Steve Seeberg
4 min 12-2-2023
Cybersecurity Engineer: A Rewarding Career Path in High Demand
The Scope of the Threat Posed by Cybertheft
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next three years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
The Evolution of Cybersecurity
Initially, cybersecurity was a subset of general IT roles, with limited specialization. Engineers often focused on basic network security and protecting against viruses. However, the rise of digital transformation, cloud computing, and sophisticated cyber threats have vastly expanded required roles and skill sets.
The most advanced roles have the titles of Cybersecurity Engineer, Cybersecurity Manager and Cybersecurity Architect. See Cyberseek.org for the numerous subsidiary and feeder roles, the skills required by each, as well as the compensation and current demand for each role.
The article will focus on Cybersecurity engineers who now play a pivotal role in protecting an organization's digital assets. They are tasked with developing complex security strategies, managing security infrastructure, and responding to diverse and evolving cyber threats.
Demand and Growth Prospects
Statista projects growth rates for the fastest growing cybersecurity skills worldwide for 2021 through 2025.
The most demand right now in the U.S. is for more advanced positions—chief among them cybersecurity engineers, according to job posting data from Lightcast analyzed by CyberSeek. The role typically requires knowledge of most all of the above skills in addition to technical skills such as advanced experience with Linux, Windows, log query languages, programming languages such as Python, Goland, and basic project management skills.
According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs globally in 2023 — enough to fill 50 NFL stadiums. A 2022 (ISC)² Cybersecurity Workforce Study corroborates this estimate, confirming unfilled cybersecurity jobs worldwide to be roughly 4 million in 2023.
Compensation
Years of Experience | Average Annual Compensation | Source |
---|---|---|
Less than 1 year | $96,300 | Built In |
1-2 years | $115,000 | Glassdoor |
3-5 years | $135,000 | PayScale |
6-8 years | $155,000 | ZipRecruiter |
9+ years | $175,000 | Salary.com |
The above reflects compensation averages for 2023 in the US. Compensation has been rising over the past few years, reflecting the high demand and critical nature of cybersecurity engineering work.
A 2023 report by the Bureau of Labor Statistics showed a median annual wage for information security analysts, which includes cybersecurity engineers, significantly higher than the average for all occupations. This trend is expected to continue as the demand for these skilled professionals grows.
Technical Skill Requirements: Present and Future
Current and future cybersecurity engineers need a blend of the role and technical skills mentioned above under “Demand and Growth Prospects” and well as a working knowledge of the NIST Framework. NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data.
Future trends suggest an increased importance of skills in cloud security, artificial intelligence, and machine learning.
Educational Pathways and Certifications
Aspiring cybersecurity engineers typically need a bachelor's degree in cybersecurity, information technology, or a related field.
Suggested Certifications include which are highly valued in the industry and can significantly enhance employment prospects are:
- Certified Information Systems Security Professional (CISSP),
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Manager (CISM)
- Global Information Assurance (GIAC)
- Certified Ethical Hacker (CEH),
- CompTIA Security+.
- GIAC Security Essentials (GSEC)
Resources for Self-Learning and Skill Enhancement
-
Online Courses and Tutorials:
Coursera: Coursera offers a wide variety of cybersecurity courses from top universities and organizations, including "Introduction to Cybersecurity" from the University of Maryland, Global Campus, and "Cybersecurity for Business: Managing Risk in the Digital Age" from IBM.
edX: edX is another great platform for finding high-quality cybersecurity courses. Some popular options include "Cybersecurity Essentials" from Microsoft and "Cybersecurity for Managers" from the Cybersecurity and Information Security Agency (CISA).
Udemy: Udemy offers a wide range of cybersecurity courses at affordable prices. Some popular options include "The Complete Ethical Hacking Course 2023: Zero to Hero" and "The Ultimate Cybersecurity Bootcamp: Learn Everything from Scratch".
Khan Academy: Khan Academy offers a free cybersecurity course called "Cybersecurity and Privacy". This course covers the basics of cybersecurity, including cryptography, network security, and ethical hacking.
-
Books and Articles:
"Cybersecurity: The Beginner's Guide" by Raef Meeuwisse: This book provides a comprehensive overview of cybersecurity, covering topics such as risk management, incident response, and security awareness.
"The Hacker Playbook 3: Practical Guide to Penetration Testing" by Peter Kim: This book provides a hands-on introduction to penetration testing, covering topics such as vulnerability scanning, exploitation, and social engineering.
"Countdown to Zero Day" by Kim Zetter: This book explores the world of cyberwarfare and the growing threat of cyberattacks.
"The Code Book" by Simon Singh: This book provides an introduction to cryptography, covering the history of cryptography and the different types of ciphers.
-
Websites and Blogs:
Cybersecurity & IT Security News | SANS Reading Room: SANS is a leading cybersecurity organization that provides a wealth of free information, including articles, white papers, and webinars.
Security Magazine: Security Magazine is a leading cybersecurity publication that provides news, analysis, and best practices for cybersecurity professionals.
Krebs on Security: Brian Krebs is a renowned cybersecurity journalist who writes about cybercrime, cybersecurity threats, and security vulnerabilities.
HackerOne Blog: HackerOne is a bug bounty platform that connects security researchers with organizations to find and fix vulnerabilities. Their blog provides insights into the latest vulnerabilities and security research.
-
Online Communities and Forums:
Reddit: Reddit has a number of active cybersecurity communities, such as r/cybersecurity and r/AskNetSec.
Discord: There are a number of cybersecurity Discord servers where you can connect with other cybersecurity professionals and discuss the latest topics.
-
Hands-on Practice:
Vulnerability scanning tools: There are a number of free vulnerability scanning tools available, such as Nessus and OpenVAS.
Penetration testing tools: There are a number of free penetration testing tools available, such as Kali Linux and Metasploit.
Virtual machines: Virtual machines can be used to create safe environments for practicing cybersecurity skills.
Capture the Flag (CTF) competitions: CTF competitions are a great way to test your cybersecurity skills against other professionals.
The role of cybersecurity engineers is more crucial than ever in our increasingly digital world with cybertheft on the rise. With the right education, certifications, and a commitment to lifelong learning, cybersecurity engineers can look forward to an extremely lucrative job market in short supply.