Recent college graduates and those looking to complete their studies in the coming years are facing a dichotomy as they begin to enter the cybersecurity or IT workforce: Low unemployment rates are coupled with a U.S. tech sector that has cut back on hiring and cybersecurity budgets over the past two years.
Regarding the good news: The latest CompTIA analysis of U.S. Bureau of Labor Statistics data finds that the tech unemployment rate hit 2.5 percent in May, much better than the overall 4 percent unemployment rate for U.S. workers. Other data suggests that there are only enough tech pros to fill 85 percent of open U.S. cybersecurity jobs, leaving numerous open positions for those seeking employment including entry-level opportunities.
At the same time, the biggest players in the U.S. tech industry have cut back on hiring. While most Silicon Valley firms have ended mass layoffs, hiring has remained slow, forcing developers, IT and cybersecurity pros to look to other sectors for employment. The buzz around generative artificial intelligence has also reshaped how some view career opportunities.
Cybersecurity budgets have also remained tight, which also affects hiring and investing.
These trends have created a unique job market that recent college and university graduates (as well as those looking to graduate in the next year or two) must now navigate. For those looking for a starting cybersecurity position or at least curious to explore the field, having the right skills, adapting to change and looking to build their knowledge set are critical.
“With tech companies pulling back on hiring and cybersecurity budgets under pressure, aspiring professionals face a unique set of challenges and opportunities,” said George Jones, CISO with Critical Start. “As you embark on your cybersecurity career, remember the importance of continuous learning and adaptability. The field is ever-changing, and staying curious and committed to growth will help you succeed. Resilience and persistence are key, and contributing to the cybersecurity community can be incredibly rewarding.”
As the Class of 2024 prepares to enter the workforce, and with cybersecurity still a significant risk to organizations large and small, several experts offered their view of what it takes to survive and grow in today’s security job market.
Hard and Soft Skills Matter
For tech professionals who want to create a cybersecurity career, Jones recommends three essential areas to focus on for recent graduates:
- Technical Skills: A strong foundation in networking, operating systems and programming languages is important. A solid understanding of how systems work and communicate lays the groundwork for identifying and mitigating security threats.
- Cybersecurity Fundamentals: It is crucial to grasp core concepts such as encryption, firewalls, intrusion detection systems and malware analysis. These are the foundations on which more advanced knowledge is built.
- Soft Skills: Communication, problem-solving, and analytical thinking are as important as technical skills and will allow young professionals to effectively convey complex information and think critically to address security challenges.
This approach of focusing on hard, technical skills and softer skills such as communication is what Jason Soroko, senior vice president of product at security firm Sectigo, also recommends to recent grads. While understanding certain programming languages such as Python, JavaScript, C++ and Rust is important, cybersecurity pros need to go a step deeper in their understanding of how systems all work together.
“Mastery of operating systems and networking serves as the north star for anyone aspiring to excel in this industry, as it forms the foundation for understanding and mitigating security threats and understanding how threat actors think,” Sectigo told Dice.
This deep technical know-how must then be balanced against the need to take this knowledge of security and translate it to the rest of the organization. “Strong communication skills are as important as technical skills for people who aspire to rise to the top,” Soroko added. “Being able to explain complex technical issues to non-technical stakeholders is invaluable. Problem-solving and critical thinking skills are crucial for identifying and addressing security challenges effectively.”
Outside of earning a bachelor’s or master’s degree in cybersecurity, computer science or information technology, experts like Jones recommend some of the more popular certifications to help distinguish potential candidates. These include:
- CompTIA Security +
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Certified Cloud Security Professional (CCSP)
These degrees and certifications, as well as developing the right set of hard and soft skills, help create critical thinking and problem-solving mentalities that recent grads can use to start their careers.
“Regardless of the variant of cyberattacks a company faces, the best skills an employee can have are good critical thinking and problem-solving skills. Good problem-solving and critical thinking skills come from determination and diversity of thinking,” Sunil Muralidhar, vice president for growth and strategic initiatives at ColorTokens, told Dice. “You must be confident and determined in your path to a solution as well as constantly being creative in your problem-solving. Newer employees should concentrate on being confident in their decisions, as many put faith in others to know more than them solely based on experience.”
Look Outside Traditional Tech
While layoffs at the large Silicon Valley firms have tailed off, these companies are still trying to rebalance their workforces in the wake of generative A.I. and other tech developments.
At the same time, recent cyber threats in the healthcare sector show that organizations outside of tech need help securing their infrastructure and data and are willing to invest in talent, opening up doors for young tech pros looking to jump-start their careers.
“As for your industry—security is needed everywhere, and not just cybersecurity. Industries such as healthcare and finance come to mind as those that are suffering from attacks, but security events are also unfortunately common for schools, municipalities and government,” Robert Hughes, CISO at RSA, told Dice. “I’ve also known some very sharp security professionals who have come out of the armed forces, which may be a precursor [or] substitute for a formal degree program. You can learn some very applicable concepts and today, more than ever, the idea of cyberwarfare can be a very meaningful part of the military experience.”
Critical Start’s Jones also sees healthcare and other sectors, including mid-sized firms, as needing cybersecurity talent and willing to invest in people.
“Some emerging verticals that are experiencing growth in cybersecurity include healthcare, financial services and small and medium enterprises,” Jones told Dice. “Healthcare and financial services are prime targets for cyberattacks, creating a growing need for professionals to preserve and protect the sensitive information that businesses in these verticals need to secure. Many small- and mid-sized enterprises lack the robust cybersecurity defenses necessary to safeguard their systems, creating significant opportunities for young professionals looking to make a meaningful impact.”
Continuing Ed
As with any profession, those who excel in cybersecurity are those tech professionals who continue learning at various stages in their careers. While a recent grad might start working in a security operations center (SOC), there are valuable lessons to learn moving up the career ladder.
“Entry-level positions in cybersecurity are often in security operations centers or you may have to look for opportunities in other departments—don’t despair if you find more openings in IT, networking or support desks,” Hughes noted from his experience. “I got my start doing customer support at a software company. I built my technical skills, moved into an IT role, and then moved to security after having a lot of operational experience.”
For other insiders such as Devin Ertel, CISO at Menlo Security, creating a checklist of various activities to help better compete in today’s job market is a good exercise. His includes:
- Attend local conferences
- Play and learn security on your own time: Set up stuff at home and participate in “Capture the Flag” exercises
- Learn how A.I. can help you become a better security professional, especially how the technology can bridge knowledge gaps and increase efficiency
- Embrace the security community online: Security pros are welcoming and love to learn and grow together
“My biggest piece of advice? Admit when you don't know something. People will teach you, and if you don't, you will never learn,” Ertel said.
