When Yahoo announced last year that 1 billion of its users’ accounts were hacked in 2013, it was shocking news.
As it turns out, the largest data breach in U.S. history was far worse than initially reported.
Now, Yahoo has revealed that data from 3 billion user accounts — every single account on its network — was compromised. The tech giant said “new intelligence” revealed that the all-encompassing breach was precipitated by obsolete encryption that failed to protect the accounts and the data within them.
While not as immense as the Yahoo breach, the recent hack of 143 million Equifax users’ data may be far more precarious for those affected. The data to which hackers had access — from May to July — included such hypersensitive information as full names, birthdates, addresses and Social Security numbers. Some customers’ credit card numbers and driver’s licenses were even compromised.
The Equifax hack is only the latest data breach in 2017. To date, nearly three dozen high-profile companies have sustained cyberattacks that compromised customer and company data.
The Cyber Security Talent Shortage
These high-profile breaches offer troublesome reminders that companies urgently need to implement stringent cyber security measures. Unfortunately, these roles are among the most difficult to fill, according to Stephen Zafarino of Mondo, an IT staffing agency.
“It definitely can be a challenge — demand is extremely high, and supply is very low, so it’s a candidate’s market,” Zafarino said.
Candidates benefit, but industries suffer. Within five years, the cyber security talent gap will reach 1.8 million jobs, a 20 percent uptick from a similar forecast made in 2015. This is already forcing companies and organizations to deal with increasingly complex cyber threats with understaffed IT departments.
Health Care, States Struggle to Keep Pace
And it’s hitting some industries harder than others. The 2017 Global Information Security Workforce Study (GISWS) reports that many hiring managers at health care facilities say they would like to increase their staffs by 15 percent or more. However, cyber security jobs in health care typically pay 25 percent less on average than those in the oil and gas or banking industries.
State governments, too, face increased cyber threats and are having trouble recruiting enough cyber security professionals to repel attackers. Like the health care industry, states can’t match the salaries that cyber security experts can earn in other industries.
A survey of chief information officers from 48 states, conducted by the National Association of State Chief Information Officers, revealed that 86 percent of states have difficulty attracting candidates to fill their vacant positions; 92 percent of them cite salary and pay grade as the main hurdle to finding and keeping qualified individuals in those roles.
Cyber security professionals in the private sector made an average of $95,000 in 2014, according to the U.S. Bureau of Labor Statistics. Those same jobs at the state government level averaged just $76,000.
As lucrative as these roles are, cyber security demand is expected to far outpace employee supply. The GISWS report concludes that millennials are the key to closing that talent gap. The report suggests incorporating more cyber security courses into IT degree programs; creating more apprenticeship and entry-level opportunities for students and recent graduates; and reaching out to a whole new pool of talent, such as minorities, women and military personnel who are returning home.
Cyber Security Salary and Career Information
Cyber security continues to emerge as a critical need for businesses, both in the public and private sectors, and hiring for these positions is soaring. So it’s important to understand what these roles are and the skills that are needed to perform them. Here are eight of the most common cyber security roles, a brief sketch of their duties and the median salaries for each.
Also known as an “ethical hacker,” a penetration tester probes an organization’s network to expose areas of vulnerability before attackers do. Among the most in-demand cyber security roles, according to TechRepublic, a penetration tester provides a company with invaluable information about where system weak points exist, how those areas might be exploited and what it takes to fix those vulnerabilities.
Median Salary: $79,888
Cyber Security Risk Manager
Through analysis, assessment and mitigation, a cyber security risk manager implements policies and procedures to protect a company against cyber threats. A risk manager may also be responsible for training employees on an organization’s network security guidelines.
Median Salary: $85,197
A foundational knowledge of IT security and technologies is essential to becoming an IT professional. Often, those in this group who are in highest demand are proficient in Windows Server, Linux administration, and Python and Java programming.
Median Salary: $60,000
Cyber Security Engineer
Another highly sought-after role, a cyber security engineer is often an adept programmer who can identify network vulnerabilities by analyzing code. Those skills allow the individual to respond quickly to potential cyber threats. The cyber security engineer often will update the company’s IT analysts, employees and customers on best practices for network security.
Median Salary: $96,188
Chief Information Security Officer
The chief information security officer leads a company’s comprehensive cyber security efforts. This role has become much more common in recent years, making it one of the most in-demand cyber security jobs. Companies are actively looking to hire big-picture, forward-thinking candidates who are dedicated to protecting their networks.
Median Salary: $160,477
Security Architect, IT
Just as an architect plans, designs and evaluates the construction of a building, an IT security architect develops a company’s network and computer security. The security architect creates the network’s blueprint and develops the structure that will secure the network. Once in place, the security architect establishes the company’s network security policies and procedures.
Median Salary: $121,433
Cyber Security Analyst
When malicious activity is detected on a company’s network, a cyber security analyst might be the first to recognize it. These analysts consistently monitor and analyze network security data to quickly identify and shut down cyberattacks before they become full-blown company emergencies.
Median Salary: $75,162
Entry-Level Information Security Analyst
The role of an entry-level information security analyst encompasses a number of other cyber security job functions, just without the skill-level and experience requirements of the senior-level positions.
Median Salary: $64,100
Even for entry-level positions, the cyber security industry offers a career path that can be quite lucrative. Furthermore, demand for these positions is high and is only expected to soar. The unemployment rate for the industry is basically zero, but individuals who possess the skill sets favored by employers are rare.