Cybersecurity

There will be excellent employment opportunities in the cybersecurity industry in the coming years. Job opportunities for information security analysts—a popular career option—are expected to increase by 32 percent from 2022 to 2032 (or much faster than the average), according to the U.S. Department of Labor (DOL). The average expected growth for all occupations is 3 percent. Some employment sectors will grow faster than others. Here’s a breakdown of the fastest-growing employment sectors for analysts by industry sector:

• computer systems design and related services: +47.1 percent
• professional, scientific, and technical services: +38.6 percent
• web search portals, libraries, archives, and other information services: +37.4 percent
• software publishers: +34.6 percent
• computing infrastructure providers, data processing, web hosting, and related services: +33.5 percent
• publishing: +33.2 percent

Job opportunities at government agencies should be good, but not as strong as at many other employers. Employment for information security analysts with local government agencies (excluding education and hospitals) is expected to increase by 23.3 percent through 2032. Job growth of 20 percent is expected for analysts at state government agencies (excluding education and hospitals), and opportunities with federal agencies are expected to increase by 15 percent.

There are many other career paths in cybersecurity. Here are employment outlooks for other IT professionals through 2032:

• software developers: +25 percent
• computer and information research scientists: +23 percent
• risk managers: +16 percent
• computer and information systems managers: +15 percent
• database administrators and architects: +8 percent
• hardware engineers: +5 percent
• computer network architects: +4 percent
• network and computer systems administrators: +2 percent

Employment opportunities in the cybersecurity industry will be strong because:

• Cyberattacks have become more frequent, sophisticated, and damaging in recent years; Cybersecurity Ventures predicts that global cybercrime damage will grow from $3 trillion in 2015 to $10.5 trillion in 2025.
• The pandemic prompted more people to work-from-home (and many still do), which has created increased demand for home-focused cybersecurity and cloud computing protective measures by employers.
• The use of e-commerce (and the Internet in general) has skyrocketed, which has increased the need to protect both businesses and consumers from cybercrime.
• There has been a strong increase in the use of Internet of Things–connected devices, which creates more cybersecurity protection issues.
• Government regulation is increasing; “Governments around the world are enacting stricter cybersecurity, data protection, and privacy regulations,” according to the Cloud Security Alliance, creating the need for cybersecurity professionals with expertise in these areas.
• A rapidly aging workforce and dearth of new workers in the field (including those needed to replace people who retire or leave the field) have created significant staffing shortfalls.

Staffing shortages continue to create major challenges in the cybersecurity industry. In 2023, there were more than 5.4 million cybersecurity workers worldwide, according to the ISC2 Cybersecurity Workforce Study, 2023. The cybersecurity organization estimates that nearly 4 million additional workers are needed to meet demand. In the United States, there were nearly 1.5 million cybersecurity workers, but a workforce gap of 482,985 workers. “The current macroeconomic environment has normalized higher costs, lower revenue, and worker shortages,” according to ISC2. “As a result, many organizations are choosing to implement cost-saving cutbacks (e.g., budget cuts, layoffs, hiring freezes, promotion freezes) to support their balance sheet. However, these organizational cutbacks—especially within cybersecurity teams—have implications that extend beyond just cost. Cybersecurity professionals are critical protectors against risk and vulnerability, but cutbacks throttle their productivity, satisfaction, and skill development.”

Cybersecurity professionals are also leaving the field because they are overworked, believe they are underpaid, are experiencing poor working conditions, and facing other challenges. In 2023, the IT association ISACA and the tech company Adobe surveyed cybersecurity workers regarding work-related issues, and published the results of its survey in State of Cybersecurity 2023. Respondents cited the following factors as causing cybersecurity professionals to leave their current jobs:

• recruited by other companies: cited by 58 percent of respondents
• poor financial incentives (e.g., salaries, bonuses): 54 percent
• limited promotion and development opportunities: 49 percent
• high work stress levels: 43 percent
• lack of management support: 34 percent
• poor work culture/environment: 33 percent
• limited remote work possibilities: 28 percent
• inflexible work policies: 23 percent
• limited opportunities to work with latest technologies (e.g., artificial intelligence): 20 percent

Salaries remain high for cybersecurity professionals due to worker shortages, rising demand, and expertise shortages in some cybersecurity specialties. The DOL reports that information security analysts earned mean annual salaries of $119,860 in 2022—which was nearly double the mean annual salary ($61,900) for all workers. Workers in the following cybersecurity careers received the highest average salaries in 2023, according to CyberSeek:

• security architect: $151,547
• cybersecurity manager: $128,665
• cybersecurity engineer: $127,094
• penetration and vulnerability tester: $120,662
• security analyst: $107,517
• cybersecurity specialist: $106,265
• IT security auditor: $105,692

Since cybersecurity professionals are in such short demand, hiring managers are often willing to increase salary offers to those with specialized skills. Fifty-five percent of managers surveyed by Robert Half for its 2024 Salary Guide said that they would increase salary offers for those with cybersecurity expertise. Forty-six percent said they would do so for those with artificial intelligence expertise.

Salaries are also higher for those who have earned in-demand, industry certifications, so pursuing these credentials is highly recommended for both job security and a higher income. Cybersecurity-certified professionals in North America earned average salaries of $123,370, according to Skillsoft’s IT Skills and Salary Report, 2022. “In many cases, IT certifications will differentiate you from other applicants vying for the same role by acting as an external metric of quality that hiring leaders value,” according to ISACA, which offers certification programs. “This increase in marketability produces a competitive edge over your peers and emphasizes your commitment to your professional development and continued education.” Skillsoft reports that some of the highest-paying (by average salary) certifications in North America were:

• Certified in Risk and Information System Control (ISACA): $167,145
• Certified Information Security Manager (ISACA): $158,590
• Certified Information Systems Security Professional (ISC2): $154,186

In the future, more companies will hire outside contractors to help reduce technology expenditures and address staffing shortfalls. Sixty-two percent of tech managers who were surveyed by Robert Half for its 2024 Salary Guide said that they planned to bring in more contract professionals to provide specialized skills and critical support for key projects. Thirty-six percent of managers planned to use contract talent in the areas of security, privacy, and compliance.

Researchers at the World Economic Forum and the University of California Berkeley offer the following prediction for cybersecurity in 2030: “Cybersecurity will be less about ‘defending fortresses’ than moving toward acceptance of ongoing cyber-risk, with a focus on bolstering resilience and capacity for recovery. As markers of this trend, passwords could be nearly obsolete by 2030, cybersecurity will be widely taught in primary schools, and cryptocurrencies will be more effectively regulated. Still, while investments in more secure systems and basic cyber hygiene will raise many above the ‘cyber poverty line,’ progress is likely to be unevenly distributed across communities and geographies.”