With 1.8 million unfilled global cybersecurity job openings by 2022, according to a recent study by (ISC)2, job hunters can often expect higher-than-average salaries than for similar IT jobs outside the security category. For those who work in IT and want a piece of the security action, there’s hope if you have skills you can leverage and are willing to get the right certifications.
Take, for example, the job of security systems administrator. The national median salary for this job is $66,517, according to Glassdoor, compared to $65,273 for a systems administrator.
And qualified applicants are hard to find, said Kennet Westby, chief security strategist at Denver-based Coalfire Systems, Inc., who has hired people for this position. "This is a highly recruited and difficult position to fill today," he said. "Every organization, even if they're outsourcing a lot of their services to the cloud, have a need for this."
Westby said that educational programs focusing on this specialty are starting to appear, but the solution is to hire someone who was previously a network or systems administrator and has a security background or has completed a security certification program. Another approach, he said, is to focus on specific security platforms and get certification from the vendors.
According to Westby, the security systems administrator is responsible for the systems that manage overall security for the organization, including the firewall and authentication and access controls for all servers and platforms. A strong virtualization background also helps.
"So much of the environment, including the traditional hardware-based firewalls, is migrating to virtualized security tools and platforms," he said. "And there's the migration to cloud infrastructure. The security systems administrator needs to have much more experience with setting up and managing cloud security infrastructure."
Related job titles include network security administrator, cloud security administrator, firewall administrator, and security analyst.
Large companies and government agencies are all actively recruiting security systems administrators, said Westby. "All our enterprise customers are looking to recruit for this," he said. "But the biggest employers for this are the service providers. everything from a telco provider to your large cloud services providers and SaaS application providers. They're putting pressure on the whole market."
As a result, salaries are going up, especially for those with specialized skills. Salaries can reach as high as $120,000 to $140,000 for those who specialize in, say, cloud security.
Plus, while some security jobs might be automated, this isn't one of them, he said. "The layers of security and complexity are just continuing to grow and escalate," he said.
According to Payscale, skills that affect salaries for this position include security risk management, security intrusion detection and network security management.
Common certifications that employers look for include Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP). There's a big shortage of people with those certifications, as well. According to Cyberseek, there are 69,549 people who hold the CISSP certification — but 92,802 open jobs that ask for it.
The shortfall is even larger for the CISM certification, with 10,447 people holding it, and 30,549 open jobs asking for it.
But degrees or certifications are just part of what it takes to be a security systems administrator, said Dale Meredith, author and cybersecurity trainer at Farmington, Utah-based Pluralsight LLC. "It's more about changing your mindset," he said.
In IT, the job focus is on making the systems productive and convenient for users. "And from a security perspective, it's how you make it safe," he said. "I don't necessarily care if it's convenient — I have to protect company assets."