If the IT security team in your organization is chronically overwhelmed, overworked and overextended, then you’re not alone. According to a survey by Trend Micro, nearly half of all organizations currently lack the cybersecurity specialists they need. And according to research by Gartner, the number of unfilled IT security roles is expected to reach a whopping 1.5 million by the end of 2020.

The Big 6

While this is a good time — actually, make that a great time — to be an experienced IT security specialist looking for a new opportunity, here are the six roles in particular that organizations are struggling to fill, according to CyberEdge’s 2019 Cyberthreat Defense Report:

  1. IT Security Administrators, who are responsible for installing, administering and troubleshooting an organization’s security solutions.
  2. Security Architects, who are responsible for designing, building, and overseeing complex security structures.
  3. Security Analysts, who investigate security infrastructure weaknesses and develop creative ways to detect and prevent insider and external threats.
  4. Incident Responders, who utilize forensics tools to rapidly address and shut down security threats and incidents.
  5. Application Security Testers, who are responsible for testing and verifying that apps are free from vulnerabilities, threats and risks.
  6. Compliance Auditors, who investigate IT security systems, policies and processes, and ensure adherence to all prevailing regulations and guidelines.

Obviously, these are not detailed job descriptions, and in some organizations — especially SMBs — individuals may be responsible for more than one role. For example, Security Analysts may also contribute to incident response functions, IT Security Administrators may be responsible for compliance issues, and so on.

Getting a Job in IT Security

If you are looking to start a career in IT security — where you may eventually become one of the most coveted and important professionals in your organization and across the work landscape — here are some tips to help you achieve your career goals:

  • Getting the right certification(s) is important. There are a wide range of possibilities and requirements, depending on the role and organization. Some popular certifications include: CISSP, CISA, CPTE, CPTC, CEH, and many others. Many experts feel that the best certification option for people starting out in the IT security field is CompTIA’s Security+.
  • If you’re currently employed and would like to stay in the same organization, you can ask your IT security colleagues for guidance. However, keep in mind that they are VERY busy, and you shouldn’t attack them when they’re having lunch (which is usually at their desk because there is always another “mission critical” problem to solve!). The good news, though, is that most IT security professionals are wiling to lend a hand. Just be respectful of their time and demonstrate that you are very serious about pursuing a career in the IT security field.
  • Although what you know is important, who you know can be valuable as well. To expand your network, attend conferences and workshops.
  • If you don’t have previous experience in the IT security field, then focus on selling your transferable skills. For example, if you have provided employee training/coaching in the past, highlight this on your resume and when speaking with recruiters, because a big part of IT security these days is educating end users.
  • Keep in mind that the most vital skill you will need is the ability to LEARN. The IT security field is changing rapidly due to the convergence of new technologies, compliance requirements, and threats — both internal and external. If you love acquiring new knowledge and putting it into practice, then you are on the right path!

Share Your Insights

If you are an IT security specialist, what was your career path like? Was is smooth and straight — or maybe strange and unexpected? And what advice would you give to someone starting out in the IT security profession?