Over the past month, thousands of college and university students throughout the U.S. have graduated with their degrees and are now entering one of the most dynamic job markets ever seen, with record low unemployment and companies and organizations eager to hire for any number of open positions. In addition to other skills, these potential employers are all hungry for cybersecurity experts.
In April, the National Association of Colleges and Employers released a study that found employers plan to hire 31 percent more new college graduates from the Class of 2022 compared to the Class of 2021. And while nearly all private sector firms are looking for skilled workers, cybersecurity remains one area within the tech sector that consistently offers thousands of job openings, ranging from entry-level employment opportunities to high-ranking executive positions.
The Biden administration, which has made cybersecurity one of its top initiatives following a series of ransomware attacks and other threats to the nation’s critical infrastructure over the last three years, estimates that there are around 600,0000 open cybersecurity positions throughout the U.S. This includes jobs in the private sector and open positions at the local, state and federal government level.
For recent grads, whether they studied computer science or are simply interested in exploring the field, cybersecurity offers a wealth of opportunities for the Class of 2022. The right set of skills can make a huge difference in landing a position, several experts noted when asked about potential job opportunities for those looking for employment this summer and fall.
“Cybersecurity is a field that’s wide open and recent grads shouldn’t be intimidated by how much or how little direct cybersecurity experience they’ve had to date—today’s technology landscape is volatile enough that everyone in the field is constantly learning and adapting,” Tim Wade, deputy CTO at security firm Vectra, recently told Dice. “More important than experience is good fundamentals and a drive to learn, explore and face challenges head-on—that said, direct hands-on experience with scripting or coding is always a big plus.”
What It Takes to Get Started
While hiring in cybersecurity is wide open, Kevin Woods, the director of the recently launched GuidePoint Security University (part of GuidePoint Security), noted that recent graduates who participated in specialized internships or undertook training focused on cybersecurity during college have an advantage. There are also other options for graduates, especially for those who might consider government work as their first career stop.
“Remember that cybersecurity companies don’t just hire in the summer after college graduation; they hire all year round. Other options are to look into government work, which always has a need for new security analysts, or to consider shift work, as many security operations centers are run 24/7 and it's difficult to fill all three shifts,” Woods told Dice.
Another consideration for those looking for cybersecurity work is the ability to show a baseline level of understanding of cybersecurity and general computing topics, Woods added: “For example, what are the security implications of DNS? Why do we use encryption? How does SQL injection happen? I'd recommend staying up-to-date on current cyber topics and events and [for graduates] to continue to read and learn about emerging threat groups or newly identified vulnerabilities.”
Mark Lambert, Vice President of Products at ArmorCode, noted his three tips for recent grads who are interested in cybersecurity and want to build up the necessary skills to enter the field:
- First, build awareness of the development process. If you've not already, go online and take a free Java development course, create a GitHub project and learn the basic concepts.
- Second, run security tools on an open-source project such as WebGoat or JuiceShop. Many security tool vendors have free or community versions. Those who are interested can get free accounts set up and run them on open-source projects or public websites and learn how these tools work.
- Third, become part of the community. Look for an OWASP chapter in your area and start networking. Attend the sessions (many are still virtual) and put on your resume and social media profiles that you are a member.
“Cybersecurity is a hot job market right now. It’s especially white-hot for those individuals who can communicate with development teams,” Lambert told Dice. “The biggest challenge organizations are facing is that they cannot find individuals that can translate security concepts into actions that the development teams can quickly perform.”
What Cybersecurity Skills Can Help?
There is no one specific tech or coding skill-set that can help a recent college or university graduate out when it comes to landing a cybersecurity position, and experts remain torn over whether certain certifications make that much of a difference.
Learning about specific areas, such as Zero Trust, can help, especially with the recent White House emphasis on that particular security concept, said Ravi Pattabhi, vice president of cloud security at ColorTokens, a San Jose, Calif.-based security firm. Another area of interest is cloud security.
“Rapid, global cloud adoption means it is really important for fresh grads to have some level of familiarity with cloud and securing cloud infrastructure,” Pattabhi told Dice. “There is a great demand for grads with cloud experience in Amazon Web Services, Microsoft Azure and Google Cloud Platform, especially with developers. Lastly, knowledge of some rapidly growing programming languages like Go and Rust is also a big plus.”
Mohit Tiwari, co-Founder and CEO at Symmetry Systems, agreed that cloud-related skills (especially how best to protect these platforms) are key to landing a cybersecurity position and a surefire way to get a leg-up on the competition.
“In the near future, workloads will very likely be deployed on the cloud, managed as code using CI/CD and run-time systems like Terraform and Kubernetes,” Tiwari told Dice. “This means security engineers will look a lot like classic computer science engineers—and will have a unique opportunity to build security functions into a service mesh. For example, to build domain-specific languages to author compact policies, compilers to translate these into cloud-identity and access management backends, and run-time analysis and response to build resilience into a service mesh.”
GuidePoint Security University’s Woods added that, as far as other skills are concerned, CompTIA’s Security+ certification at least lets companies know that a job seeker has foundational knowledge to conduct cybersecurity tasks. An understanding of file structures and processes for Windows and Linux operating systems also helps.
The important part to remember, however, is that cybersecurity remains a broad field with various entry points for those interested in a career. “Recent college graduates should spend some time exploring the different areas of security and look to break in where there are more entry-level opportunities such as security operations, application security and vulnerability management,” Woods said. “There is always a need for SOC analysts and threat hunters, which are great places for one to start their cybersecurity career.”