January 5, 2023 By Doug Bonderud 4 min read

Big technology companies are laying off staff as market conditions change.

The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years.

As noted by Stanford Graduate School of Business Professor Jeffrey Pfeffer, part of this push to cut positions stems from a bursting bubble of business valuations. Pfeffer makes it clear, however, that in many cases, the cause here is imitative behavior. When one company starts laying off staff, others follow in what he calls a “social contagion”.

Regardless of the underlying reason, many skilled IT professionals now find themselves out of a job. But it’s not all digital doom and gloom. There’s one tech sector that’s still struggling to find talented staff: Cybersecurity.

Here’s why making the move to infosec may be a smart career move for former big tech staff.

The growing need for Infosec experts

According to data from Cyber Seek, more than a million IT professionals are currently part of the cybersecurity workforce. This number has been steadily growing over the past few years. Despite the uptick, however, there are still more than 750,000 open cybersecurity positions across the country. In states such as Florida, Texas and California, there are anywhere between 25,000 and 83,000 job openings available.

The reason for this growing gap is simple: Cybersecurity threats are on the rise, and there aren’t enough skilled professionals to meet increasing demand. From the ongoing risks of ransomware to emerging attack vectors created by work-from-home policies and the adoption of anywhere, anytime resource access, companies now face a myriad of old and new threats that can quickly derail business operations.

Oppositional opportunities: The benefit of bad guys

For IT professionals recently laid off from big tech jobs, the move to cybersecurity can feel like a strange shift. Consider a software engineer or application developer out of a job and looking for new opportunities. They may bypass infosec openings simply because they’re not sure security would be a good fit.

They’re not wrong. While cybersecurity is on the same spectrum as other IT opportunities, it comes with a different approach. Conflict rather than consistency is at the heart of these protective positions. Despite its significant departure from other roles, it offers a unique opportunity for growth.

Put simply? Having an adversary fuels innovation. Instead of working on projects with a consistent path between point A and point B, cybersecurity staff must be ready to respond at a moment’s notice. Even as they’re busy implementing strategies and solutions to detect attackers earlier and mitigate malware impacts, they’re also the first line of defense against attacks in progress.

As a result, these roles aren’t for everyone but offer a compelling career choice for those looking to challenge themselves.

Skills to pay the bills

Cybersecurity-specific certifications and training can help staff stand out to recruiters and make the transition to new roles easier. But existing qualifications also play a role in helping IT professionals make the transition.

Consider a software engineer with two decades worth of experience who was recently laid off from their job. While their skill in coding, testing and revision may not seem immediately applicable to cybersecurity, they bring a unique set of benefits to the table.

Take the common example of a ransomware attack. Cybersecurity teams prepare for these attacks using a combination of threat intelligence solutions and incident detection tools that help shorten the time between attack and discovery. Over time, however, attackers learn — and grow. The existence of Ransomware-as-a-Service (RaaS) marketplaces showcases the commitment of malicious actors to collaborate when it benefits their ability to break down business defenses.

In practice, this means that existing controls may slowly begin to fail as attackers enhance their approach. Our laid-off software engineer, however, can compile new code in-house to boost existing solutions and frustrate attacker efforts.

Making the move to cybersecurity

Of course, it’s one thing to consider a move to cybersecurity. It’s another to take the plunge and start putting out applications.

One way to help streamline the shift is with certification-based training. Consider that of the more than one million currently employed cybersecurity professionals, 213,000 hold the CompTIA Security+ certification, and 94,000 have completed the Certified Information Systems Security Professional (CISSP) course. What’s more, 140,000 of the currently unfilled security positions are asking for CISSP, while 100,000 want CompTIA Security+ completion.

Not only do courses such as Security+ offer a great introduction to cybersecurity processes and priorities, but they also pave the way for advancement within new organizations. What’s more, many of these certification options are now available as online, self-paced courses that let IT professionals decide how and when they learn best.

Another option for laid-off tech staff is applying for positions that include paid training to get them up to speed. A quick query of the job search site Simply Hired turns up more than 600 positions that don’t require previous cybersecurity experience and provide paid training.

Tech to cybersecurity: From strength to strength

Undoubtedly layoffs will stabilize and IT hiring will eventually begin again in earnest. However, this is cold comfort for technology professionals who find themselves facing the unpleasant reality of possible unemployment.

As one digital door closes, however, another opens. And strangely enough, it’s one that sees technology experts finding ways to keep network doors shut tight against potential attackers. Although the move to cybersecurity isn’t for everyone, the skills acquired in previous positions combined with the compelling task of adapting to an adversary’s movements make this lateral shift a great way for IT pros to capitalize on current strengths and build new skill sets that set them up for ongoing career stability.

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today