Unemployment rates hit unprecedented highs in the U.S. in 2020 due to the Covid-19 pandemic. While many industries were hit hard, cybersecurity professionals remained in high demand, and it is one of the rare fields that is growing substantially, even in the middle of a pandemic. Currently, there are over 3.5 million professionals working in the cyber field, roughly 25% more compared to last year's workforce estimates.
As remote working environments continue to grow and new cyber threats emerge in the wake of Covid-19, more cybersecurity professionals are joining the cyber workforce, shrinking the global cyber workforce gap. According to the ISC2, the global workforce shortage is already down to 3.12 million compared to the 4.12 million shortage reported in 2019.
With the cybersecurity workforce growing worldwide, which role will top the list as the most in-demand cyber job for 2021? Let's find out!
The top five positions, described below, can help students understand the opportunities that are available to them, experienced professionals find opportunities for career transitions (like IT to cyber), and cybersecurity and business leaders understand the hiring landscape as they build their cyber workforce development programs.
We’ve mapped these high-level job categories to specific job roles within the NICE Cybersecurity Workforce Framework, for those interested in detailed readouts of the KSAs (knowledge, skills, abilities) required of each position.
All salary information is from payscale.com and/or the Bureau of Labor Statistics, and is likely to vary drastically by region and level of experience.
5. Systems Engineer
Making the list for the first time in 2021 is the role of Systems Engineer. With common job titles like Systems Analyst and IT Business Analyst, the positions in systems engineering represented more than 306,000 of the total job openings over the last 12 months. Essentially, a Systems Engineer is a multifaceted position designed to develop and manage systems throughout all stages of the lifecycle. Systems Engineers work with various teams within an organization to identify threats and vulnerabilities and implement effective solutions. They are involved with each phase of a project, from planning and budgets to performance testing and application.
Systems Engineers are skilled in supporting the technical infrastructure of an organization and managing the integration of various systems. Many professionals in this role have at least a bachelor's degree in a technical field, several years of experience, and perhaps a few certifications (e.g., ITIL, CISSP, CCNA, PMP).
Fortunately, job opportunities in this position are plentiful, and the potential for career growth and skills development within this field are endless. Many Systems Engineers eventually advance into more specialized roles in cybercrime, incident response, and even IT audit. That advancement potential makes this role a desirable place to start a career in cybersecurity, especially at a company with a well-developed cyber workforce development program.
Average salary: $75,000
Related NICE Work Role IDs: OM-ANA-001
4. Cybersecurity Manager / Administrator
Cybersecurity Managers/Administrators are the backbone of cybersecurity for many programs, overseeing operations to defend against unauthorized access, threats, and attacks. While the size of the organization determines the exact level of responsibility for the role, Cybersecurity Managers/Administrators are normally tasked with maintaining daily security system operations, troubleshooting security solutions, auditing and updating software, and training employees in proper procedures and security awareness. They also tend to develop policies, regulations, and strategies to ensure each network and system within the organization is defended against.
As an advanced-level role, many different career paths can lead to the Cybersecurity Managers/Administrators role, but this position normally has significant experience and educational requirements, with over 90% of employers requesting either a bachelor's or graduate degree. Many employers typically pursue candidates with an advanced understanding of information security concepts and a strong background in intrusion detection and prevention solutions, along with effective risk management and project management skills.
With the total number of job openings for this position reaching upwards of 19,000, there is tremendous opportunity to join the advanced-level ranks as a Cybersecurity Manager/Administrator.
Average salary: $103,000
Related NICE Work Role ID: OV-MGT-001
3. Cybersecurity Consultant
Inching its way one step closer to the top is the Cybersecurity Consultant. The role of Cybersecurity Consultant is focused on protection, and they have a strong understanding of how cyber criminals operate in order to defend against them. Not only do Cybersecurity Consultants propose strategies for improving the security infrastructure at a client organization, but they also help to implement these new security measures, provide ongoing support, and even train staff on proper security practices.
The role of a Cybersecurity Consultant is unique in the fact that this position is not employed by in-house security teams. They may be a self-employed contractor consulting with various companies independently, or they may work for an external or third-party firm (like Focal Point) to help companies nationwide protect against potential attacks and avoid large-scale data breaches.
Like many careers in cybersecurity, a bachelor's or graduate degree in a related field is recommended, but employment prospects increase with further certifications like the CISSP or CISM. While Cybersecurity Consultants can range from entry-level to a more intermediate-level position, entering into this role, or advancing to a more senior level position afterwards is straightforward and attainable.
As technology dependency increases around the world and cyberattacks become more sophisticated and persistent, the need for Cybersecurity Consultants will rise among professional services firms.
Average salary: $87,000
Related NICE Work Role IDs: N/A
2. Cybersecurity Analyst
For the third year in a row, the Cybersecurity Analyst role ranks as the first runner-up for the most in-demand security position. Cybersecurity Analysts are tasked with monitoring, preventing, and stopping attacks on a company's network and systems. The increase in remote work has created a large attack surface for cyber criminals. To help prevent potential hacks or data breaches, Cybersecurity Analysts install and configure tools to monitor activity, identify weaknesses in a company's network, apply security patches to resolve issues, and carefully examine third parties and vendors to ensure regulatory standards are followed.
More importantly, Cybersecurity Analysts help develop and update business continuity and disaster recovery plans so companies know what to do in the event of a successful attack. Especially today, when the pandemic has allowed cyber criminals to leverage existing techniques to exploit an internet-dependent world, the work of a Cybersecurity Analyst on the front lines of an organization's cyber defenses is crucial.
As organizations grapple with the new reality brought on by the Covid-19 pandemic, Cybersecurity Analysts are now more important than ever. According to the U.S Bureau of Labor Statistics, Cybersecurity Analyst jobs are expected to grow 31 percent through 2029, roughly 5 times faster than the national average for job growth. With cybercrime costs expected to reach $6 trillion in 2021, Cybersecurity Analysts will be a crucial player in strengthening a company's overall cybersecurity infrastructure and better protecting their assets from future exploits.
Average salary: $75,000
Related NICE Work Role IDs: PR-CDA-001
1. Cybersecurity Engineer
Not once. Not twice. Not three times. But for four years straight the role of Cybersecurity Engineer has topped the charts as the most in-demand cybersecurity position. Cybersecurity Engineers design and implement security network solutions to defend against cyberattacks and other persistent threats.
Normally, the job of a Cybersecurity Engineer is proactive, which includes actively testing for vulnerabilities or weaknesses (i.e., penetration testing), verifying all software is regularly updated, ensuring security plans and policies are enforced, and implementing breach detection systems. But sometimes the position can be more reactive like when a breach is detected. The Cybersecurity Engineer would then be involved in troubleshooting the incident, developing tools and strategies to minimize damage and contain the breach, and determining how to recover the data that was accessed.
For this reason, Cybersecurity Engineers must be willing to adapt to constantly changing needs and remain calm under pressure such as in the event of a data breach. As an intermediate to advanced-level position, Cybersecurity Engineers normally have a degree in a related cyber field and a high level of security related technical skills and certifications (e.g., CEH, CISSP, or any security-related GIAC certifications).
The demand for Cybersecurity Engineers is projected to grow 12% through 2026, and as businesses continue to grow more reliant on digital platforms due to the Covid-19 pandemic, this percentage should only increase over the coming years.
Average salary: $97,000
Related NICE Work Role IDs: PR-INF001, SP-SYS001
To learn more about how to build a workforce development program that incorporates these positions, check out our white paper, the Essential Guide to Cyber Workforce Development.