Light Dark
May 26, 2023 By Jennifer Gregory 4 min read
Intelligence & Analytics

It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily.

As cybersecurity continues to remain a top business priority, organizations will likely keep hiring for cybersecurity roles. Companies are increasingly recognizing that without experienced team members, they are increasing their risk of a cybersecurity attack or breach.

Layoffs avoided cybersecurity personnel

According to Layoffs.fyi, more than 500 tech companies laid off over 153,000 employees between January 1, 2023, and March 23, 2023, and more than 161,000 were laid off in 2022. While those numbers include roles throughout the industry, not all jobs are affected equally.

Dan Walsh, chief information security officer with VillageMD, recently told Fortune that cybersecurity layoffs have been few and far between. The numbers back up this claim. The National Initiative for Cybersecurity Education at the National Institute of Standards and Technology reported that cybersecurity demand increased in both the public (25%) and private sectors (21%) in 2022. Additionally, 755,743 cybersecurity jobs were posted in 2022, only a 2% decrease from the same time period the previous year.

While cybersecurity analysts and engineers often top the open positions, many other lesser-known roles exist in cybersecurity.

Over 5,800 incident response positions, which are responsible for handling the aftermath of an incident, have been recently posted on Indeed. Also in demand, malware analysts evaluate an organization’s systems, data and applications to detect malware and then determine the best course to remediate.

Additionally, positions for employees who test for vulnerabilities, known as pentesters, offer a good entry point for new graduates or employees transferring from other roles. Threat hunting, which involves reviewing all the security data and systems to look for abnormalities and potential malware issues, also offers many career options.

Landing an entry-level cybersecurity job

Employers are increasingly using criteria other than four-year degrees when hiring for cybersecurity positions.

Entry-level job hunters often land their first job through skilling badges or certifications. Both methods show potential employers that the candidate has the expertise and knowledge needed to hit the ground running.

With many different certifications to choose from, it’s important to start by understanding your career goals and then selecting the one that hiring managers are most likely to recognize. You should also consider the time required to earn the badge or certification, as well as the cost. Think about the return on your investment compared to the salary of the expected job.

Transitioning from other roles to cybersecurity

Many cybersecurity employees move into the industry from non-technology positions. Many positions require excellent problem-solving and analytical skills that can be learned in other industries.

Caitlin Kiska, an information security engineer, was previously a professional online poker player. She discovered that her ability to analyze and form strategies from large data sets is a much-needed skill in cybersecurity.

Before moving into cybersecurity, Matt Gimovsky worked in litigation for eight years. He found that his expertise in strategic/tactical advising combined with his long-term passion for technology transferred easily into his current role as a technology transactions advisor for a fed/civ cyber defense business.

Current or recently laid-off technology workers can also easily transition into cybersecurity from a wide range of roles.

Software engineers should look for opportunities in cybersecurity to create applications that detect cyberattacks or are more cyber resilient. Because IT support specialists have strong analytical skills and significant hardware/software knowledge, they can quickly investigate cybersecurity incidents. Cybersecurity involves identifying patterns, making it relatively easy for data analysts to move into positions that detect and respond to threats.

Updating your resume for a cybersecurity role

Because cybersecurity hiring managers realize that their next best team member may not have a traditional background, you should include many experiences and skills you may not consider. By highlighting both technical and soft skills, you increase your chances of landing the job. Before applying to a cybersecurity position, reevaluate your resume through the lens of a cybersecurity hiring manager.

Make sure that your technical skills are highlighted and easy for a manager to find. Highlight your current skills, badges and certifications. Consider having a section that highlights your experience with the most recent threats and solutions, especially in terms of ransomware. If you have used the latest automation and artificial intelligence tools, be sure to include these skills as well.

In addition to the skills, companies want employees with experience to put their expertise to use. Consider also including any results or significant experience, such as vulnerabilities you’ve detected or incidents you successfully managed. By sharing specifics, you demonstrate both your knowledge and your ability to apply those skills while under pressure. Companies want to know that employees can handle the pressure and stress of managing real-world threats in real-time.

Cybersecurity positions involve a significant amount of collaboration and teamwork. Hiring managers increasingly look for soft skills, such as leadership, curiosity, tenacity, passion, problem-solving, teamwork and thriving under pressure. Because the ability to communicate effectively with team members and other employees is critical to success in cybersecurity, managers often prioritize applicants with communication skills. Add examples of any responsibilities that involved combination, such as cross-department collaboration or conducting training.

The cybersecurity job market remains strong

As cybersecurity continues to be a top business priority, it will likely remain a valuable position at organizations. Even businesses with hiring freezes may continue to fill open cybersecurity positions due to the critical nature of the work. By looking for opportunities in cybersecurity, job seekers can find job security while working on fulfilling projects.

 |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

August 9, 2023

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature