Big technology companies are laying off staff as market conditions change.

The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years.

As noted by Stanford Graduate School of Business Professor Jeffrey Pfeffer, part of this push to cut positions stems from a bursting bubble of business valuations. Pfeffer makes it clear, however, that in many cases, the cause here is imitative behavior. When one company starts laying off staff, others follow in what he calls a “social contagion”.

Regardless of the underlying reason, many skilled IT professionals now find themselves out of a job. But it’s not all digital doom and gloom. There’s one tech sector that’s still struggling to find talented staff: Cybersecurity.

Here’s why making the move to infosec may be a smart career move for former big tech staff.

The Growing Need for Infosec Experts

According to data from Cyber Seek, more than a million IT professionals are currently part of the cybersecurity workforce. This number has been steadily growing over the past few years. Despite the uptick, however, there are still more than 750,000 open cybersecurity positions across the country. In states such as Florida, Texas and California, there are anywhere between 25,000 and 83,000 job openings available.

The reason for this growing gap is simple: Cybersecurity threats are on the rise, and there aren’t enough skilled professionals to meet increasing demand. From the ongoing risks of ransomware to emerging attack vectors created by work-from-home policies and the adoption of anywhere, anytime resource access, companies now face a myriad of old and new threats that can quickly derail business operations.

Oppositional Opportunities: The Benefit of Bad Guys

For IT professionals recently laid off from big tech jobs, the move to cybersecurity can feel like a strange shift. Consider a software engineer or application developer out of a job and looking for new opportunities. They may bypass infosec openings simply because they’re not sure security would be a good fit.

They’re not wrong. While cybersecurity is on the same spectrum as other IT opportunities, it comes with a different approach. Conflict rather than consistency is at the heart of these protective positions. Despite its significant departure from other roles, it offers a unique opportunity for growth.

Put simply? Having an adversary fuels innovation. Instead of working on projects with a consistent path between point A and point B, cybersecurity staff must be ready to respond at a moment’s notice. Even as they’re busy implementing strategies and solutions to detect attackers earlier and mitigate malware impacts, they’re also the first line of defense against attacks in progress.

As a result, these roles aren’t for everyone but offer a compelling career choice for those looking to challenge themselves.

Skills to Pay the Bills

Cybersecurity-specific certifications and training can help staff stand out to recruiters and make the transition to new roles easier. But existing qualifications also play a role in helping IT professionals make the transition.

Consider a software engineer with two decades worth of experience who was recently laid off from their job. While their skill in coding, testing and revision may not seem immediately applicable to cybersecurity, they bring a unique set of benefits to the table.

Take the common example of a ransomware attack. Cybersecurity teams prepare for these attacks using a combination of threat intelligence solutions and incident detection tools that help shorten the time between attack and discovery. Over time, however, attackers learn — and grow. The existence of Ransomware-as-a-Service (RaaS) marketplaces showcases the commitment of malicious actors to collaborate when it benefits their ability to break down business defenses.

In practice, this means that existing controls may slowly begin to fail as attackers enhance their approach. Our laid-off software engineer, however, can compile new code in-house to boost existing solutions and frustrate attacker efforts.

Making the Move to Cybersecurity

Of course, it’s one thing to consider a move to cybersecurity. It’s another to take the plunge and start putting out applications.

One way to help streamline the shift is with certification-based training. Consider that of the more than one million currently employed cybersecurity professionals, 213,000 hold the CompTIA Security+ certification, and 94,000 have completed the Certified Information Systems Security Professional (CISSP) course. What’s more, 140,000 of the currently unfilled security positions are asking for CISSP, while 100,000 want CompTIA Security+ completion.

Not only do courses such as Security+ offer a great introduction to cybersecurity processes and priorities, but they also pave the way for advancement within new organizations. What’s more, many of these certification options are now available as online, self-paced courses that let IT professionals decide how and when they learn best.

Another option for laid-off tech staff is applying for positions that include paid training to get them up to speed. A quick query of the job search site Simply Hired turns up more than 600 positions that don’t require previous cybersecurity experience and provide paid training.

Tech to Cybersecurity: From Strength to Strength

Undoubtedly layoffs will stabilize and IT hiring will eventually begin again in earnest. However, this is cold comfort for technology professionals who find themselves facing the unpleasant reality of possible unemployment.

As one digital door closes, however, another opens. And strangely enough, it’s one that sees technology experts finding ways to keep network doors shut tight against potential attackers. Although the move to cybersecurity isn’t for everyone, the skills acquired in previous positions combined with the compelling task of adapting to an adversary’s movements make this lateral shift a great way for IT pros to capitalize on current strengths and build new skill sets that set them up for ongoing career stability.

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read