By Chris Warren
It’s a sad reality. Hackers around the globe continuously threaten the computer networks and personal information that individuals, companies, and governments rely on not only to do business but also to deliver everything from health care to the basic water and energy services a functioning society depends on.
In 2019, for example, it’s estimated that hackers accessed 8.5 billion consumer records by targeting companies like Capital One and Quest Diagnostics. Cyber criminals have also managed to take control of computer networks belonging to companies and governments and demand a ransom in exchange for handing back control — Baltimore and Atlanta both suffered this fate. In total, Juniper estimates a $2 trillion price tag for cybercrimes in 2019.
There’s no way to spin this burgeoning level of criminality as good news. But the sheer size and scope of the challenge emphasize the need for improved cybersecurity, particularly a workforce trained to design and implement the sophisticated and always-evolving digital protections the world needs.
There is a massive shortfall between the needs businesses and governments have for cybersecurity professionals and the number of people ready to fill those important positions. A widely quoted report by the cybersecurity advisory firm Herjavec Group found that 3.5 million global cybersecurity jobs will go unfilled by 2021. The company also cites a growth rate in open cybersecurity positions between 2013 and 2021 of 350 percent.
Plenty of other organizations report similar findings. Among them is Harvard Business Review, which recently found that nearly 60 percent of chief information security officers (CISOs) worry about attracting sufficient cybersecurity staff.
It is no surprise, then, that people with the right cybersecurity skills are commanding big paychecks. For example, the top 10 percent of cybersecurity analysts make over $117,000 annually and have a median salary of $76,000. Given the harsh economic reality created by the coronavirus, having the skills to join a field with an abundance of open jobs is a good place to be.
There are many opportunities to be part of the solution to the daunting and growing cybersecurity challenge. Here are some of the most promising positions in this important field.
Just as the CEO is in charge of an entire company and a chief financial officer (CFO) oversees the revenue and budgets, the CISO is in charge of cybersecurity. This executive-level position is responsible for crafting the big-picture strategy for protecting a company’s computer systems and assets and also hiring the staff that can implement and execute that approach. The responsibilities are extensive, including everything from conceiving the overall design of security systems and policies to overseeing security audits and continuously monitoring both new threats and tools to protect against them. Unlike some technology positions, this job requires exceptional communication skills. The CISO has to be able to explain the importance of cybersecurity to an organization’s leadership team and justify budget requests to address the threats. Given the importance of the position, it’s not surprising that the average estimated salary is between $180,000 and $200,000, according to the Infosec Institute.
Boston University | Maryville University | UCLA
University of Texas at Arlington | State of Tennessee | Massachusetts Department of Transportation
Castlight Health: Chief Information Security Officer
FINRA: Deputy Chief Information Security Officer
Connecticut State Department of Administrative Services: Chief Information Security Officer
By some accounts, cybersecurity engineers are the most in-demand professionals in the field — which is saying a lot. But the importance of the position goes a long way toward explaining the intense demand. Just as civil engineers devote their skills to building infrastructure that’s safe and functional, cybersecurity engineers take a similarly methodical engineering approach to crafting and actually implementing systems that will stop cyber criminals. Cybersecurity engineers are tasked with the challenge of leading the development of plans and policies that will prevent an attack, implementing them, and spearheading the response. For these wide-ranging duties, cybersecurity engineers command an average salary of $106,000.
Northern Arizona University | Villanova University | George Mason University
AccruePartners | Aerospace Corporation | IEX
Lockheed Martin: Cybersecurity Engineer
Millennium Engineering and Integration: Junior Cybersecurity Engineer
Criminal hackers can inflict a lot of damage on a company or government. But the example of Kevin Mitnick shows how skilled hackers can be a powerful force for good. Mitnick was once such a dangerous and effective hacker that he landed on the FBI’s Most Wanted list and spent five years in jail for hacking into computer systems. Today, Mitnick is reformed and helps governments and corporations identify and address their cyber vulnerabilities. Ethical hacking (also known as white hat hacking or penetration testing) is a growing field, and many workers obtain a certification from universities and the International Council of Electronic Commerce Consultants (EC-Council). According to the job site Indeed.com, ethical hackers make an average of about $100,000 per year.
University of Central Florida | Old Dominion University | SANS Institute
Okaya Corporation | Northrop Grumman | Google
Virtual Security Research: Ethical Hacker
CME Group: Ethical Hacker III
Bank of America: Manual Ethical Hacker
A big reason cyber criminals are so difficult to thwart is that their methods for breaching computer systems are always evolving. The daunting task facing information security analysts is to understand and keep up with threats, and then plan and deploy security measures. In other words, information security analysts are tasked with developing a game plan to defeat an extraordinarily sophisticated and nimble opponent. The tools these professionals use include software firewalls as well as training to alert workers to potential dangers. Part of the job is devising a recovery plan in case a network is breached. The U.S. Bureau of Labor Statistics estimates the median annual salary for information security analysts at about $100,000 and expects job growth of 32 percent between 2018 and 2028, far greater than the 5 percent growth projected for all occupations.
Rasmussen College | Oregon State University | Grand Canyon University
CIA | Foundation Medicine | National Fuel Gas Company
Intel: Senior Security Analyst
Health Channels: Information Security Analyst
Oracle: Security Operations Center Analyst Intern
On the front lines of cybersecurity, incident responders have the job of investigating all computer-related crimes that challenge an organization. They are trained in computer forensics with the skills to determine that an attack is underway. Responders also help the organization quickly mitigate the damage and investigate ways to fix vulnerabilities. This is a position with a lot of growth potential, and average salaries are in the neighborhood of $80,000.
National Initiative for Cybersecurity Careers and Studies | Udemy | GIAC.org
Wells Fargo and Co. | Apple | Google
Kforce Technology: Cyber Incident Response Engineer
Aerospace Corporation: Incident Response and Cybersecurity Engineer
Stitch Fix: Incident Response Lead Engineer
In many ways, 21st century life is built on the work of software developers, and their knowledge of code plays an important role in protecting companies and governments from cyber criminals. Indeed, it’s the job of software developers in cybersecurity to come up with, test, and continuously improve the antivirus, spyware, malware detection, and other applications that keep cyber intruders from causing damage. Besides having a deep knowledge of programming languages, software developers in the cybersecurity realm need to be well-versed in the attack strategies (often called vectors) criminals pursue and stay current on evolving threats. Software developers are foundational to cybersecurity success, and they command a good salary. According to the job website Indeed.com, the average cybersecurity developer earns between $80,000 and $100,000 annually.
Southern New Hampshire University | Stanford University | Arizona State University
Massachusetts Institute of Technology | Radiant Logic | Nomad eCommerce
Tau Technologies LLC: Software Developer
The Assurance Group: Software Developer
Tello Med: Software Developer
All organizations are susceptible to cybercrime, but the financial services industry is a bigger target than most. According to a report by the consulting firm Accenture, the average number of breaches grew by 13 percent between 2017 and 2018, and Boston Consulting Group found that financial services companies are 300 times more likely to be attacked. The digital security firm Akamai reported there were 3.5 billion malicious login attempts targeting financial services in 2019. None of this should really come as a surprise: after all, banks and other financial services companies are where the money is. Because of their vulnerability, financial services companies are in even greater need of cybersecurity professionals.
Brandeis University | Dalhousie University | Duke University
FinTech Sandbox | OliBank | Amazon Web Services
Silicon Valley Bank: Relationship Advisor FinTech
Fannie Mae: Director of Program Management FinTech
The Motley Fool: FinTech Data Analyst
If you think about an organization’s cybersecurity staff as a sports team, the security administrator is akin to a player-coach. While individual workers will have specific tasks — like preventing hacker incursions — the administrator makes sure the whole suite of technologies is functioning properly and adapting to the inevitable onslaught of new attacks. A key responsibility is identifying, implementing, and testing technologies, particularly firewall technology. But the job also requires strong communication skills to manage employees and minimize vulnerabilities in the overall system.
University of New Mexico | Purdue University | Rochester Institute of Technology
Clark County, Nev. | Raytheon | Penobscot Community Health Care
MITRE Corporation: Cybersecurity System Administrator
Air Force Materiel Command: Security Administration
General Dynamics Information Technology: Security Administrative Specialist
As long as spies, governments, and corporations have kept secrets, cryptographers have been working to uncover them. But today’s cryptographers use their deep knowledge of coding, math, and algorithms to design ways to protect and send digital data. Every time you order something from a website or make an online deposit, you are benefiting from the skills of a cryptographer who helped you send an encrypted message. Given just how important data security is in government, the military, and digital commerce, it’s no surprise that cryptographers are well compensated. According to ZipRecruiter, cryptographers make an average of about $145,000 annually.
Massachusetts Institute of Technology | Johns Hopkins University | Colorado School of Mines
National Security Agency (NSA) | Federal Bureau of Investigation (FBI) | Amazon
Microsoft: Senior Researcher Cryptography and Privacy
Protocol Labs: Research Scientist Cryptography
Algorand: Cryptography Intern
Designed to bolster the security of digital transactions, blockchain technology creates what is known as a distributed ledger. Translated, that means blockchain is a list of time-stamped records (each known as a block) that are connected using cryptography so that they can’t be manipulated. Blockchain provides a secure way to record transactions and make information available and transparent to a wide network of people. Put another way, it’s a secure public ledger of economic activity and transactions that is impervious to the mischief of cyber criminals. Its promise as a bulwark against crypto-thieves has made blockchain an increasingly popular tool for banks, health care companies, law firms, and real estate. As the use of blockchain expands, so do job opportunities, most of them well compensated. ZipRecruiter reports that the average national annual salary for blockchain developers is over $154,000.
MIT Sloan School of Management Executive Education | Montana State University | Georgetown University
CSAA Insurance Group | UC Berkeley | Walmart
Fidelity Investments: Technology Leader Blockchain
Facebook: Research Scientist Blockchain
InfoSys: Blockchain Developer
Note: “Find Your School” examples are listed in no particular order and are just a sampling of colleges and universities with departments that prepare aspiring professionals in cybersecurity roles. Employers and job openings were current when we researched the story and are intended to serve as examples only to illustrate the diversity of opportunities in the top jobs in this field.