes are scrambling to find cybersecurity and risk management talent. If you’re an engineer or IT professional with the right skills, this is a massive opportunity. Not quite there yet? Here’s what you need to know.
Can You Handle a Hack Attack?
Demand for people with the tech talent to handle these kind of breaches is soaring—it’s likely to grow by 53% in 2018, reports Stanford’s Peninsula Press.
“These people can’t get hired fast enough,” says Max Yago, an enterprise account executive at IT security and management firm Tanium whose work across a variety of industries has given him unique insight into the cybersecurity roles that major companies are racing to fill. And some of the most in-demand talent, he shares, are Millennials.
“A friend of mine got hired right out of school and worked her way up the ranks extremely quickly. She’s now global head of security for a Fortune 2000 company, and she’s two or three years out of school,” Yago explains. “I can’t think of another industry where there’s that much room for growth today.”
The rush on cybersecurity talent, he adds, is reminiscent of the cloud computing boom a few years ago—though cybersecurity is an even bigger challenge with even greater demand. As IBM’s CEO Ginni Rometty recently told attendees at the IBM Security Summit, “…cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.” After all, every company with a digital footprint, no matter how large or small, is a potential target for hacking.
Another reason for the increased demand? Regulation. This year, the New York State Department of Financial Services adopted the first ever Cybersecurity regulation. And employers are looking for professionals to help them understand and implement it across their company.
Get Your Skills in Check
So, what expertise do you need to counter a threat this large? Information Week’s Kelly Sheridan says some standout skills include:
Intrusion detection: Locating where and how your software, hardware, or network was compromised
Risk mitigation: Tracking known risks, identifying new risks, and keeping tabs on these throughout the software development process
Secure software development: Ensuring that software is developed with security in mind, e.g., ensuring that the source code doesn’t have flaws which would make it vulnerable to attack
Data privacy: Finding the balance between the collection and dissemination of data, the public expectation of privacy, and the legal and issues surrounding this
Data loss prevention: Making sure employees don't send sensitive or confidential information outside of the corporate network
Incident response: Managing the aftermath of a security breach or attack by handling the situation in a way that limits damange and cost
And regardless of your role, Yago stressed that anyone in a cybersecurity position should be prepared to educate their colleagues (and maybe even their superiors) on best practices.
If a move into the cybersecurity field feels right for you, the savviest play is to get the most in-demand skills ahead of time. While you may be able to translate your existing tech experience or learn on the job, it’s also worth considering the most in-demand certifications, like CompTIA Security+, CEH (Certified Ethical Hacker), and CISSP (Certified Information Systems Security Professional), all of which can give your salary a major boost.
Show Me the Money
So once you’ve gained the skills, how much do these gigs actually pay? As it turns out, the answer is “a lot.”
Yago noted that the roles of chief technology security officer (CTSO) and chief information security officer (CISO) are quickly emerging as must-have positions within major companies—and are roles for which many companies are willing to pay top dollar. Forbes recently reported that salaries for CISOs in major markets can reach $380,000 a year. Other positions, like director of security and lead software security engineer routinely command salaries north of $200K.
Of course, you won’t start out at the top. But salaries for even entry-level cybersecurity pros are more than competitive. According to Indeed.com, entry- to mid-level positions like Information Security Analyst and Intelligence Analyst average out at about $85,000 per year. Meanwhile, the average salary for more specialized positions like Network Security Engineer and IT Security Specialist is just shy of $110,000.
The market for cybersecurity talent is on fire, and every headline-worthy breach will fan the flames. If you’re an IT professional who’s pondering a pivot, cybersecurity should be at the top of your list. But if you don’t have the skills yet, don’t worry. Demand for these roles isn’t going anywhere any time soon.