Cybersecurity Hiring Trends Now and in a Post-Pandemic World

Chloe Haywood
Author: Chloe Haywood, Recruitment Specialist, Cyber Security, Preacta Recruitment (Sydney, Australia)
Date Published: 15 October 2020

Editor’s note: Throughout Cybersecurity Awareness Month in October, the ISACA Now blog will publish new posts on hot security topics each week. For additional ISACA cybersecurity resources, visit our Cybersecurity Awareness Month page.

There’s no doubt the coronavirus will permanently change the world we live in. For most of us, the past seven months have been a bumpy ride. Demonstrating adaptability (combined with a big dose of resilience) will be key to keeping the wheels turning career-wise in 2021.

COVID-19 has impacted our economy, our physical and mental health, and of course the job market. As a recruitment consultant specializing in cybersecurity, I have witnessed first-hand how the global pandemic marked the beginning of mass restructure, hiring freezes, upscaling, downscaling and the list goes on…

So, how has the cybersecurity market fared? What changes are here to stay? And what changes might we even be grateful for in a post-pandemic world? After all, change is scary, but it’s also something to be embraced.

Fortunately, cybersecurity is still a future-proof industry. Threats are still very real. While other industries have suffered enormously, the demand for cyber professionals remains largely the same. As a recruiter, I’m inundated with market analysis, insights, salary surveys, etc., every day. To help corroborate the content circling my LinkedIn feed, I turned to my organization’s trusty Ph.D Researcher, Mia and BI Analyst, Bruno, to dig deep into data across the industry.

The undoubtable
The pandemic unleashed a wave of cyber attacks that made news headlines on numerous occasions. There are a couple main reasons why: 1. We were more vulnerable at home; 2. Hackers capitalized on the pandemic, distributing fake emails in the form of health advice, hacking healthcare provider systems, and so on.

As a result, the Australian government is making the largest-ever investment in cybersecurity through its AUS $1.7 billion 2020 Cyber Security Strategy. That figure includes a $470 million investment to expand the cybersecurity workforce, with the creation of 500 new jobs. 

According to our research, incident response, threat, vulnerability, forensics & cloud security are five verticals likely to demand the most talent in 2021. DevSecOps and application security are also looking hot, as data center security, network security and IT security operations roles will continue to decline.

Salaries have leveled out
It’s no secret that a career in cybersecurity generally pays pretty well. Unsurprisingly, 2020 hasn’t affected Security Architecture as the front-runner, with the overall average base salary sitting at AUS $176,805 in Sydney. Meanwhile, DevSecOps (which is a growing profession with an increasing demand for talent) has swooped in as close second with an average base salary of $160,000.

Penetration testing as a siloed role has taken a hit, with the average base salary decreasing from $120,000 in Q4 of 2019 to $108,000 in the current quarter. This won’t be a permanent change, but a necessary one for now. This is far more reflective of utilizing consultancy staff as opposed to internal pen testers. It’s a critical service, but not everyone is allocating the budget for it right now.

Roles within incident response, application security engineering and IAM managed to slip through hiring freezes, with many Governance, Risk and Compliance (GRC) & architecture roles taking a brief pause. It’s been refreshing to see these bounce back in Q4, but will salaries remain as high? Organizations are still going to act with caution.

On the flip side, in a market with the highest rate of counteroffers as demand far exceeds supply, re-adjustment of salaries could put a stop to peers with the same level of experience earning a totally different salary. Rapid salary inflation in the cybersecurity industry is at an all-time high, with a YoY increase becoming the norm. For anybody unfamiliar with the term counteroffer, it refers to an offer made by the person’s current employer to beat one from their potential employer. This can lead to huge pay differences and unrealistic expectations for newcomers across the board.

Remote working = larger talent pools
We’ve all proven we can work from home successfully. We’ve earned trust and been just as productive. The work from home stigma has lifted – hallelujah.

And if we can work from home, we can work from anywhere.

For those in a hiring capacity, this is a real game-changer. A larger talent pool translates to better hiring. The so-called “talent shortage” in cyber security will still be indisputable, but it will be reduced. For the first time ever, organizations will be open to hiring candidates in other areas and, above all, regional candidates who might not have been considered in the past will have access to big city opportunities. A win-win for both parties!

In addition, access to larger talent pools will naturally boost diversity hiring. For organizations with strict gender diversity strategies, ensuring a 50/50 gender-balanced shortlist could be more achievable.

In conclusion? While 2020 has been one heck of a roller coaster, it’s not all negative for the cybersecurity industry. Our data shows that cyber professionals are still very much in demand, and with the government’s investment in cyber, there will be more jobs flooding in. Plus, with the ability to work remotely, cyber professionals have more freedom and flexibility than ever before. Now, who’s ready for 2021?