Today’s IT job market: Beyond fear, uncertainty and doubt
You may have heard some buzz about layoffs in the cybersecurity sector. I think it’s important to discount the “noise,” and focus on what’s really going on. The buzz is primarily coming from organizations that saw an opportunity to address a perceived need (in this case, security), and then based much of their value on leveraging investor-driven revenue. Companies that do this tend to be more dependent upon what happens in the stock market, rather than in the jobs marketplace. So, when the economy experiences stress, these companies feel that stress first, and quite acutely.
These companies tend to be, well, noisy. By that, I mean that some of these organizations also excel at getting their word out to the media, making them noisier than more interesting, useful sources of intelligence about the job market. In short, don’t give up hope on cybersecurity jobs.
Let me address a couple of what I call “mythconceptions” about cybersecurity job roles, and then offer some solid resources you can consult about what’s going on in today’s IT job market.
Should you pay the ransom?
The AI myth: Are robots replacing us?
One of the common (yet, more silly) surface “mythconceptions” often found within the occasional “the tech sector is struggling” stories is that artificial intelligence (AI) has replaced entry-level cybersecurity job roles and workers.
It’s no wonder that we worry about tech replacing workers. The world has seen that happen for hundreds of years. We’ve seen it happen in the recent past. Some of us older folks remember the early 2000-era dot bomb bubble, the 2008 great recession, and companies that offshored aggressively. We’ve all seen automation and orchestration become increasingly sophisticated. These are real events and trends that cost jobs, especially in the tech sector (e.g., software and hardware companies). But don’t let them generate myths and scary monsters in our thoughts. I call these negative thoughts “mythconceptions,” because they’re largely based on inaccurate, but powerful perceptions.
In reality, AI isn't replacing entire job roles. Folks in various security job roles have been consulting AI for years. They will continue to do so; AI and machine learning (ML) resources will increasingly become a trusted ally to talented cybersecurity workers. CIOs, CISOs and executive leaders from organizations such as United Parcel Post (UPS), Northrop Grumman, AstraZeneca, DBS Bank, the State of New Jersey, NIST, Cambridge University, Microsoft and more all chuckled at the idea. There will always be the need for human judgement to weigh in on the machine recommendations. For example, our 2021 Workforce and Learning Trends research report showed that AI has become a strategic partner of human-digital teams.
But some jobs are being lost, or at least shifted, for more verifiable, even legitimate, reasons. It’s true that some organizations in security services companies have been affected by the current economy. But, in many cases, the jobs that are lost are in non-technical roles, including positions in marketing, sales and product management. Many times, these companies keep the IT pros. If not, most IT pros have been able to bounce right into another security job in another sector – that’s the reality we’re seeing.
In the security services sector, we have seen some evidence of where workers are moved, as it were, from one organization, or sector, to another. For example, one security services organization in Europe told me it is looking to let go about 200 security operations center (SOC) Level 1 workers over the next few years. This company has many customers, from banks to oil companies, that need to protect their finance websites and oil derricks from getting hacked. But sometimes even common-sense moves tend to get miscommunicated.
The person there told me in one breath that AI was replacing those jobs. But, in almost the same breath, that person then said, "Our clients will hire workers in those same positions.”
I scratched my head at these two comments. Why? Because they contain a fundamental contradiction. I mean, which is it? Is AI eliminating those jobs? Or is the company transferring – or shifting jobs? After all, why shift those jobs if they're no longer needed in the first place?
The reality is that many security service organizations want their clients (the banks and oil companies) to hire people in those same jobs! This isn’t elimination, per se – it’s a shifting of risk, which could be a healthy thing.
Looking a bit deeper into how security works: Skin in the game
The point is some companies in a very specific sector – in this case, the security services sector – may need to cut workers for one reason or another. But we’re not seeing any evidence at all of a bubble burst, or even a slow leak. There is no useful evidence that the tech sector is experiencing the beginning of a collapse. Yes, there are changes and tectonic shifts that happen. That’s natural. But we’re not seeing any evidence of an Earth-shattering tech cataclysm.
ChatGPT training built for everyone
So, some companies may be making cost-cutting moves because they are overreacting to changes in the economy. But there's another, more subtle, reason for these apparent cuts. Serious security service companies feel that their clients should have some skin in the game. Shifting security workers to the client transitions them to a liaison or consultative role instead of being fully responsible for security and then getting blamed when the client gets hacked.
This is what I mean when I said these companies are making some smart decisions. If the security services companies force their clients to hire legitimate cybersecurity pros, then the risk – and the blame – is shared. It’s easy, though, to not see these types of nuances, especially when you read various scare headlines about the job market.
Forget the noise: The truth about cybersecurity jobs in every sector
Outside of certain noisy industry sectors, there is a lot of hiring going on. In fact, some sectors have shown considerable net growth that offsets any losses in the tech sector (e.g., companies that make technology, rather than companies that use technology). These are usually organizations whose value isn’t just based on stock price or leveraged finance. They base their companies on models that aren’t drastically affected by changing economic conditions.
If you’re looking for solid sources of information about the IT job market, check out:
- CyberSeek
- CompTIA’s State of the Tech Workforce
- CompTIA Industry Outlook 2022 report
- CompTIA’s monthly Tech Jobs Report
- CompTIA’s State of the Tech Workforce UK
CyberSeek is a fantastic resource, because it contains the latest information about today’s security job market, including the number of job postings and specific trends. CompTIA teamed up with EMSI Burning Glass and the National Institute for Standards and Technology (NIST) to create CyberSeek. If you’re looking for good information about today’s trends, I recommend reviewing the information found there.
For example, we’re seeing sectors that are experiencing explosive growth. Here’s the growth rate of some of the top sectors that hired cybersecurity pros during the 12-month period ending April 2022:
- Finance and insurance: 112%
- Manufacturing: 172%
- Real estate: 237%
These sectors placed over the tech sector for the first time this year in terms of number of cybersecurity job postings. And it’s not just because the tech sector tanked so hard that the others simply took over. These sectors have experienced net growth in job openings. Other sectors that saw large increases include manufacturing and real estate. These two sectors have transformed quite a bit from analog processes to the 21st-century digital world, so they need security workers.
Digital transformation means demand for security pros
Why would sectors like manufacturing and real estate have such explosive growth? It’s hard to say definitively. But manufacturers have come under serious pressure concerning their supply chain security over the past few years. As some resources become more scarce, and as pressure increases to improve delivery times, the last thing manufacturers need is to have their supply chains hacked. Furthermore, manufacturing has become far more tech-heavy over the past several years. As a result, they need to secure the technologies that keep their manufacturing processes moving.
The real estate sector is finally beginning to end their reliance on using paper and fax machines to complete transactions. That has been a long time coming. This change – a major example of digital transformation – accelerated during the COVID-19 pandemic. It’s difficult to complete analog, in-person transactions when you’re prohibited from meeting in person. Even though most of the COVID-19 restrictions have ended for now, it’s still a reality that typical analog business practices won’t cut it in the future. Because the real estate sector has embraced the digital world, they now also recognize the need to secure it.
Phishing simulations & training
Cut through the mythconceptions and noise
As you can see, the noisy headlines don’t tell the full story. So when people ask you about job security in cybersecurity, you can let them know it’s here to stay and ever evolving. Just last week, three colleagues of mine in the United States, Europe and Thailand contacted me and asked if I knew some good people I could recommend for jobs. Yesterday, I spoke with a friend of mine here at CompTIA who sees unfulfilled job openings every day throughout the Caribbean in not only security, but also general IT.
Our research shows continued, robust hiring. It’s important to focus on the most powerful information you can find and figure out some way to reduce the signal to noise ratio when it comes to looking into the worldwide job market.
This article originally appeared on CompTIA’s blog.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization