You may have heard some buzz about layoffs in the cybersecurity sector. I think it’s important to discount the “noise,” and focus on what’s really going on. The buzz is primarily coming from organizations that saw an opportunity to address a perceived need (in this case, security), and then based much of their value on leveraging investor-driven revenue. Companies that do this tend to be more dependent upon what happens in the stock market, rather than in the jobs marketplace. So, when the economy experiences stress, these companies feel that stress first, and quite acutely.
These companies tend to be, well, noisy. By that, I mean that some of these organizations also excel at getting their word out to the media, making them noisier than more interesting, useful sources of intelligence about the job market. In short, don’t give up hope on cybersecurity jobs. Let me address a couple of what I call “mythconceptions” about cybersecurity job roles, and then offer some solid resources you can consult about what’s going on in today’s IT job market.
The AI Myth: Are Robots Replacing Us?
One of the common (yet, more silly) surface “mythconceptions” often found within the occasional “the tech sector is struggling” stories is that artificial intelligence (AI) has replaced entry-level cybersecurity job roles and workers. It’s no wonder that we worry about tech replacing workers. The world has seen that happen for hundreds of years. We’ve seen it happen in the recent past. Some of us older folks remember the early 2000-era dot bomb bubble, the 2008 great recession, and companies that offshored aggressively. We’ve all seen automation and orchestration become increasingly sophisticated. These are real events and trends that cost jobs, especially in the tech sector (e.g., software and hardware companies). But don’t let them generate myths and scary monsters in our thoughts. I call these negative thoughts “mythconceptions,” because they’re largely based on inaccurate, but powerful perceptions.
In reality, AI isn't replacing entire job roles. Folks in various security job roles have been consulting AI for years. They will continue to do so; AI and machine learning (ML) resources will increasingly become a trusted ally to talented cybersecurity workers. CIOs, CISOs and executive leaders from organizations such as United Parcel Post (UPS), Northrop Grumman, AstraZeneca, DBS Bank, the State of New Jersey, NIST, Cambridge University, Microsoft and more all chuckled at the idea. There will always be the need for human judgement to weigh in on the machine recommendations. For example, our 2021 Workforce and Learning Trends research report showed that AI has become a strategic partner of human-digital teams.
But some jobs are being lost, or at least shifted, for more verifiable, even legitimate, reasons. It’s true that some organizations in security services companies have been affected by the current economy. But, in many cases, the jobs that are lost are in non-technical roles, including positions in marketing, sales and product management. Many times, these companies keep the IT pros. If not, most IT pros have been able to bounce right into another security job in another sector – that’s the reality we’re seeing.
In the security services sector, we have seen some evidence of where workers are moved, as it were, from one organization, or sector, to another. For example, one security services organization in Europe told me it is looking to let go about 200 security operations center (SOC) Level 1 workers over the next few years. This company has many customers, from banks to oil companies, that need to protect their finance websites and oil derricks from getting hacked. But sometimes even common-sense moves tend to get miscommunicated.
The person there told me in one breath that AI was replacing those jobs. But, in almost the same breath, that person then said, "Our clients will hire workers in those same positions.”
I scratched my head at these two comments. Why? Because they contain a fundamental contradiction. I mean, which is it? Is AI eliminating those jobs? Or is the company transferring – or shifting jobs? After all, why shift those jobs if they're no longer needed in the first place?
The reality is that many security service organizations want their clients (the banks and oil companies) to hire people in those same jobs! This isn’t elimination, per se – it’s a shifting of risk, which could be a healthy thing.
Looking a Bit Deeper Into How Security Works: Skin In the Game
The point is some companies in a very specific sector – in this case, the security services sector – may need to cut workers for one reason or another. But we’re not seeing any evidence at all of a bubble burst, or even a slow leak. There is no useful evidence that the tech sector is experiencing the beginning of a collapse. Yes, there are changes and tectonic shifts that happen. That’s natural. But we’re not seeing any evidence of an Earth-shattering tech cataclysm.
So, some companies may be making cost-cutting moves because they are overreacting to changes in the economy. But there's another, more subtle, reason for these apparent cuts. Serious security service companies feel that their clients should have some skin in the game. Shifting security workers to the client transitions them to a liaison or consultative role instead of being fully responsible for security and then getting blamed when the client gets hacked.
This is what I mean when I said these companies are making some smart decisions. If the security services companies force their clients to hire legitimate cybersecurity pros, then the risk – and the blame – is shared. It’s easy, though, to not see these types of nuances, especially when you read various scare headlines about the job market.
Forget the Noise: The Truth About Cybersecurity Jobs In Every Sector
Outside of certain noisy industry sectors, there is a lot of hiring going on. In fact, some sectors have shown considerable net growth that offsets any losses in the tech sector (e.g., companies that make technology, rather than companies that use technology). These are usually organizations whose value isn’t just based on stock price or leveraged finance. They base their companies on models that aren’t drastically affected by changing economic conditions.
If you’re looking for solid sources of information about the IT job market, check out:
- CompTIA’s State of the Tech Workforce
- CompTIA Industry Outlook 2022 report
- CompTIA’s monthly Tech Jobs Report
- CompTIA’s State of the Tech Workforce UK
CyberSeek is a fantastic resource, because it contains the latest information about today’s security job market, including the number of job postings and specific trends. CompTIA teamed up with EMSI Burning Glass and the National Institute for Standards and Technology (NIST) to create CyberSeek. If you’re looking for good information about today’s trends, I recommend reviewing the information found there.
For example, we’re seeing sectors that are experiencing explosive growth. Here’s the growth rate of some of the top sectors that hired cybersecurity pros during the 12-month period ending April 2022:
- Finance and insurance: 112%
- Manufacturing: 172%
- Real estate: 237%
These sectors placed over the tech sector for the first time this year in terms of number of cybersecurity job postings. And it’s not just because the tech sector tanked so hard that the others simply took over. These sectors have experienced net growth in job openings. Other sectors that saw large increases include manufacturing and real estate. These two sectors have transformed quite a bit from analog processes to the 21st-century digital world, so they need security workers.
Digital Transformation Means Demand For Security Pros
Why would sectors like manufacturing and real estate have such explosive growth? It’s hard to say definitively. But manufacturers have come under serious pressure concerning their supply chain security over the past few years. As some resources become more scarce, and as pressure increases to improve delivery times, the last thing manufacturers need is to have their supply chains hacked. Furthermore, manufacturing has become far more tech-heavy over the past several years. As a result, they need to secure the technologies that keep their manufacturing processes moving.
The real estate sector is finally beginning to end their reliance on using paper and fax machines to complete transactions. That has been a long time coming. This change – a major example of digital transformation – accelerated during the COVID-19 pandemic. It’s difficult to complete analog, in-person transactions when you’re prohibited from meeting in person. Even though most of the COVID-19 restrictions have ended for now, it’s still a reality that typical analog business practices won’t cut it in the future. Because the real estate sector has embraced the digital world, they now also recognize the need to secure it.
Cut Through the Mythconceptions and Noise
As you can see, the noisy headlines don’t tell the full story. So when people ask you about job security in cybersecurity, you can let them know it’s here to stay and ever evolving. Just last week, three colleagues of mine in the United States, Europe and Thailand contacted me and asked if I knew some good people I could recommend for jobs. Yesterday, I spoke with a friend of mine here at CompTIA who sees unfulfilled job openings every day throughout the Caribbean in not only security, but also general IT. Our research shows continued, robust hiring. It’s important to focus on the most powerful information you can find and figure out some way to reduce the signal to noise ratio when it comes to looking into the worldwide job market.
Get more articles like this right in your inbox with CompTIA’s IT Career Newsletter. Subscribe today, and you can save 10% off your next CompTIA purchase.