Demand for Cyber Security Jobs Is Soaring

The demand for cyber security experts is growing at 12 times the overall job market, making it one of the most highly sought-after fields in the country, according to the report by Burning Glass International Inc., a Boston-based company that uses artificial intelligence to match jobs and job seekers.

The issue of cyber security has been simmering for years, but moved up a few notches on the national agenda just last month. Computer security firm Mandiant Corp. published a report that linked a number of cyber attacks on U.S. companies to a unit of the Chinese military—a charge that a Chinese official called baseless. And last month, President Obama discussed cyber security in his State of the Union address and signed an executive order that creates guidelines on how the government and U.S. corporations should cooperate to protect critical U.S. infrastructure. In January, The Wall Street Journal and other news organizations said they were the target of cyber attacks that originated in China and are believed to have government links.

And as CIO Journal reported last month, the electric grid is highly vulnerable to cyber attack.

“Few job categories can match the explosive growth in demand for cyber security talent,” Burning Glass CEO Matthew Sigelman said in an email to CIO Journal. “One of those may be Big Data, with demand for certain big data skills up 122% in the past year alone.” The growth in demand for cyber security expertise is closely related to the growth in demand for Big Data skills. “After all, as companies are focusing more and more on Big Data and the value that’s accrued within their customer databases, not surprisingly they have also come to focus more attention on managing the risks and the vulnerabilities," he said.

Amid growing concerns about network vulnerability, the demand for cyber security experts grew 73% during the five years from 2007 to 2012, according to Burning Glass. The demand for all 'computer’ jobs grew 20%, and the demand for all jobs grew just 6%, according to the firm. Compensation for cyber security exerts, including engineers, analysts, managers, architects and others, averaged $101,000, based on advertised salaries. That was well above the compensation offered for the average IT job, which was about $89,000, according to the report.

Cyber security engineers command an average salary of $100,000, and the average cyber security manager makes around $107,000, according to Sigelman. Cyber security specialists make about $80,000. Being a Certified Information Systems Security Professional “can provide a modest boost in salary prospects … typically on the order of a few thousand dollars per year,” Sigelman said.

Engineers were most in demand, accounting for 32% of all cyber security jobs. Analysts were next in demand, accounting for 24% of the positions.

The jobs are being created across a broad range of industries and geographic locations. Employers in the field include defense contractors such as General Dynamics, financial companies like Bank of America, telecom carriers like AT&T, and a host of industrial and consumer companies, from General Electric, to General Motors and Wal-Mart Stores

“While defense contractors and large IT firms continue to make up a considerable share of the demand for cyber security talent, much of the growth in demand we are witnessing is driven by a more diversified range of businesses, reflecting the widening focus on data by firms across the board,” Sigelman said. “In fact, we have seen over 100% growth in demand for cyber security professionals within health care, education, and public administration since 2007, and continued strong demand within retail.  This seems to suggest that the perceived risk is about consumer data--a big shift from when it was predominantly defense-related hiring.”

Major hubs of cyber security activity include Atlanta, where a broad range of business activity has led to job growth of more than 100% during the last five years. But the greatest job growth is in the Washington region, with five year gains of more than 250% in Richmond Va., gains of nearly 150% in Baltimore, and growth of almost 50% in Washington, D.C. itself. But other major cities such as Chicago, New York, Dallas, Denver and San Diego have seen significant job growth in the sector as well.

Given the soaring demand for qualified workers—who often need certification in order to get a job in cyber security—employers are having a relatively hard time holding onto talent. Companies have to repost or duplicate cyber security job postings about 35% more often than they do for other kinds of IT jobs. And job postings suggest there is a particular shortage of qualified managers and analysts in the field of cyber security, Burning Glass says.

GIAC Launches New Certification for Python Coders, GPYC

The new GIAC Python Code certification is targeted toward penetration testers and information security professionals who want to use the Python programming language to enhance their effectiveness during information security engagements or projects. It is also helpful for experienced Python developers who want to build additional information security skills. Get certified in Python code: www.giac.org/u/hjF

Successful GPYC candidates will demonstrate an understanding of core programming concepts, and the ability to write and analyze working code using the Python programming language. They will be familiar with several common Python libraries, and be able to use that functionality in their programs.

"The security industry is evolving.  The constant development of malware and new attack techniques means that security professionals must be able to rapidly develop tools to respond to these new threats.  Likewise, penetration testers can no longer wait for someone else to develop the tools they need and must know how to develop their own tools. Employers need to know that their perspective new-hires have the ability to leverage Python to develop those tools. Now, the GPYC exam provides the ability to identify people who really have the skills that meet the needs of perspective employers," Mark Baggett, author of SANS training course, SEC573: Python for Penetration Testers.

GPYC certified professionals will be able to demonstrate the following:

• Ability to create and modify customer tools makes them a valuable member of any information security team
• Code developers with information security skills can:

1. Customize tools to their environment
2. Develop tools for the information security community
3. Increase productivity by automating previously manual tasks
4. Simulate advanced attacks and more

• Specialized focus on skills and techniques that will assist an InfoSec pro in penetration tests, daily work, and special projects
• Develop Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logos or sets of data

About GIAC

Global Information Assurance Certification (GIAC) is a certification body featuring over 30 hands-on, technical certifications in information security. GIAC has certified over 50,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies. GIAC is an affiliate of the SANS Institute.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions worldwide.  Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online.