Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers.
According to research by IBM Corp. and the Ponemon Institute, the average security breach cost reached $4.88 million in 2024 — 10% more than the previous year and the highest average ever. It’s no wonder that qualified IT security staff are high on the recruitment lists of corporations.
Indeed, research firm IDC projects that spending on security products will continue at a double-digit growth pace for the next five years.
Meanwhile, according to non-profit trade association CompTIA’s Cyberseek tool, nearly half a million cybersecurity jobs were open between May 2023 and April 2024 in the U.S., with cybersecurity employment growing almost three times, or 267% the national growth rate.
In-Demand Cybersecurity Skills
While emerging technologies place new knowledge demands on cybersecurity professionals, there are evergreen skills that are in demand among data security experts. The job search site Indeed.com lists the following general skills as being most attractive to employers looking for security personnel.
- Networking and system administration: Security professionals must instinctively understand network and system concepts.
- Programming languages: Being a competent coder increases your attractiveness as a cybersecurity asset. Have a basic level of competence in a few of the following: C and its descendants, PHP, HTML, Java, Python, and, especially for database-intensive operations, SQL.
- Cloud computing: Computing infrastructure in a cloud environment — private or hosted — is becoming the norm, not the exception. Knowledge of cloud systems architecture and how it interacts with various devices is invaluable.
- Blockchain: Developed primarily for cryptocurrency applications and maligned for manipulating those markets, blockchain can be a valuable security tool, as its universe of connected nodes is almost impossible to corrupt or destroy.
- Communication skills: All the security knowledge in the world is useless if you can’t pass on information about policies, strategies, vulnerabilities, and security posture to other system users, from upper and executive management to sales and data entry clerks.
- Artificial intelligence: While AI has hit the mainstream mainly in the generative space in the last couple of years, artificial intelligence has a long pedigree in its component sciences like predictive analytics, natural language processing, and the like.
Artificial intelligence can process interactions orders of magnitude faster than wetware admins and can detect trends associated with vulnerabilities and exploits.
Security Certifications
According to CompTIA, while 53% of companies are looking to hire new IT security staff, even more (56%) are looking to fill those vacancies from within. Offering training and certification programs to promote existing security staff or move line-of-business staff into info security positions is in the cards for 42% of companies.
There are good reasons to pursue these certifications. There is a clear impact on the career path, according to a study by Fortinet: 84% of tech leaders have certifications themselves, and 91% prefer to hire candidates with certifications. Certification employees report speeding up their career paths (55%) and higher salaries (47%).
Over 90% of security leaders will pay for employee certification to complete the win-win.
CompTIA and other professional organizations offer several certifications for security professionals, promoting a variety of career paths.
- CompTIA: CompTIA’s Security+ designation is the bread-and-butter of security certificates. It is generalized and entry-level, but it demonstrates a core level of competency that can be a building block of almost any career in cybersecurity, whether in administration, engineering, or development.
- GIAC: Global Information Assurance Certification also offers an entry-level certificate in the form of the Security Essentials Certification (GSEC), which is designed specifically for workers with IT experience who want to move into the security field.
- EC-Council: The International Council of E-Commerce Consultants, or EC-Council, offers several certifications for different career paths but is best known for its white-hat hacking program. It’s obviously a step to penetration testing, but it’s also helpful for architect, engineer, and analyst jobs.
- ISACA: The Information Audit Systems Audit and Control Association is a members-only group offering some designations, including Certified Information Systems Auditor (CISA).
- (ISC)2: This organization offers free self-paced training for a limited time but is more recognized for its high-end Certified Information Systems Security Professional (CISSP) designation, acknowledging your ability to design and monitor a secure system environment, qualifying holders for engineering and executive infosec positions.
9 Cybersecurity Jobs To Consider
According to (IC)2’s 2024 Cybersecurity Workforce Study, the cybersecurity workforce is a seller’s market. The study pegs the worldwide active cybersecurity workforce at 5.5 million; there is a demand for roughly 10.2 million workers.
And the gap is growing: While the cybersecurity workforce grew by only 0.1% year-over-year in 2024, demand grew by 8.1%. The trend looks to continue. The U.S., United Kingdom, Germany, Canada, and Mexico reported net losses in their cybersecurity workforce sizes.
Job titles differ from organization to organization. The following titles are fairly generic, and salary information comes from several sources (listed in parentheses).
Security Engineer
Security engineers build secure systems. They install technologies like firewalls and intrusion detection, keep software up to date, enforce security standards, and choose protocols and best practices. They’re also responsible for disaster recovery plans.
Specific duties vary according to specialty — network, application, and, increasingly, cloud security engineer. (Salary: $130,000 to $200,000, Mondo.com)
Security Analyst
Analysts have a broad scope of responsibilities, some of which, like installing and maintaining security software, could overlap with those of security engineers. Meanwhile, they’re also analyzing systems to isolate vulnerabilities, investigating data breaches, and developing best practices and policies.
The U.S. Bureau of Labor Statistics is especially bullish on these jobs, forecasting 31.5% growth over the next 10 years. (Median Salary: $112,000, U.S. News & World Report.)
Security Administrator
In addition to identifying vulnerabilities and, in general, enforcing the organization’s security posture, security administrators or managers also manage the security and/or information systems team.
Salary: $150,000 to $225,000, Mondo.
Network Security Architect
These positions often require the employee to play on both the Blue Team, developing the system security architecture and posture, and the Red Team, which engages in hypothetical attacks on the system to expose its flaws — essentially, penetration testing (see below). They also fulfill the role of managing the network team.
Salary: $142,000 to $200,000, Cyberseek.
Security Systems Sales Engineer
Like in many other technology fields, it can get crowded at the top, and staff can hit a ceiling regarding the growth of their roles, responsibilities, and salaries.
Sales is a viable option for candidates with the right communication skills, comprehensive, in-depth knowledge, and a winning personality. However, one is often predicated on commissions or incentives to reach full remuneration potential.
Salary: $102,000 to $142,000, ZipRecruiter.
Artificial Intelligence Specialist
The mainstream emergence of AI over the last few years has raised its profile in fields other than mocking up fantasy pictures. The capacity of AI technology to collect, parse, analyze, and create data is a compelling fit for cybersecurity, where talent is needed to coach machine learning programs to detect threats and vulnerabilities in real time.
Salary: $57,000 to $106,000, ZipRecruiter.
Forensic Analyst
Digital forensic analysts play much the same role as crime scene investigators — they often investigate crimes. Forensic analysts are on the scene after the fact, piecing together how intruders penetrated the system, tracing their digital footprints, preserving evidence, and recommending remediation.
They are often called on to cooperate with legal authorities, so understanding the law and great communication skills are essential.
Salary: $41,000 to $91,500, ZipRecruiter.
Ethical Hacker/Penetration Tester
The White Hats or Team Red, if you prefer. People in these roles throw every attack they know — and invent some they don’t — at a system, trying to expose its vulnerabilities.
While some companies employ full-time ethical hackers, penetration testing is often part of the administrator’s or architect’s role or is performed by a specialized contractor.
Salary: $124,424, Cyberseek.
Chief Information Security Officer (CISO)
As Chief Information Security Officer, you’ve arrived at the C-Suite. There are only about 7,500 CISOs in the United States, compared to 70,000 chief information officers (CIOs), according to CISO Global.
Network giant Cisco Systems Inc. reports that CISOs divide their work efforts among leadership roles (35% of the time), risk assessment management (44%), and data privacy and governance (33%).
The job is stressful, and there’s a lot of churn: CISOs last about 18-26 months, unlike other C-suite occupants (4.9 years).
Average Salary: $258,235, Glassdoor.
Frequently Asked Questions (FAQs)
What Salary Trends Can We Anticipate for Cybersecurity Careers?
Growth in demand for cybersecurity professionals maybe three times that of the national average in the U.S., but salaries aren’t keeping pace. Motion Recruitment reports that cybersecurity pay packets increased only about 0.43% in 2023, whereas IT jobs generally saw a 2% salary increase.
Among security personnel, infosec engineers (6.25%), infosec analysts (3.12%), and network security engineers (2.63%) saw the most significant hikes.
How Will Emerging Technologies Shape Cybersecurity Roles?
Two emerging technologies are primarily shaping cybersecurity today: Artificial intelligence and blockchain. Both are in the public eye for controversial reasons unrelated to cybersecurity — AI for its creative possibilities and blockchain for its fundamental role in cryptocurrency.
Both have cybersecurity implications that don’t get as much attention.
AI can collect, process, analyze, and generate data at an unparalleled speed while also “learning” from data correlations. For those who know how to harness that power, AI can be a powerful tool to predict and create attack vectors.
Blockchain is a distributed ledger system that distributes data amongst blocks on different computing nodes and chains them together. It is virtually impossible to change a blockchain ledger, opening up robust security possibilities.
DevSecOps is not a new technology but a burgeoning development framework that will also shape the security careers landscape. Security is embedded within the software development lifecycle, changing the skillset required.
How Does Cloud Computing Impact Cybersecurity Careers?
Enterprise cloud computing is becoming the norm rather than the exception as companies shift capital expenses (CAPEX) to operating expenses (OPEX). Candidates should have an understanding of the technical, architectural, legal, and communications considerations of cloud computing.
Bottom Line: Lots of Options for Cybersecurity Careers
New technologies create new vulnerabilities, as well as new solutions. Cybersecurity will only increase in importance, and the ever-expanding catalog of roles and disciplines offers many options to forge your career path.
New to cybersecurity? Read our guide, How to Get Started in Cybersecurity: Steps, Skills & Resources, on eSecurity Planet.