2022 is shaping up to deliver more job opportunities than ever in cyber security. The latest Jobs Report by Cybersecurity Ventures details the growth in unfulfilled cyber security jobs globally has hit a 350 per cent increase since 2019. That amounts to 3.5 million global cyber security job opportunities in 2021, and it is expected that this will stay the same until 2025.
2021 was a massive year for cyber security, with the increase in cyber-attacks pushing a wider than ever range of industries and governments to address the cyber security sector. In its recent brochure, CISOaaS.online highlights some concerning Australian security statistics, such as the $33 billion in total self-reported losses from cybercrimes and a 13 per cent increase in cybercrime reports from 2020 to 2021. In addition, ransomware, tipped as the number one concern for organisations this year, was up 15 per cent between 2020 and 2021.
AuCyberscape expects cyber security spending by Australians to increase to A$7.6 billion by 2024. Rapidly snowballing, the Australian cyber security workforce is anticipated to increase to 33,500 in the next two years. The latest data from AuCyberscape’s Cyber Security Workforce and Job Openings Map shows that Australia-wide, there are currently over 4,000 dedicated cyber security job openings and over 14,000 cyber-related job openings.
Australian cyber security recruitment firm Decipher Bureau puts its number one prediction for 2022 on diversity and non-traditionally educated candidates as contributing significantly to the cyber security skills shortage. IBM coined the term ‘new-collar workers’, which is all the buzz right now. This term is attributed to those who develop technical and soft skills through unconventional means to tap job sectors such as cyber security and other growing technology industries.
Additionally, it is expected that 2022 will see an uptick in opportunities for women in cyber security, who currently hold 25 per cent of cyber jobs globally. Cybersecurity Ventures predicts the increase of women represented in cyber security jobs will hit 30 per cent by 2025 and 35 per cent by 2031.
For several years, the Institute of Data has been bridging the cyber skills gap via its job-ready Cyber Security program. Here are some of the top asked questions by cyber career candidates, students and those looking at getting involved in this exciting career journey.
What are the leading cyber security roles available, and what do they involve?
Cyber security jobs are highly varied and include various skillsets from technical to non-technical. Jobs may be cyber-dedicated or cyber-related. The following are some of the most common cyber-dedicated roles:
Cyber Security Analyst
- The gatekeeper for an organisation, this role has varied duties revolving around monitoring, detecting, responding to and reporting on security information and events.
- A cyber security analyst often works in a security operations centre (SOC) team and may undertake shift work. Positions typically range from entry-level associates (often suitable for graduates) to senior analysts with 3+ years of experience.
- A largely technology and tools focused role, cyber security analyst duties provide a comprehensive steppingstone to other cyber jobs like security engineering, security architecture, and incident responder.
Cyber Security Engineer
- Several possible job titles exist for someone with a security engineer skillset, including those with some variation of network security engineer, information security engineer, or cyber engineer.
- This is a hands-on technical role, with duties such as implementation, maintenance and support for cyber security technology and tools in information technology (IT) and communications environments.
- Day-to-day, the role of a cyber security engineer will involve working within network and cloud environments, staying up to date with the features, administration and uses for security software and hardware solutions.
- A cyber security engineer will typically work with other members of a security team or a wider IT team to make sure technology supports the security requirements and function of the organisation or SOC team.
Cyber Security Consultant/Specialist
- The role of a cyber security consultant specialist is an inter-personal role, with a range of duties that can include assessing or advising on cyber security and information security risks, approaches, solutions and compliance.
- Duties can also involve auditing, training and teaching cyber security. Often, consulting roles fall under the Governance, Risk and Compliance (GRC) domain of cyber security. These are soft skills driven roles that deal less with technology and tools and instead with people, policies, procedures and how controls in those areas can impact cyber security.
- Often deemed one of the more exciting roles, this job, sometimes known as an ethical hacker, is tasked with requirements from an organisation to test the ability for a threat actor to breach security controls to perform some kind of adversarial behaviour.
- A highly technical role, dedicated training on security tools and attack techniques and methodologies is crucial to developing an extensive skill set. Soft skills are often considered highly valuable in this role as some degree of consulting and reporting will be required.
- Penetration testers may also have duties involving physical testing such as lock-picking, physical evasion and entry testing and physical, social engineering to provide a holistic approach to security testing against an organisation.
The list continues for cyber-dedicated roles, and you could land a job for a cyber security organisation or professional services firm. Additionally, many large organisations have internal cyber security functions that require employees. They will have either a dedicated cyber security unit within their company or jobs may sit within another unit like IT or Risk.
Other non-traditional jobs that are proving to be highly lucrative and invite a great diversity in skill sets include cyber security sales, cyber project management, service delivery, auditing, training, education and secure software development.
Do you need a qualification or certification to work in the cyber security field?
There’s plenty of debate about necessary qualifications to work in cyber security and valid arguments on both accounts for holding certifications and degrees. The very short answer is no. You don’t need a cyber security qualification or certification to work in cyber security. Will it help? Yes.
Realistically, like most jobs, you need to demonstrate a level of competence and a commitment to development that is commensurate with the job you are applying for. Take roles like a penetration tester, where you will be very hard-pressed to land a job if you cannot demonstrate your hacking skills through a portfolio of work. Additionally, as pen testing certifications and qualifications usually indicate a level of specific training, these often speak to an individual’s capability to perform certain types of testing and attacking. On the other side, a cyber security sales or service delivery role may be nabbed by someone who doesn’t hold a tertiary qualification related to cyber security but can demonstrate the soft skills required to fulfil the duties involved.
It is becoming increasingly common to ‘hack’ into the cyber security industry without a conventional qualification. With vast online resources available, it is possible to build a portfolio of technical accomplishments with minimal or no cost or employment experience. Additionally, foundational cyber security training is increasingly affordable. A key element that employers are looking for in candidates is job-ready experience that is relevant, transferrable, or that can be built upon. Many employers will pay for training and certifications for employees who are dedicated to self-improvement and contributing to the success of their company or clients.
What are some essential qualities to have to be successful as a cyber security professional?
Ever evolving, cyber security is trying to keep up with the proliferation of cybercrimes. Quality candidates are desperately needed in cyber security, and landing the right job goes beyond having a technical skillset or specific cyber security knowledge. AustCyber lists the following top-rated qualities sought after by cyber security employers:
- A continuous learner
Some additional qualities that are valuable if you are striving for success include:
- Self-driven – be reliable and demonstrate motivation through initiative.
- Empathetic – communicate understanding and listening through connection.
- Leadership – inspiration is the greatest call to action and cause for change.
- Autonomous – a pathway to more responsibility is showing your capability to focus alone.
- Collaborative – more is always achieved together, so make contribution a priority.
How can you find cyber security job opportunities? What’s the pay like?
Approaching the cyber security jobs market with a hacker’s mindset is essential to fast track your ideal next cyber security role. First, there are the must-dos for any candidate, including scouring the conventional job boards on Seek, Indeed, LinkedIn, etc. Then there are all the companies that take direct applications or hold expressions of interest. You will need to think outside the box a little when it comes to uncovering these. For example, try researching companies with cyber security units in them, or looking up organisations that have a cyber security division, like within professional services companies. Additionally, research dedicated cyber security firms and cyber solution vendors to see what opportunities they have directly.
Connecting to a community is one of the quickest and most effective ways to tap into job opportunities outside those traditionally advertised. Getting connected through your study cohort, teachers and trainers, a mentor, or peers is often a significant first step. This could lead to word of mouth jobs, referrals and industry connections. Take the next step through social networking like LinkedIn, following organisations and influential people, and getting involved in cyber community groups.
For those with some experience, who are already in the industry, or who have largely transferrable skills, you could get in touch with a recruiter. The pool of cyber security recruiters is growing, and with the talent shortage and hunt for the right fit ongoing at many organisations, this can be an effective way to increase your chance of interviews.
Graduates currently have an excellent opportunity to showcase their capabilities and present to a large range of organisations as government programs and professional services expand the domestic call for cyber security jobs candidates. Tracking grad programs or picking up an internship can fast track exposure that sets you up for life.
Other thoughts to consider include military and government openings in cyber security, approaching your existing employer and seeing what plans they have to introduce or expand cyber security functionalities. Alternatively, get industry experience through support roles like cyber security sales, cyber recruitment, project management, service delivery, IT support and administration and education.
Cyber security is currently known for its highly lucrative remuneration opportunities. Payscale.com has the average base salary across the wide selection of all cyber security jobs as A$97,000 per year. Here are some of the top jobs by title and average base pay range according to Decipher Bureau’s Australian Cyber Security Salary Guide 2021:
- Cyber Security Analyst: Range A$65K – A$200K.
- Cyber Security Engineer: Range A$65K – A$180K.
- Cyber Security Consultant: Range A$70K – A$200K.
- Cyber Security Architect: Range A$150K – A$230K.
- Penetration Tester: Range A$65K – A$190K.
- Cyber Security Sales: Range A$75K – A$250K.
- Cyber Security Project Manager: Range A$160K – A$200K.
There’s absolutely no better time to get into cyber security. If you are curious about how the Institute of Data can help you gain the job-ready skills to land a role in cyber security, speak with one of our experienced course advisors today.