We Reviewed 10,584 Cybersecurity Job Postings— Here’s What We Learned
Despite claims of demand for ‘millions of cybersecurity professionals’, finding your first role in security still proves challenging.
Cybersecurity hiring is broken, and it’s putting organizations at risk. There are a number of reasons for this. Many employers are accused of seeking ‘unicorn’ candidates — those with experience, certifications, and who may be willing to accept a less-than-competitive salary; essentially a perfect match for the employer’s wish list. Additionally, unlike many other professions, there’s rarely a clear path on how to get started in information security.
We reviewed over 10,000 entry-level cybersecurity career openings over a 6 month period. Here’s what we found.
Entry level = ‘some experience required’ (usually)
71% of cybersecurity roles that explicitly listed the words ‘junior‘ or ‘entry-level‘ required requested between one and three years of experience. It’s worth noting that only 8% of these jobs specifically listed ‘paid professional experience‘. This means that candidates can — and should — frame their studying, technical hobbies, classwork, projects, previous roles, relevant volunteer work and organization affiliations as experience on their resume and LinkedIn profiles.
Show me the $$$
The lowest annual salary we came across in our search was $53,000. The highest, given our focus on entry-level and junior roles, was $114,000.
No Clearance? No problem
Less than 18% of jobs we reviewed required any sort of security clearance. Nearly all of these roles were with government entities, intelligence agencies, and defense contractors.
Can’t Code? Come on down!
There’s a persistent belief that working in cybersecurity — or tech in general — means you have to be able to code. While the logical thinking and ability to automate processes is helpful in many careers, only 12% of the jobs we looked at required candidates to be able to code. In these instances, the most commonly listed programming language was Python.
Certifications matter.
83% of job postings listed a certification. Most common among these were CompTIA’s Security+ and the CISSP from ISC2.
Over 92% of job posts asked candidates to be familiar with: ‘frameworks, standards, and regulations’. Most commonly listed were: HIPAA, GLBA, PCI DSS, FISMA, NIST Cybersecurity Framework, ISO 27000, COBIT, ITIL, Project Management methodology. Candidates are advised to read up on, practice implementing, and adding these to their resumes and job profiles.
Remote OK? Not Really
Only 11% of roles offered candidates the ability to work remotely. Most employers expected employees to be on-site.
Got (Soft) Skills?
Beyond the technical tools, hardware, and ‘l33t hax0r skills’, many employers want candidates to possess a number of professional skills. Over 90% listed some combination of the following: Problem solving, research, analysis, written and oral communication, as well as an ability to explain technical concepts to various stakeholders.
No degree? No problem.
Less than 24% of jobs required an undergraduate degree. Other postings we reviewed mentioned that experience would be considered in lieu of formal education. When a degree was mentioned, preferred areas of study included: computer science, information technology, information systems, information assurance, information security, and cybersecurity.
Do you even lift?
Lastly, .01% of roles asked candidates to be ‘able to lift upwards of 25 pounds’.
