Join leaders in San Francisco on January 10 for an exclusive night of networking, insights, and conversation. Request an invite here.
Economic uncertainty and tightened budgets weakened cybersecurity spending resilience in 2023, and the first causality was jobs.
Cybersecurity budgets faced increased scrutiny last year, and security leaders expect the belt-tightening to intensify this year as many pursue a vendor consolidation strategy. “You have to be very judicious about where you’re spending,” said Steve Pugh, CISO at Intercontinental Exchange. In a recent Wall Street Journal article, Pugh said that the biggest change CISOs saw throughout 2023 was how they were being given less money to invest in cybersecurity.
2023 was a brutal year for the industry, with 55 cybersecurity vendors reporting layoffs last year, putting more than 5,000 professionals out of work. Layoffs.fyi shows that 113 cybersecurity companies have eliminated more than 9,100 positions since March 2020.
Cybersecurity job forecasts don’t always reflect reality
There’s a growing disconnect between the reality of finding a new job in cybersecurity and the double-digit growth rates that typify cybersecurity job forecasts that predict a hiring crisis. VentureBeat interviewed a dozen cybersecurity professionals, including Torsten George, former vice president of corporate and product marketing for Absolute Software, who is currently looking for a new role.
The AI Impact Tour
Getting to an AI Governance Blueprint – Request an invite for the Jan 10 event.
The experiences of those interviewed, including George, contradict forecasts being produced that claim millions of cybersecurity jobs are available. George told VentureBeat, “Another aspect challenging the optimism for job seekers is the decline in resignations to pre-pandemic levels, resulting in a decrease in new hires. This trend signals reduced desperation among employers to fill vacancies, requiring job seekers to intensify their search for promising opportunities. This challenge is exacerbated in high-tech or cybersecurity fields, marked by significant industry consolidation and workforce reductions.”
Ben Rothe, an information security professional who blogs on Medium, delved into the disconnect many cybersecurity professionals are seeing in their job search compared to the forecasts of strong job market growth. The 2023 ISC2 Cybersecurity Workforce Study explains part of what’s driving the widening gap between the jobs’ forecast accuracy and the challenges cybersecurity professionals have in finding a new job. Organizations are loading up the remaining teams with more work.
Taking a data-driven view of the job market is key
Job seekers need accurate data to identify areas of the market where they have the best chance of finding a new job. The U.S. Bureau of Labor Statistics’ Information Security Analyst’s Outlook predicts cybersecurity jobs will grow 32% through 2032, with 16,800 new jobs created each year.
CyberSeek has created a Heatmap and Career Pathway in collaboration with Lightcast, NICE and CompTIA. Heatmap and Career Pathway rely on a detailed methodology to give job seekers the most accurate data possible. Based on CyberSeek’s methodology, there are 572,392 cybersecurity job openings nationally today and 1.1 million cybersecurity professionals in the workforce.
How cybersecurity roles are distributed across workforce categories and the number of openings by the types of certifications requested. Source: CyberSeek
Finding where the most cybersecurity jobs are today
The most frequent request VentureBeat receives from cybersecurity readers is insights into new opportunities. We’ve provided an initial analysis of which cybersecurity companies are hiring based on their open LinkedIn positions and how they’re rated on Glassdoor. While a rough approximation, it’s a useful metric for stack-ranking vendors who have positions open.
VentureBeat’s goal in creating the analysis is to help job seekers find the highest-rated companies they’re interested in and immediately know how many positions they have open. The analysis is based on CRN’s 2023 Security 100 list of cybersecurity companies as the baseline. The CRN cybersecurity list is impartial and independent. By comparing the (%) of employees who would recommend the company they work for to a friend and (%) of employees who approve of the CEO for each company on the CRN list, the best cybersecurity companies ranking was created.
>>Download the full spreadsheet of rankings.<<
The following are the key insights based on VentureBeat’s analysis of the cybersecurity companies hiring today:
There are 12,543 open positions available across the 100 companies in the analysis, and 87% of all positions are concentrated in 26 companies. One thousand eight hundred and thirty-four open positions at Microsoft have cybersecurity as part of their role definition or title. Zscaler, which experienced a layoff in March 2023, now has 665 positions open. Palo Alto Networks has just over 1,000 open positions listed on LinkedIn.
There are 1,919 open positions across the 20 vendors that comprise endpoint and managed security, with OpenText and CrowdStrike having the most open positions. CrowdStrike is one of the few cybersecurity vendors that hasn’t had a layoff. They have 266 full-time positions open, 84 of which are in engineering. The percentage of employees who would recommend the endpoint and managed security company to a friend they work for is 70%, with the average CEO rating being 72% across the group of 20 companies.
Identity Access Management And Data Protection vendors have the greatest concentration of open positions across all categories, with 3,201 on LinkedIn today. Microsoft, Broadcom, Okta,
SailPoint, OneTrust, Acronis and CyberArk have 2,701 open positions between them.
The ten best cybersecurity vendors to work for in 2024 excel on referral scores and have 100 or more positions currently open. Kaspersky Lab, ServiceNow, Cisco Systems, Microsoft, SailPoint, Juniper Networks, Artic Wolf, CyberArk, CrowdStrike and Proofpoint all have 100 or more open positions today. On average, across the group, their employees recommend their company to a friend 84% of the time.
Source: CRN Security 100 list analyzed with Glassdoor rankings, January 8, 2024.
Job hunting advice from someone living it today
George observes that while low- to mid-level positions are abundant even in high-tech and cybersecurity, the pipeline for senior roles “diminishes quickly.” He’s often seen employers post a job opening, but the requisition has been put on hold for economic reasons without being reflected on the company’s job portal.
Amidst fierce competition due to widespread layoffs in high-tech and cybersecurity, George encourages job seekers to adopt strategic approaches:
Optimize your resume: Align it with the latest standards and optimize for applicant tracking system (ATS) keywords to bypass the initial filtering process.
Tailor resumes: Customize each resume to match specific job requirements instead of using a standardized template.
Leverage relationships: Use existing connections with recruiters for feedback on your resume. When considering resume writing services, research thoroughly and read independent reviews.
Craft a compelling cover letter: Take the time to create a cover letter that aligns requirements with personal achievements, showcasing immediate value to potential employers.
Networking matters and saves weeks of waiting: Go beyond major job boards; tap into your network for unposted openings, as most positions are filled through referrals.
Persistence Pays Off: Follow up with employers who haven’t responded, as internal communication gaps can lead to delays.
Be Realistic: Understand that securing opportunities may take time, especially during the holiday season or the start of a new fiscal year. Exercise patience in the job-seeking process.
A CISO offers her advice
VentureBeat recently interviewed Merritt Baer, Field CISO, Lacework, to get her perspective on the current state of the cybersecurity job market, the hiring practices of companies and how women can get started in the field.
“We know that people who walk through the world differently think differently. They approach problems differently, they code differently. So companies should take concrete action to hire diversely— not just because it’s the right thing to do ethically, but because it’s the smart thing to do for business,” Baer said.
She continued saying, “We also know that, unfortunately, women face challenges getting in security and returning to the security workforce after a detour. For those breaking into a new field, my advice is simple: Who else but you? We all had to learn this stuff at one point. Pick something and dig in (there’s lots of free training online, from GitHub to YouTube to targeted cloud trainings)–make it something folks associate with you. And, build your network– not at networking receptions but through genuine contacts with folks in the industry.”
Baer says, “My advice to companies: get rid of outdated employee policies, watch for coded language that cages out certain folks, do pay transparency, put genuine energy into job applicants who have been on a break or come from another industry, and be a place folks want to work. It’s good for business.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.