Cybersecurity Jobs Report


Q3 2016

The Cybersecurity Jobs Report provides cybersecurity job market trends, statistics, notable employment activity, and resources for job seekers, employment managers, recruiters, search firms, corporate executives, engineers, consultants, and sales and marketing executives.


Cybersecurity workforce shortage to reach 1.5 million by 2019.

Cybersecurity Ventures projects $1 trillion will be spent globally on cybersecurity from 2017 to 2021 — driven by the dramatic rise in cybercrime, the ransonware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally.

  • “Cybercrime fueled a cybersecurity market explosion over the past five years, leading to to one million cybersecurity job openings entering 2016. All signs point towards a prolonged cybersecurity workforce shortage through at least 2021” says Steve Morgan, founder and CEO at Cybersecurity Ventures.
  • “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million” stated Michael Brown, (former) CEO at Symantec, the world’s largest security software vendor. The most recent (ISC)² Global Information Security Workforce Study similarly revealed a workforce gap in the information security field of 1.5 million in the next five years.

Cybersecurity Training for Board Members and C-Suite Executives

  • More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018.
  • A CNBC story last year quoted a Rand Corporation study which estimates there are around 1,000 top-level cybersecurity experts globally vs. a need for 10,000 to 30,000.

Practitioner Level Training for IT Security Professionals

  • Cybersecurity workers can command an average salary premium of nearly $6,500 per year, or 9% more than other IT workers, according to the “Job Market Intelligence: Cybersecurity Jobs 2015” which is published by Burning Glass Technologies.
  • According to a report from DICE, a leading IT job board, the top five IT security salaries are: No. 1 – lead software security engineer at $233,333; No. 2 – chief security officer at $225,000; No. 3 – global information security director at $200,000; No. 4 – chief information security officer at $192,500; and No. 5 – director of security at $178,333.
  • The top U.S. chief information security officer (CISO) jobs pay annual salaries exceeding $400,000. The leading cities — by salary — are: San Francisco; New York; Washington, D.C.; Los Angeles; and Chicago.
  • IDC predicts that “by 2018, fully 75 percent of chief security officers (CSO) and chief information security officers (CISOs) will report directly to the CEO, not the CIO”. This will arguably push those positions higher up in to the salary stratosphere.
  • “The landscape of cyber risks is so widespread and evolving that forward-thinking (public) companies are seeking a new leader – a chief risk officer (CRO) – who will oversee all areas of risk exposure: IT risk, physical security, personnel security and protection of assets – including intellectual and reputational capital, stated Jeremy King, founder at Benchmark Executive Search. The chief risk officer will be the most in-demand position over the next five years – a single leader who can create a culture of security, map organizational structures and set budgets.”

Cybersecurity Certification for IT Professionals

  • U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. They state the profession is growing at a rate of 36.5 percent through 2022.
  • Cybersecurity positions are more likely to require certifications than other IT jobs. One third (35%) of cybersecurity jobs call for an industry certification, compared to 23% of IT jobs overall, according to Burning Glass Technologies.
  • On a per-capita basis, the leading states for cyber hiring are Washington, D.C., Virginia, Maryland, and Colorado; all have high concentrations of jobs in the federal government and with related contractors.
  • Last October (2015), the U.S. government began hiring 6,500 new cybersecurity IT professionals. It has hired 3,000 so far, and plans to hire another 3,500 by January 2017, the White House said.

Cybersecurity Security Education Company Launched

  • Burning Glass Technologies states that one third (35%) of cybersecurity jobs call for an industry certification, compared to 23% of IT jobs overall.
  • Only 11% of the world’s information security workforce are women, according to the Women’s Society of Cyberjutsu (WSC) — a 501(c)3 non-profit passionate about helping and empowering women to succeed in the Cybersecurity field. WSC states that 50% of professional occupations in the U.S. are held by women, and that 25% of computing occupations in the U.S. are held by women. The small representation of women in cyber is a big opportunity for them to enter a field with a severe labor shortage.
  • African Americans are underrepresented in the cybersecurity field. According to data from the United States Department of Labor which publishes the Bureau of Labor Statistics (BLS), ‘Black or African-American’ people make up only 3% of the information security analysts in the U.S. The International Consortium of Minority Cybersecurity Professionals (ICMCP) and the International Colloquium for Minorities In Cyber Security (MICS) are two organizations devoted to promoting career opportunities for African Americans and other minorities in Cybersecurity.

Join the Cybersecurity Ventures Newsletter to stay on the cutting edge.