Cybersecurity Jobs Report [Stats, Salaries, Insights, Infographic]
A special report from the University of San Diego’s Online Cybersecurity Master’s Degree program.
The ongoing cybercrime epidemic has triggered a cybersecurity call to arms, as organizations around the globe are looking for some 3.5 million skilled workers to help combat a $6 trillion problem.
The worldwide adoption of digital technology that empowers organizations to work faster and more efficiently than ever before has also brought greater vulnerability to high-tech attacks. A 21st century cybersecurity workforce has mobilized to confront this challenge, but the supply of workers still falls far short of the ever-growing demand.
Expert researchers at industry watchdog Cybersecurity Ventures predict that by 2021 there will be 3.5 million unfilled cybersecurity positions worldwide and the global cost of cybercrime will reach $6 trillion per year.
As private industry and government agencies alike scramble to secure their IT infrastructure and safeguard their data and information assets from highly skilled hackers, troubling headlines trumpet news of the latest big-name organization to get hit with a major security breach.
And with each new breach, the demand for talented cybersecurity professionals continues to grow, with fresh Help Wanted listings appearing each day for six-figure jobs at employers across all industries.
“Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic,” says Robert Herjavec, a founder and CEO of Herjavec Group and a panelist on ABC’s “Shark Tank.” The result is that hackers and cybercriminals sense blood in the water.
The well-documented cybersecurity workforce shortage represents both:
- A crisis (for the organizations that need to keep their systems secure), and
- An opportunity (for the in-demand cybersecurity professionals who perform this essential work)
Among the many statistics that help put that opportunity in perspective: The field of cybersecurity is currently experiencing zero percent unemployment.
This special report from the University of San Diego’s online cybersecurity master’s degree program offers a comprehensive review of the current state of the cybersecurity jobs market, as well as an eye-opening look at the overall industry landscape.
“Strong cybersecurity capabilities have become absolutely essential for all organizations today. Unfortunately, an industry-wide talent shortage is making it extremely hard for employers to find qualified professionals,” said Chuck Bane, academic director and professor of practice for the University of San Diego’s innovative, online or on campus Master of Science in Cyber Security Engineering. “The result is unprecedented opportunity for current and aspiring cybersecurity professionals to earn high salaries performing important and meaningful work.”
Want to jump ahead?
- Situation Critical: Cybersecurity by the Numbers
- Every IT Job is Now a Cybersecurity Job
- Cybersecurity Workforce Shortage: Crisis & Opportunity
- Help Wanted! Careers at Top Cybersecurity Employers
- Cybersecurity Jobs Open at All Levels of Government
- Is a Cybersecurity Career Right for You?
Situation Critical: Cybersecurity by the Numbers
Current status: Trillions of dollars at stake, billions of people affected and millions of highly skilled, well-paid professionals needed to take the fight to the hackers — all of this creating unprecedented career opportunities for current and aspiring cybersecurity professionals.
Another, more detailed projection regarding the cybersecurity worker shortage comes from (ISC)², the nonprofit International Information System Security Certification Consortium. The (ISC)² Cybersecurity Workforce Study reports that the global cybersecurity workforce gap has increased to more than 2.9 million.
The (ISC)² report also breaks down the worker gap by region and includes other significant findings:
- The Asia-Pacific region is experiencing the highest cybersecurity worker shortage at 2.14 million.
- North America has the next highest gap at 498,000.
- 63% of respondents report that their organizations have a shortage of IT staff dedicated to cybersecurity.
- 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
- 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months.
- 68% of respondents say they are either very or somewhat satisfied in their current job.
Cyberseek.org, another excellent resource for cybersecurity job seekers, offers an elaborate profile of the U.S. cybersecurity employment landscape, complete with an interactive supply-and-demand heat map and a Cybersecurity Career Pathway section that offers information and average salaries for such key cybersecurity jobs as:
- Cybersecurity analyst — $85,000
- Cybersecurity consultant — $100,000
- Penetration & vulnerability tester — $102,000
- Cybersecurity engineer — $108,000
- Cybersecurity manager/administrator — $115,000
- Cybersecurity architect — $129,000
The following statistics also contribute to a deeper understanding of the how cybercrime is impacting people and organizations:
- $3.92 million— Average cost of a data breach in 2019; highest cost by country was the U.S. at $8.19 million; highest cost by industry was health care at $6.45 million. [com]
- $1 trillion —Estimated total spending on cybersecurity products and services between 2017 and 2021. [com]
- $420,000— The upper end of the salary spectrum for a Chief Information Security Officer (CISO) in San Francisco (average: $240,000) [com]
- $200,000–$500,000 — Earning potential for top cybersecurity executives and elite bug bounty hunters [com]
- 60 million— Number of Americans affected by identity theft. com reports that victims suffered losses totaling $16.8 billion in 2017.
- $4 billion-plus— Total cost, to date, of the infamous data breach that hit consumer credit reporting agency Equifax in 2017, compromising the personal information of an estimated 143 million people. [com]
- 24,000— Number of malicious mobile apps that were blocked every day on Google Play during 2017, some of which are able to steal people’s personal information. [com]
[RELATED] Top Cybersecurity Threats in 2020 >>
Every IT Job is Now a Cybersecurity Job
The new reality, many experts agree, is that every technology job is now a cybersecurity job.
“Every IT position is also a cybersecurity position now,” Steve Morgan, founder and CEO of Cybersecurity Ventures and Cybercrime Magazine, says in an article for CSOonline.com. “Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people. If that is true, then the cybersecurity workforce shortage is even greater than what the numbers suggest.”
This concept connects to the idea that every company, every government agency, must now be intently focused on cybersecurity. Today, cybersecurity workers are needed across all areas of the economy.
By now, the list of data breach victims who’ve been hit by hackers reads like a Who’s Who of major corporations, governmental agencies, retailers, restaurant chains, universities, social media sites and more:
- The NSA, the IRS, the FBI, DoD and Homeland Security
- Facebook, LinkedIn, eBay, Reddit, Yahoo
- Macy’s, Saks Fifth Avenue, Lord & Taylor, Bloomingdale’s
- Panera, Arby’s, Whole Foods, Wendy’s
- Target, CVS, Home Depot, Best Buy
- Delta, British Airways, Orbitz
- Equifax, Citigroup, J.P. Morgan Chase
- The Democratic National Committee
- Adidas, Columbia Sportswear, Under Armour
- UC Berkeley, Penn State, Johns Hopkins
Today’s reality is that cybersecurity professionals are needed across all industries and at all levels of government. Here’s a quick look at some of the major categories of cybersecurity employment opportunities:
- Private industry: Companies of all types and sizes are paying top dollar for cybersecurity professionals with the right skills and experience.
- Government: From the U.S. Department of Homeland Security and nearly all other federal entities to state, county and local agencies.
- Law enforcement: In the era of ransomware, identity theft and other types of cybercrime, law enforcement agencies have been retooling to confront the ever-growing threat.
- Media: Reporting on cybercrime, cybersecurity and the cyber economy is now its own beat at major news and media outlets.
- Education: In addition to information security jobs at schools, colleges and universities; more and more institutions are launching cybersecurity degree programs, creating new opportunities for academic instructors.
- Cybersecurity insurance: The rise of cybercrime has prompted leading insurers to develop new products and policies, creating a need for tech-savvy insurance professionals. (See: “Cybersecurity Insurance: How the Insurers Are Combating the Hackers”)
- Software development: The companies that are now developing security tools and software are also an important part of the cybersecurity jobs landscape.
- Cybersecurity training: Since all organizations now need to train their employees to employ information security best practices, training firms are another potential avenue for job seekers.
- Consultants and freelancers: The world of cybersecurity offers fertile opportunity for highly skilled consultants freelancers such as penetration testers, bug bounty hunters and other independent consultants.
- Managed Security Service Providers: MSSPs are especially helpful for organizations that have limited IT resources and lack internal security expertise, as well as for large enterprises looking to outsource specific functions.
Cybersecurity Workforce Shortage: Crisis for Employers, Opportunity for Workers
Another factor complicating the cybersecurity staffing situation: The intense demand and competition for talent is causing high turnover in cybersecurity jobs. This means companies are having trouble retaining their existing talent AND skilled workers are getting contacted by recruiters, even when they are not actively looking.
For the companies and organizations that are struggling to stay ahead of the hackers, this higher-than-average job turnover represents an “existential threat,” according to Infosecurity Magazine.
But for workers, the report suggests, “cybersecurity skills are a sellers’ market, where experienced professionals can easily find lucrative offers to leave one employer for another.”
According to a comprehensive study conducted by the Information Systems Security Association and the Enterprise Strategy Group, an independent industry analyst firm: “Any employer that has tried to recruit cybersecurity talent in the recent past knows how big a challenge it is. The competition is fierce.” The research reveals that:
- 46% of cybersecurity professionals are contacted weekly by recruiters, regardless of whether they are actively looking for a job.
- 18% of cybersecurity professionals not seeking a new job receive contact daily from recruiters.
- Fortunately, 79% of survey respondents agree or strongly agree that they are happy as a cybersecurity professional.
Help Wanted! Careers at Top Cybersecurity Employers
A quick search for cybersecurity jobs at leading employment websites LinkedIn, Indeed.com and Monster.com reveals a wealth of openings across the country spanning all experience and seniority levels.
LinkedIn — 60,000-plus listings for opportunities ranging from an internship with Major League Baseball to a senior cyber security engineer at NASA’s Jet Propulsion Laboratory, including:
- Cybersecurity Officer
- Cybersecurity Infrastructure Manager
- Lead Cybersecurity Engineer
- Cybersecurity Analyst
- Cybersecurity Manager
- Director, Cybersecurity
- Vice President, Information and Cybersecurity
- Product Marketing Manager – Cybersecurity
- VP, Cybersecurity Architecture
- Cybersecurity SME with Security Clearance
- Cybersecurity News Writer
- Cloud Cybersecurity Analyst
- Cybersecurity Developer
- Lead Cybersecurity Threat Hunter
- Cybersecurity Forensics Professional
- Program Manager – Cybersecurity
- Cybersecurity Consultant
- Cybersecurity Specialist
- Director of Cybersecurity
- Cybersecurity Incident Response Manager
Indeed.com — 22,000-plus listings (over half of them paying an estimated salary over $100,000) for opportunities ranging from a “cyber ninja” at Axis Technologies to a cyber exploitation officer for the CIA. Additional job titles include:
- IS Security Engineer/Tester
- Chief Information Security Officer (CISO)
- Technical Security Engineer
- Penetration Tester
- Inside Sales Rep – Cybersecurity
- Info/Cybersecurity Specialist, Research Lead
- Entry Level Security Analyst – Accenture
- Network Security Engineer
- Associate Security Consultant
- Security Sales Engineer
- Security Operations Center (SOC) Engineer
- Network Security Administrator
- Cybersecurity Automation Engineer
- Cybersecurity Research Analyst, Technical
- Info Security Analyst 1
- Forensic Analyst
Monster.com — 43,000-plus listings with many additional job titles not listed above. Notable opportunities here include:
- Cybersecurity Analyst at the Naval Nuclear Laboratory (Niskayuna, NY)
- Lead Cybersecurity Attack & Penetration Tester at Pfizer (Groton, Conn.)
- Senior Cybersecurity Analyst at Honeywell (Kansas City, Mo.)
- Cybersecurity Sales Engineer II at ADT Security (Greensboro, NC)
- Principal Cyber Network Security Analyst at Northrop Grumman (Arlington, Vir.)
- Cybersecurity Business Risk Analyst at Randstad Technologies (Sacramento, Calif.)
- Senior Cybersecurity Vulnerability Specialist at Health Care Service Corp. (Chicago)
It’s no secret that top companies across all industries are continually on the lookout for cybersecurity talent. According to a recent check of multiple employment websites:
- The National Football League is seeking an Incident Response Manager for its cybersecurity team (15 yards for unsportsmanlike hacking?).
- Nike is fielding a team of talented players, including openings for a Director of Attack Surface Management, a Senior Information Security Engineer and a Director of Application Security Consulting (salary: $200k-$250k per year).
- McDonald’s is beefing up its information security capabilities with openings for an Information Security Engineer, a Cybersecurity Service Manager and an IT Risk Management and Security Awareness specialist.
- The financial stakes are high at Goldman Sachs, whose Careers page recently sought a Senior Cyber Threat Analyst and a Senior Data Security Engineer for its Security Incident Response Team.
- Founded in 1636, Harvard University faces no shortage of 21st century security risks. Recent help wanted posts included Information Security Analysts as well as an Associate Chief Information Security Officer.
- Facebook users may “like” the fact that the social media goliath is always adding talent to its Security Team “to protect the security of over two billion people using Facebook.” Recent postings included an Application Security Engineer and Cyber Threat Investigations Manager.
You’ve heard of the Fortune 500. Well, Cybersecurity Ventures compiles an annual Cybersecurity 500 of “the world’s hottest and most innovative cybersecurity companies to watch.”
Its breakdown of company headquarters by region included:
- 126 in Silicon Valley (including 31 in San Francisco)
- 72 in the Northeast (30 in New York and 10 in Boston)
- 67 in Europe (30 in the United Kingdom)
- 49 in the Washington, D.C., area
- 42 in Israel (world’s No. 2 exporter of cybersecurity technology)
- 19 in Asia-Pacific (6 in China)
- 19 in Southern California (5 in San Diego)
The Careers pages of these companies provide another informative window into the cybersecurity job market. Here’s a look at recent listing from several select companies on the Cybersecurity 500 list:
ACCENTURE (New York)
Accenture Security, a division of this multinational professional services company, “helps organizations prepare, protect, detect, respond and recover along all points of the security lifecycle.” Careers: Recent positions advertised include an Entry Level Security Analyst, a Cyber Solutions Architect and an Industrial Control Systems Security Manager. (Their pitch to job seekers: “Innovate security solutions by working with the sector’s brightest, using the coolest tech to out-hack the hackers and help clients build resilience from within.”)
AMAZON WEB SERVICES (Seattle)
The leading provider of cloud computing services, this Amazon subsidiary delivers on-demand cloud computing platforms to individuals, companies and governments. Careers: Dozens of cybersecurity jobs at physical and virtual locations in the U.S. and internationally, including Senior Security Transformation Consultants, Cyber Threat Intelligence Analysts and Security Data Scientists.
BUGCROWD (San Francisco)
Bugcrowd works with enterprise organizations to manage their bug bounty, vulnerability disclosure and next-gen penetration test programs. Careers: “We’re always interested in hearing from people who want to improve the security of the internet.” On its homepage Bugcrowd invites white-hat hackers to “Hack With Us.”
HACKER ONE (San Francisco)
Started by hackers and security leaders driven by a passion to make the internet safer, HackerOne describes its platform as “the industry standard for hacker-powered security” and says, “We partner with the global hacker community to surface the most relevant security issues of our customers before they can be exploited by criminals.” Careers: In addition to several openings for security analysts, HackerOne invites skilled specialists to “Join the world’s largest hacker community.”
GOOGLE (Mountain View, Calif.)
- Information Security Engineer
- Security Engineer, Infrastructure Protection
- Security Engineer, Cloud Threat Detection
- Software Engineer, Security
- Lead Security Engineer, Product Security, Nest
- Enterprise Network Security Architect
- Incident Response Manager
- Data Center Security Manager
- Global Threat Analyst, YouTube
HERJAVEC GROUP (Toronto)
Founded in 2003 by high-profile IT entrepreneur Robert Herjavec, the firm provides cybersecurity products and services to enterprise organizations, with a particular focus on complex, multi-technology environments. Careers: Positions listed include a Security Systems Engineer and a Senior Security Consultant.
MICROSOFT (Redmond, Wash.)
A leading provider of cybersecurity services for companies and governments, Microsoft claims to employ “over 3,500 global security experts.” Careers: Recent listings included Cybersecurity Cloud Solution Architect, Support Engineer – Azure Cybersecurity and Cloud Investigations Consultant, as well as Cybersecurity Internship Opportunities for Students.
THREATQUOTIENT (Reston, Vir.)
ThreatQuotient’s mission is to improve the efficiency and effectiveness of security operations through a threat-centric platform by integrating an organization’s existing processes and technologies into a single security architecture. Through automation, prioritization and visualization, ThreatQuotient’s solutions reduce noise and highlight top priority threats to provide greater focus and decision support for limited resources. Careers: Recent listings include a Security Operations Engineer job in their Maryland office.
TRIPWIRE (Portland, Ore.)
Tripwire “partners with Fortune 500 enterprises, industrial organizations and government agencies to protect the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments.” Its blog, The State of Security, serves as a respected industry information resource. Careers: There are dozens of jobs with Tripwire and parent company Belden, including developers, software engineers, sales specialists and more.
WHITEHAT SECURITY (Santa Clara, Calif.)
WhiteHat describes itself as a leader in application security, enabling businesses to protect critical data, ensure compliance and manage risk. Its WhiteHat Sentinel application security platform “combines automation, artificial intelligence technology and human intelligence to deliver complete application security at a scale and accuracy unmatched in the industry.” Careers: Dozens of positions listed, including many openings with the company’s Threat Research Center (in Houston and Belfast, Ireland).
Cybersecurity Jobs Open at All Levels of Government
Of course, private enterprises are not the only entities at risk. Government agencies — federal, state, county, local — all must be vigilant about cybersecurity these days.
The Department of Homeland Security and other federal agencies definitely have their virtual hands full when it comes to defending U.S. infrastructure and information assets against a wide range of threats. Of course, this is true at the state and local level as well.
With annual spending in the tens of billions of dollars, the federal government is continually ramping up its cybersecurity mission, which is spread across more than 100 agencies, each responsible for their own security. Proof of their vulnerability is the fact that many have been hit with high-profile data breaches, from the IRS and the FBI to the National Security Agency and the Department of Homeland Security.
Uncle Sam is actively recruiting skilled cybersecurity professionals to combat “rogue hackers, criminal organizations and nation-states,” according to a DHS cybersecurity recruitment video.
The DHS and other federal agencies post listings for government cybersecurity positions at USAJOBS.com. A recent review found jobs at agencies ranging from the Federal Aviation Administration to the Small Business Administration, as well as the U.S. Legislature, the Department of Defense and each branch of the U.S. military.
The need is so strong that the federal government is even providing incentives that include scholarships for undergraduate and graduate students pursuing cybersecurity related degrees.
Is a Cybersecurity Career Right for You?
The fast-growing field of cybersecurity offers “something for everybody” — engineers, coders and programmers, network architects, gamers(!), admins, analysts, communication specialists, forensic specialists, operations and leadership, and a wide range of IT career changers.
A career in cybersecurity also comes with personal and professional satisfaction, because the work is challenging and stimulating, important and meaningful, and essential to the safety and vitality of our increasingly digital world.
For those looking to position themselves for success in cybersecurity, the most common pathways for bringing yourself up to speed on the latest cybersecurity tools, trends, practices and protocols while developing essential knowledge and expertise are:
- Industry certifications
- Advanced degree programs
“Part of our role in helping to train current and future generations of cybersecurity professionals is to conduct research and collaborate with key industry stakeholders to ensure that our curriculum is cutting edge and that our training aligns with the workplace needs of employers,” said Bane, a retired naval officer whose experience includes collaboration on cybersecurity projects with the Department of Homeland Security, the NSA and the DoD.
Bane acknowledges that not all cybersecurity jobs require a master’s degree (for example: cyberseek.org reports that some 15% of cybersecurity consultant positions require a graduate degree). However, he asserts that the benefits of earning a master’s degree are considerable:
- You’ll develop sought-after industry leadership skills
- Valuable networking opportunities are built in
- Your job security is practically guaranteed (since the field is experiencing a zero percent unemployment rate)
- And perhaps most important, your earning potential increases significantly
Bane noted that the profile of a successful job applicant typically includes on-the-job experience, a certification, a master’s degree or all of the above — and, perhaps most important, a passion for continued learning in this fast-changing field.
“Technology is moving so fast that just because you go and get a certification or get a degree doesn’t mean you are done. You can’t be stagnant,” he said. “You have to stay up to date and stay current with it; keep learning, especially within your area of expertise.”
All things considered, cybersecurity professionals are the 21st century guardians of digital assets, intellectual property, personal privacy, government infrastructure and untold trillions of dollars.
And, as organizations across the globe race to keep up with the ever-present threat, the dramatic need for highly skilled professionals only promises to keep expanding.
Dept. of Homeland Security