There are currently 714,548 open cybersecurity positions in the United States, according to data collected by tracking site CyberSeek.
“There’s definitely a talent gap in the United States,” Kevin Bordlemay, senior director of talent acquisition at IT security firm Mandiant, told Insider. “There is by no means enough talent to fill the roles that exist.”
This talent shortage particularly affects the supply of information security analysts, the most important position in the field of cybersecurity.
From May 2021 to April 2022, there was an annual talent gap of 39,000 information security analysts, according to data from CyberSeek.
These analysts can earn a base salary of $82,358 in the United States, according to Payscale, but analysts at some large companies can earn more than double that figure. Two of EY’s highest-paid analysts earned more than $170,000, according to publicly available foreign labor data.
Cyber jobs can span at least seven categories spanning 52 different roles, Insider previously reported. Roles such as ethical hacker, information security engineer and network security architect all earned average base salaries above the six-figure mark in 2019, according to a Columbia University study.
Landing one of these high-paying technical roles can be difficult for candidates trying to cast a wide net.
To pass the screening stage, cybersecurity experts and recruiters recommend highlighting unusual experiences and interpersonal skills when tailoring CVs to the industry.
When building a resume, most candidates expect a human to look at it. But an increasing number of candidates are selected by artificial intelligence.
“A lot of times a machine takes a first look at a resume,” Bordlemay said. “Most large companies have some type of technology to look at.”
Both content and format are important in taking this first step. Bordlemay recommended making a resume “easy to read with information touching on the main news items.”
“Once it gets past that machine, recruiters are looking at a resume within 20 seconds,” he said.
Bordlemay recommended putting your most important achievement at the top of a resume. “Catch my attention with something unique that others haven’t done. If you don’t, nothing else will matter,” he said.
Casey Ellis, founder of crowdsourced security platform Bugcrowd, suggested candidates use the beginning of a resume to convey their “overarching approach to the job, not just the very specific technical cybersecurity things they have. done”.
Emphasize practical experience
“The most important thing in cyberspace is often hands-on experience,” Bordlemay said.
He added that he often seeks creative candidates with their technical knowledge.
“Often you have to be creative or even design your own tool to be effective because threats won’t fall into a particular bucket,” he said. “Attackers know what security tools are.”
This experience does not have to be in a full-time job or internship.
Bordlemay said most of the time it’s what the contestants have done outside of the classroom that’s important.
He said contestants tended to skip things like having a home lab, working on freelance projects, entering competitions and playing with tools to build infrastructure.
Ellis also stresses the importance of being involved in projects. “I see organizations looking for contributions to open source projects,” he said. “People can participate even if they’ve never worked in the space before. For example, they’ll check out the GitHub repositories.”
In terms of soft skills, Bordlemay said just mentioning ‘managing a club or being in charge of a project can show them’.
Another expert, Dylan Buckley, who co-founded job site DirectlyApply, said, “Cybersecurity is as much about human interaction as it is about technical capability.”
Hackers often attempt to exploit human users to breach systems rather than circumvent a company’s security, he said, making interpersonal skills essential to stopping such attacks.