Big technology companies are laying off staff as market conditions change.

The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years.

As noted by Stanford Graduate School of Business Professor Jeffrey Pfeffer, part of this push to cut positions stems from a bursting bubble of business valuations. Pfeffer makes it clear, however, that in many cases, the cause here is imitative behavior. When one company starts laying off staff, others follow in what he calls a “social contagion”.

Regardless of the underlying reason, many skilled IT professionals now find themselves out of a job. But it’s not all digital doom and gloom. There’s one tech sector that’s still struggling to find talented staff: Cybersecurity.

Here’s why making the move to infosec may be a smart career move for former big tech staff.

The Growing Need for Infosec Experts

According to data from Cyber Seek, more than a million IT professionals are currently part of the cybersecurity workforce. This number has been steadily growing over the past few years. Despite the uptick, however, there are still more than 750,000 open cybersecurity positions across the country. In states such as Florida, Texas and California, there are anywhere between 25,000 and 83,000 job openings available.

The reason for this growing gap is simple: Cybersecurity threats are on the rise, and there aren’t enough skilled professionals to meet increasing demand. From the ongoing risks of ransomware to emerging attack vectors created by work-from-home policies and the adoption of anywhere, anytime resource access, companies now face a myriad of old and new threats that can quickly derail business operations.

Oppositional Opportunities: The Benefit of Bad Guys

For IT professionals recently laid off from big tech jobs, the move to cybersecurity can feel like a strange shift. Consider a software engineer or application developer out of a job and looking for new opportunities. They may bypass infosec openings simply because they’re not sure security would be a good fit.

They’re not wrong. While cybersecurity is on the same spectrum as other IT opportunities, it comes with a different approach. Conflict rather than consistency is at the heart of these protective positions. Despite its significant departure from other roles, it offers a unique opportunity for growth.

Put simply? Having an adversary fuels innovation. Instead of working on projects with a consistent path between point A and point B, cybersecurity staff must be ready to respond at a moment’s notice. Even as they’re busy implementing strategies and solutions to detect attackers earlier and mitigate malware impacts, they’re also the first line of defense against attacks in progress.

As a result, these roles aren’t for everyone but offer a compelling career choice for those looking to challenge themselves.

Skills to Pay the Bills

Cybersecurity-specific certifications and training can help staff stand out to recruiters and make the transition to new roles easier. But existing qualifications also play a role in helping IT professionals make the transition.

Consider a software engineer with two decades worth of experience who was recently laid off from their job. While their skill in coding, testing and revision may not seem immediately applicable to cybersecurity, they bring a unique set of benefits to the table.

Take the common example of a ransomware attack. Cybersecurity teams prepare for these attacks using a combination of threat intelligence solutions and incident detection tools that help shorten the time between attack and discovery. Over time, however, attackers learn — and grow. The existence of Ransomware-as-a-Service (RaaS) marketplaces showcases the commitment of malicious actors to collaborate when it benefits their ability to break down business defenses.

In practice, this means that existing controls may slowly begin to fail as attackers enhance their approach. Our laid-off software engineer, however, can compile new code in-house to boost existing solutions and frustrate attacker efforts.

Making the Move to Cybersecurity

Of course, it’s one thing to consider a move to cybersecurity. It’s another to take the plunge and start putting out applications.

One way to help streamline the shift is with certification-based training. Consider that of the more than one million currently employed cybersecurity professionals, 213,000 hold the CompTIA Security+ certification, and 94,000 have completed the Certified Information Systems Security Professional (CISSP) course. What’s more, 140,000 of the currently unfilled security positions are asking for CISSP, while 100,000 want CompTIA Security+ completion.

Not only do courses such as Security+ offer a great introduction to cybersecurity processes and priorities, but they also pave the way for advancement within new organizations. What’s more, many of these certification options are now available as online, self-paced courses that let IT professionals decide how and when they learn best.

Another option for laid-off tech staff is applying for positions that include paid training to get them up to speed. A quick query of the job search site Simply Hired turns up more than 600 positions that don’t require previous cybersecurity experience and provide paid training.

Tech to Cybersecurity: From Strength to Strength

Undoubtedly layoffs will stabilize and IT hiring will eventually begin again in earnest. However, this is cold comfort for technology professionals who find themselves facing the unpleasant reality of possible unemployment.

As one digital door closes, however, another opens. And strangely enough, it’s one that sees technology experts finding ways to keep network doors shut tight against potential attackers. Although the move to cybersecurity isn’t for everyone, the skills acquired in previous positions combined with the compelling task of adapting to an adversary’s movements make this lateral shift a great way for IT pros to capitalize on current strengths and build new skill sets that set them up for ongoing career stability.

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…