More than 5.4 million workers were employed in cybersecurity worldwide in 2023, according to ISC2, an industry association. Nearly 1.5 million cybersecurity professionals worked in the United States. Typical employers of cybersecurity professionals include:
- cybersecurity product developers and service providers
- consulting firms
- cybersecurity start-ups
- government agencies (including branches of the armed forces)
- high-net-worth individuals/families
- non-tech companies and organizations that either have a dedicated cybersecurity/information security department or hire these professionals to address their security needs
Many people work in more than one sector during their careers.
Type of Employers
Cybersecurity Product Developers and Service Providers
Cybersecurity product and service developers range from huge market leaders (such as IBM and Cisco) to thousands of small- to medium-sized companies that create specialized products and services. Some cybersecurity companies offer products and services in a variety of areas. For example, Cisco offers software, hardware, and consulting services. Some companies specialize in providing products and services to consumers, while others focus on the business-to-business market, or focus solely on the public sector. Major market segments (according to McKinsey & Company and other sources) include:
- application security
- cloud security
- data protection
- e-mail security and awareness
- end point security
- governance, risk, and compliance
- identity and access management
- internet of things operational technology
- managed security service providers/outsourcing
- network security
- online reputation protection
- security and operations management
- Web security
Consulting Firms
Consultants usually work for one of three types of employers: generalist management consulting firms (that have cybersecurity or general IT practices), cybersecurity (or IT) specialist or “boutique” consulting firms, and internal cybersecurity or general IT company consulting divisions. Many large consulting firms have offices throughout the United States, and top firms also have offices worldwide.
The U.S. information technology consulting industry had revenue of $16 billion in 2022, according to the market research group IBISWorld. There were 11,339 IT security consulting businesses, with 59,110 employees, in the United States. The average U.S. firm had five employees.
Many large IT companies have consulting branches that provide cybersecurity services. For example, IBM Cybersecurity Services offers clients cyber threat management services, such as X-Force (a threat-centric team of hackers, responders, researchers, and intelligence analysts), as well as threat detection and response services, cloud and platform security services, identity and access management services, cyber strategy and resiliency services, and more. Additional companies that have cybersecurity consulting practices include Accenture, Cisco, Hewlett Packard Enterprise, Microsoft, Oracle Consulting, and SAP. Management consulting firms such as Booz Allen Hamilton, The Boston Consulting Group, Capgemini, Deloitte, and McKinsey & Company have also launched cybersecurity consulting practices.
IBISWorld says that “security systems design and integration remains the industry’s largest product segment. The largest customers in this segment are government entities, banks, and business-to-consumer companies.” The cybersecurity consulting industry is fast-growing and very competitive. “To obtain valuable contracts, companies must offer a variety of security-related services,” according to IBISWorld. “IT security consultants are increasingly advertising as a one-stop-shop for all security needs.”
Cybersecurity Start-Ups
When a person or a group of individuals has an idea to create a new product or service or improve an existing one, they often launch a cybersecurity start-ups. They use their own funds, money from friends and family, and, most significantly, funds from venture capital firms to launch their businesses. Many start-ups are very small (i.e., one to three employees) and operate in their early days out of someone’s garage or basement. Launching or just working at a start-up can be very exciting and lucrative (if you receive stock options and the company takes off), but keep in mind that many start-ups never become successful and go bankrupt. Cyber Defense Magazine offers a list of cybersecurity start-ups at https://www.cyberdefensemagazine.com/top-100-cybersecurity-startups.
Government Agencies
Cybersecurity professionals work at a wide variety of local, state, regional, and federal government agencies. These range from security-focused organizations such as departments of homeland security, police departments, and bureaus of investigation to non-tech departments and bureaus that need cybersecurity protection. Major federal government employers of cybersecurity professionals include the:
- Central Intelligence Agency
- Department of Commerce
- Department of Defense (armed forces branches, Defense Intelligence Agency)
- Department of Health and Human Services
- Department of Homeland Security (Cybersecurity & Infrastructure Security Agency)
- Department of Justice (Federal Bureau of Investigation)
- Department of State
- Department of the Treasury
- National Security Agency/Central Security Service
- Office of the National Cyber Director
- Social Security Administration
Nearly every department and agency employs some type of cybersecurity professional. A good way to get a handle on the 509 federal agencies and sub-agencies is to check out the Partnership for Public Service’s Best Places to Work in the Federal Government rankings at http://bestplacestowork.org.
Non-Tech Companies
All major companies (e.g., banks, consumer products firms, insurance companies, manufacturers, media companies) either have a dedicated cybersecurity/IT department or hire these professionals to address their security needs. Additionally, cybersecurity professionals work at medium and small businesses—which offer many job opportunities. “More than half of all cyberattacks are committed against small-to-mid-sized businesses, and 60 percent of them go out of business within six months of falling victim to a data breach or hack,” according to the 2022 Official Cybercrime Report, from Cybersecurity Ventures and eSentire.
Additional Employers
Wealthy individuals (including celebrities) and elected and appointed officials hire cybersecurity firms and/or consultants to ensure that they are protected from cybercriminals and those who seek to use technology (including deepfakes) to damage their reputations. Some cybersecurity professionals work as salaried employees or contract workers at private colleges and universities, charities, professional associations, and other nonprofit organizations. A skilled and experienced cybersecurity professional may choose to teach others about the field as a college professor, apprenticeship educator, or online instructor.
International Markets
The majority of the largest cybersecurity companies are headquartered in the United States, and there is a strong market for their products and services around the world. “Generally speaking, Canada, Europe, and the Asia-Pacific region tend to be the largest destinations for U.S. cybersecurity exports,” according to the U.S. Department of Commerce (DOC). The DOC reports that “the United States exported approximately $520 billion worth of information and communication technology (ICT) services and potentially ICT-enabled services in 2020.”
- Big Data Developers
- Blockchain Developers
- Business Continuity Planners
- Chief Information Security Officers
- Computer Programmers
- Computer Systems Programmer/Analysts
- Cryptographic Technicians
- Cybersecurity Architects
- Data Scientists
- Database Specialists
- Deepfake Professionals
- Directors of Security
- Information Security Analysts
- Information Technology Security Consultants
- Internet of Things Developers
- Internet Quality Assurance Specialists
- Internet Security Specialists
- Internet Transaction Specialists
- JavaScript Developers
- Network Operations Center Engineers
- Network Operations Center Technicians
- Online Gambling Specialists
- Security Consultants
- Software Application Developers
- Software Designers
- Software Engineers
- Solutions Architects
- Technical Support Specialists
- Technology Ethicists