We hear so much about cybersecurity and about cybersecurity attacks that seem to happen almost weekly.  At no time in recent memory has any career field seemed to get so much attention and seemed to grow at such a fast pace.  Many people looking to choose a career field are now starting to consider cybersecurity as a career option. But is that a safe bet?  (I discuss if we’ll run out of cyber jobs in this article here.)  Is cybersecurity really in demand, and if so, will it continue to be in the future? Let’s take a look.

So, is cybersecurity in demand?  Cybersecurity has been in high demand in most parts of the United States, with research showing that the demand for skilled cybersecurity professionals will continue to increase in the foreseeable future.  Employers are expecting a shortage in the pool of qualified cybersecurity professionals.

Read on as we take a look into why this career field is the place to be and why it will continue to stay that way.

Why is cybersecurity in high demand?

There are several factors in our modern society that are causing the demand for skilled cybersecurity professionals to rise.  The first is the incredible number of hack-able devices now online.

Factor #1:  The number of people and devices online that can be hacked is increasing exponentially

Not much more than a decade ago, Steve Jobs of Apple stood on a stage in California and showed the world the first iPhone.  At that point, the word smartphone was not a part of our regular vocabulary. Since then, several billion people have started to carry around tens of billions of cell phones, tablets, e-readers, laptops and smart watches.  All of these devices are online and have some level of personal data inside.  Because they are online, they can be connected to, and hacked from anywhere. And we now keep our devices with us always.  For a hacker or scam artist, they now have several billion more options for targeting.

Consider also that IoT, or the internet of things, is now a reality and growing.  This means that many security cameras, televisions, air conditioning systems and so on are now online.  They can be attacked too, and therefore need to be protected. These items are adding to the number of devices that are online as well.

It’s not just about the number of devices online, but also about the people.  Populations in developing countries are now getting access to connected technology for the first time.  In some developing countries, it is possible that an individual would have a cell phone before they have access to actual necessities, such as opportunities for employment.

Factor #2:  Our reliance on technology cannot be rolled back

Would you be able to, or even willing to, give up your device access for a week?  Most young people cannot remember a time when we didn’t have computers in nearly every home or a device carried by every person.  Many people will not leave the house without their phone. We have become so reliant on our connected devices that they are now a part of who we are and how we live.  This factor means that not only are there more devices and more people using devices, but they are using the devices more often.

Consider this for a moment:  If your grocery store lost electrical power, or access to the credit card network, how many people in the store at that time would be able to checkout with cash?  How many transactions would the store be able to complete if they lost power for a week? If the local pharmacy lost access to their computer systems for a week, how many prescriptions could they fill?  Would they be able to even look up what medicine you need? Our economy is completely reliant on technology, which makes the need for security paramount.

Factor #3:  Nearly all financial transactions are now online

Bank robbers used to rob banks because that’s where the money was, however the money in the bank is now mostly 1’s and 0’s.  The bulk of the money is now in the data system, so that has become the new target. It is more lucrative, and less risky, for someone to hack the financial network of a bank or retailer then to go to the physical location and attempt a theft where security cameras are everywhere and the amount of actual cash is limited.  These financial networks need cybersecurity protection, and they need that protection 24/7/365.

Factor #4:  The government is now requiring companies to protect data

Companies and industries have always been regulated to some extent, but the government is increasingly imposing security regulations that require organizations such as healthcare providers and insurance companies to protect data and meet cybersecurity standards.  The government and it’s regulations are usually slow to adapt to the current state of cybersecurity, but they are progressing. Cybersecurity professionals are needed to help these companies remain compliant.

Factor #5:  Governments are getting in on the act

The battlefield of the future will be online.  Nation states know that more damage can often be done to adversaries if their systems and infrastructure are damaged then if there if there is confrontation on the ground.  Countries are increasingly participating in cyber attacks, advanced persistent threats and social engineering to harm their enemies. This means that all developed countries need both offensive and defensive cybersecurity professionals.

Factor #6:  Populations not experienced with technology are online too

Many people between the ages of 25 and 65 use computers at work, and many of them receive training from their employers regarding maintaining security of company systems.  Is is not uncommon for companies to train their employees annually on cybersecurity threats that could negatively impact the company. But tens of millions of other people are online too.  Senior citizens who did not grow up with technology and are not trained on it’s threats are online. And millions of children that have not developed the life skills to identify a threat are online too.  This makes for potentially hundreds of millions of people that are online but may not be security-aware. Would this be of interest to a hacker or scam artist? Of course.

Factor #7:  We still rely on outdated and insecure technology

One common path for a hacker to exploit is to find holes in older, vulnerable software.  Unfortunately, there is outdated, legacy software all around us.  We don’t have the ability to get rid of it overnight, and much of it can’t be upgraded, or we just don’t take the time to do it.  All of this old software is filled with security flaws that have been discovered since the software was introduced.

We see legacy software everywhere.  Software that is 10, 15, or even 20 years old is running our point-of-sale systems, our power plants and water treatment facilities, and in some cases, even our air traffic control.  These things all work well and are stable, but they are a way for hackers to attack.

What does this mean for cybersecurity jobs?

The most important question for you and me is if all of these reasons for the increase in cybersecurity is actually translating into job opportunities.  The answer is yes. Here are some statistics that should make you willing to give a cybersecurity career serious consideration.

  • The Bureau of Labor Statistics cites the job outlook for Information Security Analysts to be an expected increase of 26% through 2026, which the describe as “much faster than average.”  This rate of growth is nearly four times faster than the overall average of only 7%.
  • Cisco cited in their one of their annual security reports that they expect a shortage of more than one million cybersecurity workers, and several other studies have estimated the shortage to be several times that amount.  This means that even if every cybersecurity professional available had a job, there are still more than a million jobs that would remain unfilled.
  • The cybersecurity unemployment rate has hit zero.  This is another statistic that confirms the same thing – that anyone qualified to be in cybersecurity that wants a job can have one.

Related Questions

How long does it take to get into cybersecurity?

Depending on the technology and educational background of an individual, most people could acquire the training needed and get into the cybersecurity field at an entry level within three to five years, and possibly as short as two years in some cases.  We have a full article on how long it takes here.

If the cybersecurity field is so strong, why are there still some people in the field that are unemployed?

While employers do have a great need for qualified professionals, they do need them to be qualified.  Just like any other field, there are some in cybersecurity as well that have not kept their skills up to date.  

About the author 

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity, and technology training fields. He has a degree in Computer Information Science and CompTIA A+, Network+, Security+, Server+, CySA+, and Cisco CCNA certifications.