As we come to the end of 2022, the cybersecurity industry is finding itself in the same place it started the year: with a surplus of open positions and organizations desperate to secure the right kind of cybersecurity talent.

By the end of November 2022, there were approximately 770,000 open cyber-related positions in the U.S. alone, according to statistics kept by analytics platform CyberSeek. The total employed cyber workforce stood at about 1.1 million.

While many companies, including tech firms like Amazon, began slowing hiring or announcing layoffs in the latter half of 2022—mainly in response to slowing online ad sales, rising interest rates, uncertainty over inflation and the possibility of a recession or economic slowdown—cybersecurity hiring stayed strong.

“Despite the fact that in the last couple of weeks we’ve seen tens of thousands of employees within the tech industry lose their jobs, and that some of the largest organizations in the world have been making layoffs, within the cybersecurity industry we are still seeing a high and stable demand for employees,” said Shira Shamban, CEO at Solvo, a Tel Aviv-based security firm.

For tech professionals looking to jumpstart a cyber career in 2023, or established IT and security professionals who are looking to move up the ladder or land a better-paying position, these are the cybersecurity job titles and tech areas that will remain important for organizations to staff next year, even with a recession.

To get hired or move up, having the right skills can help, but also knowing which tech areas remain important to an organization’s overall mission is also critical.

 

 

Cloud and Application Security Remain Hot

While cybersecurity remains one market with numerous open positions, Shamban noted that many organizations will look to cut IT staff in areas such as procurement to help reduce or control costs over the next year. 

Even with economic headwinds, Shamban sees companies needing to hire tech talent for application and cloud security in 2023. Much of this demand is driven by the simple fact that many workers remain remote and need cloud resources and enterprise-grade apps to perform their jobs—and cloud infrastructures and business apps remain prime targets for attackers.

“At present, application security engineers and cloud security engineers are among the two most difficult jobs to staff since there is no specific path to become an AppSec or CloudSec professional, as they require knowledge in different domains, a lot of curiosity and independence,” Shamban told Dice.

In addition to applications, many large organizations continue to rely more on containers as part of the application development process. Those who understand containers and Kubernetes security have skills that are hard to find—making them attractive to organizations who need these types of tech workers, said Davis McCarthy, principal security researcher at Valtix.

“The growth of containers in modern applications has created an unmet demand for also securing container technologies—like Kubernetes. As more malware strains enter the threat landscape, those with the ability to reverse engineer and analyze them will be needed to combat cybercrime,” McCarthy told Dice.

For those looking to enter these two fields, McCarthy added that candidates not only need to understand cybersecurity, but they also must demonstrate knowledge of how the app development process works.

“Professionals with strong security backgrounds and development skills are needed to purposefully automate the security of cloud-native applications,” McCarthy said. “Organizations do seem to be looking for more cybersecurity professionals with experience in developing and securing cloud-native technologies—more so than in the last few years.”

Information Security Analysts Remain in Demand

Several industry observers noted that the role of information security analyst will remain in demand next year and likely beyond. 

The statistics back this assertion. The U.S. Bureau of Labor Statistics, for instance, found that the position of information security analyst is expected to grow 33 percent between 2020 and 2030. One reason is the job requires a diverse amount of knowledge from candidates who might help maintain and secure an organization’s firewalls and network one week and then analyze threats to infrastructure the next week.

At the same time, hiring managers continue to have trouble finding the right applicants for this position, which can start with an annual salary of $103,000.

“Since there will be a major shortfall in terms of applicants with a relevant bachelor’s degree, managers will be looking for people with security certifications or, sometimes, raw candidates with the right combination of skills and mindset to make the jump into this $103,000 per year job,” Mika Aalto, co-founder and CEO at security firm Hoxhunt, told Dice.

“Cybersecurity success demands a more holistic approach than purely information technology, so it’s vital to know how to think about the whole system—the people, processes, and the technology—holistically to fit the pieces together seamlessly enough to prevent attackers from infiltrating the network,” Aalto added.

Get to Know Zero Trust

There’s been so much discussion over the past few years about zero trust that it might seem the whole topic is a bit hyped. Analysts and researchers, however, continue to see organizations move toward this approach, paired with a need to hire tech pros who understand the concept.

Research firm Garter, for example, released a report in October that found zero trust network access will grow 36 percent in 2022 and another 31 percent in 2023, mainly driven by the need for a hybrid workforce that requires remote access.

“Organizations still attempt to try and secure remote access with the existing security technologies they already have such as password managers and VPNs. This results in many security gaps and limitations,” said Joseph Carson, chief security scientist and advisory CISO at Delinea. “Some organizations will fall short by trying a checkbox security to protect access with simple password managers, which means relying on business users to make good security decisions.”

This is one reason why organizations must hire tech and security pros who understand zero trust and can implement the principles of this approach across the enterprise.

“The need for organizations to align zero trust to their business needs is growing, which means an increasing demand for security professionals who can design and implement security strategies that meet a zero trust mindset and design,” Carson told Dice.

Remember to Keep Skills Up-to-Date

While cybersecurity will remain a strong part of the tech sector, industry watchers note that, with the number of layoffs increasing, companies that do have money to spend might take more time to hire. 

Why? There is simply more talent available to hire for open positions. “Organizations have the financial incentive to wait for the right applicant–time is on their side, they can be picky about who they hire and when,” McCarthy noted. “However, layoffs from major tech companies give smaller businesses an opportunity to invest in new employees and gain an edge over the competition.”

This is why it remains critical for tech pros to keep their skills up-to-date and remain current on what areas remain critically important for organizations and their security plans.

“In the tech, as well as cybersecurity industries, we have seen several recent layoffs. That being said, the time on the bench is usually much less for tech workers looking for work. The biggest trend that could become a negative pressure for IT pros is outsourcing. But even then, not enough jobs are being outsourced to outstrip the increase in demand here in the U.S.,” John Bambenek, principal threat hunter at Netenrich, told Dice.

“Absent a significant economic downturn, the IT and tech jobs market is only getting better. The job market thrived during the pandemic when others significantly declined, and if the IT job market could survive the COVID shutdown, it will remain robust,” Bambenek added.