Will We Run Out of Cyber Jobs?

This article discusses the cybersecurity job market and the number of expected cybersecurity professionals. To see if cybersecurity might be for you, take our cybersecurity quiz here. To learn how to get started in cybersecurity, check out our article here.

At a recent cybersecurity presentation, I heard an executive say that he believes the cybersecurity job market will eventually cap out, where there will be too many professionals in the field for the number of jobs that are available.  I was taken aback by that statement because it’s the first time I’ve heard anyone related to the field of cybersecurity say that they thought the demand for cybersecurity professionals would drop off. I’ve even personally written about the strong demand for cybersecurity.  I decided to ask other cybersecurity professionals if they thought we would ever fill all of the cyber jobs out there, and in this article, I’ll share what they had to say.

Will we run out of cybersecurity jobs?  Most cybersecurity professionals believe that the demand for cybersecurity workers will continue throughout the next decade.  They agree that the nature of their work, however, will evolve and that to remain in demand, a cybersecurity professional must continue to adapt and learn.

Let’s take a closer look now at what that means and provide more detail about what these cybersecurity professionals had to say.

Opportunities for Cyber Professionals Will Remain Prevalent

Almost all of the professionals that I spoke with felt confident that the demand for their profession will continue to be strong throughout the next five years and beyond and that there would be career opportunities available.  There were several reasons for this, and a few caveats as well. For example, consider:

Opportunities will continue because the number of cybersecurity threats will grow with the population and the number of connected systems.

The first thing that a cyber pro I spoke with pointed out was that cyber job opportunities will continue to be available because the market has to keep up with the spread of technology.  Without a doubt, the number of people on the planet, the number of people online, and the number of devices that people will use will increase greatly in the coming decade.  And all of those devices, which haven’t even been manufactured yet, must be secured. Many cybersecurity professionals agree that demand for their services will not die off, simply because of the growth of the underlying technology and the massive amounts of data that they will have to secure.

Opportunities will continue as we attempt to secure new technology while supporting legacy systems.

Here’s another interesting way to look at expected career opportunities that one cybersecurity professional shared with me.  He believed that the demand for his skill set would not go away because as technology marches on, we will still have many systems in place that would be considered “legacy.”  There will continue to be many old 32-bit systems, tens of thousands of out-of-support but still-in-service Windows boxes, legacy SCADA systems, and so on, that need to remain functional.  Even if we could move to new systems complex enough to secure themselves in the future, we won’t be able to replace these old systems quickly, and they will continue to be targeted. Many of the cybersecurity professionals I spoke with believe that the evolving mix of new and old in the technology space will drive demand for cybersecurity professionals responsible for securing it all and that demand will create additional job opportunities.

Opportunities will continue because existing automation has helped job growth, not hindered it.

Here’s another interesting concept.  If you ask anyone who has been in the technology field for a while if they could have imagined cybersecurity evolving to the level that it has, they will certainly tell you no.  There have been many advances in automation over the past twenty years that have made things easier in the IT field, however, none of those have been successful in killing demand for technology workers.  We now have technology such as virtual machines, SDN, cloud services, and IoT that were more or less a pipe dream twenty years ago, and all those technologies have been able to do to the job market is make it evolve and grow, not go away.  Now we have professionals strictly focused on security and businesses in the managed service space, for example, when that wasn’t much of a thought back then.

Opportunities will shift but remain strong because cyber is increasing in complexity.

Another consideration regarding cyber demand that was shared with me was the idea that cyber threats and tools will undoubtedly grow in complexity, and the complexity of the technology will cause a shift in the job market.  What one cybersecurity professional believes this will do is make the demand for lower-skilled cyber workers drop while demand for mid-to-high skill level workers will continue to grow.  I believe that technology will certainly grow in complexity, because it always has, and workers will need to grow with it. This could increase the number of career opportunities available, or it could shift career opportunities to higher levels of competency.

Opportunities will continue but may shift to advisory roles.

Another school of thought regarding cybersecurity demand is that the roles of cybersecurity professionals will shift more toward an advisory focus as automation slowly minimizes strictly technical tasks.  I think this is a good possibility because of the increase in management and executive understanding of cybersecurity and the threats that they release it now places on their organizations.

What Should Current and Aspiring Cybersecurity Professionals Do?

To continue to work in the cybersecurity field over the next decade and beyond, all the professionals I spoke to agreed.  Regardless of the number of applicants in the job market, there will always be room for highly-skilled professionals at the top. If any individual can get their skill set higher up the ladder, they can insulate themselves from any downward market swing that would negatively impact lower-skilled positions first.

It will be critical that all of us in the cybersecurity field be ready to adapt to changing technology, and be able to adapt quickly, and most importantly, become more skilled year after year.  Here were some strategies that they shared:

Strategy #1:  Learn something new every day.  Make sure that you learn something new – seven days a week – that can help you on the job.  Spend some time each day, even on days that you’re off, learning something by trying something hands-on, reading, or listening to a podcast. You can see our recommended resources for learning cybersecurity here.

Strategy #2:  Read one hour a day.  Spend one hour every morning reading in your segment of cybersecurity to keep your knowledge moving forward.

Strategy #3:  Look for opportunities at your job to learn new technology.  This can be offering to take on a new project or learn a new thing that will benefit your company.

Strategy #4:  Read cyber blogs, news feeds, and listen to podcasts.  This will help you stay up to date on the latest cyber news.

Strategy #5:  Always be thinking about your five-year career plan.  Always consider how your role will change and what else you’ll need to learn in order to get where you want to be in the next five years.

Conclusion

Opportunities for cybersecurity professionals should continue to be strong, and it is unlikely that the market will ever cap out with too many professionals for the marketplace to absorb.  Any risk of market absorption, where there are too many applicants for the existing number of jobs, will probably negatively impact lower-skilled positions first. The professionals at the top of the skills ladder will probably remain insulated from any possible job losses.

Current and aspiring cybersecurity professionals should always be prepared to evolve and adapt to new market conditions, as the ability to evolve increases job security. Some areas of the country may experience downswings in their local cybersecurity market, but cybersecurity skills are mobile and career opportunities at the national level can be expected to continue to be available.

To get started on your cybersecurity career journey, view our Getting Started In Cybersecurity guide.

Matt Day

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity and technology training fields. He holds CompTIA A+, Network+, Security+, CySA+, and Cisco CCNA certifications, and is the author of the book CCENT Troubleshooting Guide.