- There is a cybersecurity talent gap across the United States.
- According to tracking site Cyberseek, there are more than 700,000 open cybersecurity roles in the United States.
- Insider spoke to experts and recruiters to find out how to tailor Curriculum vitae In cyber jobs.
According to data collected by tracking site Cyberseek, there are currently 714,548 open cybersecurity roles in the United States.
“There’s definitely a talent gap in the U.S.,” Kevin Bordleme, senior manager of talent acquisition at computer security firm Mandiant, told Insider. “There just isn’t enough talent to fill the roles that are out there.”
This talent squeeze is particularly affecting the supply of information security analysts, one of the biggest jobs in cybersecurity.
According to data from Cyberseek, from May 2021 to April 2022, there was an annual talent gap of 39,000 information security analysts.
These analysts can earn a base salary of $82,358 in the U.S., according to Payscale, but analysts at some top firms can more than double that number. According to publicly released foreign labor data, the two highest-paid analysts at EY earned more than $170,000.
Cyber jobs can span at least seven categories spanning 52 different roles, Insider previously reported. According to Columbia University research, roles such as ethical hackers, information security engineers and network security architects reported average base salaries above the six-figure mark in 2019.
Landing one of these high-paying technical roles can be difficult for candidates trying to cast a wide net.
To get past the screening stage, cybersecurity experts and recruiters recommend highlighting unusual experience and interpersonal skills when crafting resumes in the industry.
make an impression
When creating a resume, most candidates expect a human being to look at it. But an increasing number of candidates are being screened through artificial intelligence.
“A lot of times a machine is taking the first look at a resume,” Bordlemay said. “Most large companies have some kind of technology to look at this.”
Both content and format are critical to getting through this first stage. Bordlemay recommends making a resume “easy to read with information that hits the main buzz points.”
“When it goes through that machine, recruiters are looking at a resume within 20 seconds,” he said.
Bordlemay recommends putting your most notable accomplishments at the top of a resume. “Catch my attention with something unique that others haven’t done. If you don’t do that, nothing else will,” he says.
Casey Ellis, founder of crowdsourced security platform Bugcrowd, suggests that candidates use the beginning of a resume to get a “holistic view of their work, not just the very specific technical cybersecurity things they’ve done.”
Show practical experience
“A lot of times the biggest thing in cyberspace is the hands-on experience,” Bordleme said.
He adds that he often looks for candidates who are creative with their technical knowledge.
“A lot of times you have to be creative or design your own tools to be effective because threats don’t fall into a specific bucket,” he said. “Attackers know what security tools are.”
This experience does not have to be a full-time job or internship, however.
Bordleme said that often it’s what students have done outside the classroom that matters.
He said candidates tend to give up things like having a home lab, working on independent projects, competing in competitions and playing with tools to build infrastructure.
Ellis also highlighted the importance of being involved in the project. “I see companies looking to contribute to open source projects,” he said. “People can participate in them even if they’ve never worked in the space before. For example, they’ll look at GitHub repositories.”
In terms of soft skills, Bordleme just noted that “running a club or being in charge of a project can show these.”
Another expert, Dylan Buckley, who co-founded job site DirectApply, said: “Cybersecurity is as much about human interaction as it is about technical capability.”
Hackers often try to exploit human users to breach systems rather than bypass a company’s security, he said, making interpersonal skills critical to stopping these attacks.