- The cybersecurity industry needs more job-seekers to fill the over 500,000 available US roles.
- A résumé lacking cybersecurity work experience can still stand out through skills, experts say.
- Experts recommend that job seekers identify a niche within the large industry before applying.
With cybersecurity, comes job security.
According to Cybersecurity Ventures, there will be an estimated 3.5 million unfilled cybersecurity jobs by 2025. A separate estimate found there were about 597,000 cyber roles open in the US right now. Many of these roles pay at least six figures, data from Columbia University indicated.
But contrary to popular belief, cyber jobs cover far more than the clandestine matters of national security portrayed in TV and film. In reality, there are at least seven categories, 33 speciality areas, and 52 different roles within the cybersecurity industry, the National Initiative for Cybersecurity Education framework showed. Positions include data analyst, security architect, and vulnerability assessment analyst.
"This industry overall requires a lot of new learning, constant learning," said Adam Kujawa, the director of Malwarebytes Lab, an anti-malware software company. "So being self-taught, being able to learn very quickly and take what you learn and either create a product with it or utilize it in some way, is important."
Insider spoke with Kujawa and two other cybersecurity recruiting experts to learn which traits they looked for in candidates and what resources were available to people with little to no prior experience who wanted to launch a career in cybersecurity.
Unconventional backgrounds are valuable
Today, the cybersecurity industry is predominantly male and white, but Renana Friedlich, PayPal's senior director of security operations, is one of the leaders in this space looking to change that.
"I think one of the biggest things that scares people about cybersecurity is, 'I'm not technical enough,' or, 'I don't have coding skills,'" Friedlich said. But, she added, she has people on her team who came from customer-service programs, academia, and other fields.
She recommended that people with any level or type of work experience use free online training programs, such as Hack the Box and TryHackMe, to launch their careers. Additionally, Twitter has an information-security community that experts recommended to job seekers.
On social media, job seekers could build connections and read about major updates in the cybersecurity space, said Kujawa and Janet Van Huysse, the chief people officer at Cloudflare, a website-security company.
"Look at YouTube videos, go to blogs, go to various websites and news sites, and learn about threats," Kujawa said. "Learn how they work. Learn the basics about them."
Malwarebytes and Cloudflare both have blogs that can help teach job seekers about the industry, and the Malwarebytes blog even accepts submissions. For those looking to join Cloudflare specifically, Van Huysse recommended that job seekers who've used Cloudflare's products on their personal websites or past projects show that off in the interview.
Kujawa advised eager newcomers to be hypervigilant about which companies they applied to. He said "sketchy" or "scammer" companies existed in the space and could damage someone's résumé. He encouraged job seekers to consider the company's online presence and the purpose of the company's work.
"Be mindful of who you try to work for," he said. "Don't just jump on any opportunity that comes your way."
Finding your niche is important
The cybersecurity industry is highly competitive — Cloudflare, for instance, received 50,000 applicants a quarter for the last eight quarters, and it hired 0.5% of them, Van Huysse said. Experts agreed that narrowing your focus in the industry was key to breaking into it.
Kujawa said there were two main options that job seekers had to choose between when joining cybersecurity. The first option is defensive, and it's about working to address cybercrime. The second option is offensive, and it entails finding a way to prevent cybercrime.
"I think that kind of understanding where you want to go on that route is really important, in my opinion," he said, "because you might lead yourself down one path and find, 'You know what, I wish I went the other way.'"
To figure out where they can fit in the industry, Friedlich recommended that job seekers focus on their skill set — skills such as problem-solving, coding, and attention to detail can help with different job functions. Then, lean hard into that niche.
"You don't need to know it all," Friedlich said. "I think that's one of the biggest barriers people put upon themselves when they consider a career in cyber."