A Career in Cybersecurity Has Many Positives, But It’s Not Without Challenges

October is Cybersecurity Awareness Month

There aren’t many fields where the majority say they’re happy with their profession. A satisfying career path—one where we feel successful—can be a long journey that most of us aren’t taught in school. In fact, 70 percent of workers say they don’t feel satisfied with their career choices.

By contrast, in the cybersecurity industry, the majority report high levels of job satisfaction, according to Exabeam’s 2018 Cybersecurity Salary and Jobs Report. Overall, 83 percent say they’re satisfied with their jobs, while only 9 percent report they’re unsatisfied. When it comes to the future, 80 percent feel secure about their role, and 86 percent would recommend a cybersecurity career to new college graduates.

Exabeam’s report has a lot of positives to report by those working as CISOs, frontline security analysts, and managers. However, a career in cybersecurity isn’t without challenges.

Click to enlarge

Is it the money?

The Exabeam report found that salary satisfaction is usually influenced by how much someone is paid. Roles such as chief security inspector, CISO, and security consultant are among the top earners at $175,000 – $200,000 annually; they also are the most satisfied with their current salaries.

By comparison, 40 percent of security professionals are dissatisfied with their current salary, including those serving as compliance officers and security program managers.

System and security administrators report some of the lowest median incomes, at $50,000 – $75,000, along with security operations center (SOC) and security analysts. SOC staff and security leaders were the least satisfied (25 percent) with their median salaries. Meanwhile, information security officers and security engineers’ median incomes start at $75,000.

Median salaries are lowest at small companies, ranging between $50,001 – $75,000. Survey respondents working at smaller companies who reported higher salaries also reported less job security.

Exabeam’s report reveals that European and Asia Pacific-based cybersecurity professionals are being surpassed in earnings by their US-based counterparts, who typically earn median salaries of $75K – $100K, compared to $50K – $75K in Europe.

And our survey revealed that those doing malware analysis or in-depth security research reported the lowest median salaries at just $50,000, even though their work is critical in the current cybersecurity environment. By comparison, those responsible for compliance and forensics had a higher median salary of between $75K – $100K.

Figure 1 – Catching threats is ranked most satisfying, while interruptions is ranked least satisfying for on-the-job experiences.

So, perhaps for many their job satisfaction is not about the money. However, those in the telecommunications and technology industries reported the lowest in job satisfaction, with 33.9 percent admitting they are unsatisfied with their jobs; those same industries were also amongst the lowest earners.

A predominately male industry

Like many technology industries, Exabeam’s survey found that most working in cybersecurity are male—at 90 percent. While the numbers vary by survey, tech industry data on gender disparity remains consistent and continues to worsen. According to The Atlantic, in 1984 women with computer science majors peaked at 37 percent. It has mainly declined steadily ever since. Today it stands at 18 percent, with women holding 25 percent of computing jobs.

One theory is after World War II many considered the future of computing to be in hardware. Programming back then was seen as secretarial and a solid career choice for women; many of whom took on the roles of men during the war. Over time the field became flooded by mainly men—many of whom grew up with the Commodore 64 and the Apple IIc, which were marketed as toys. By the ’80s and ’90s many of the boys already knew how to code, while fewer girls did.

Immersive Labs is advocating that to address the cyber skills talent shortage requires working from the ground floor, with initiatives like the NCSC’s CyberFirst Girls Competition. And like all tech fields, cybersecurity would benefit from looking at why the gender divide is worsening, and what can be done on the education and career development fronts.

The Impact of Artificial Intelligence and Machine Learning

The Exabeam report highlights the growing importance of artificial intelligence (AI) and machine learning to the cybersecurity industry. A third (32%) of respondents claimed to be already using AI and machine learning, while nearly half (46%) said they’re planning to do so in the future.

Figure 3 – Cutting-edge technologies in cybersecurity include machine learning, EDR, and UEBA

Nearly three quarters of security professionals agree that machine learning and AI can make their jobs easier, while only 7 percent believe such technology will negatively impact their job prospects. Sixty eight percent admit AI and machine learning isn’t a threat to their job security, yet 10 percent feel threatened.

Energy and healthcare are the top two sectors using AI at 57.7 percent and 37.8 percent, respectively. A quarter of those working in insurance, and 13.8 percent working in financial services, reported the highest level of concern for job prospects using these technologies.

Security analysts are most excited about artificial intelligence, which is understandable when you consider all the buzz and hype. In cybersecurity, AI can be applied to any system that performs tasks doing automated decision-making, many of which are basic. Machine learning on the other hand tends to be more sophisticated. In order to learn from collected log data, it must use algorithms for prediction, classification, and insight generation. With next-gen SIEM, machine learning dynamically learns from the behavioral patterns in data in order to make its decisions.

Forging a cybersecurity career path

Qualifications can make a big difference in cybersecurity. Exabeam found that 33.9 percent of security pros hold the Certified Information Systems Security Professional (CISSP) designation, while 23.7 and 22.7 percent hold the Certified Ethical Hacker (CEH) and CompTIA certifications. In addition, 71 percent of all security pros have at least a bachelor’s degree.

Employees holding only a high school diploma reported the lowest salary, with salary increases for those with bachelor’s degrees and those with more advanced education.

Figure 3 – The top three certifications in cybersecurity are CEH, CISSP, CompTIA.

The most common advice security professionals give to graduates wanting to enter the field is,
 “Always keep learning” —with cybersecurity constantly evolving, that’s good advice for us all.

**The Exabeam report is based on a survey of 481 global participants working in the cybersecurity profession.