Why are Entry-Level Cybersecurity Jobs Hard to Find?

What Does "Entry-Level" Mean in Cybersecurity?

In cybersecurity, an "entry-level" position typically refers to roles that are suitable for individuals who are relatively new to the field and may not have extensive professional experience. These roles are designed to serve as a foundational step for those looking to kickstart their careers in cybersecurity.

The problem as I see it, is there is a gap in common understanding of “entry level” really means to employers and job candidates. To the job candidate, entry level means I have little to no experience in tech/technology/cybersecurity, etc, and I’m willing to learn it since I am passionate and trying to get my foot in the door.

To the employer, entry level may mean you have some related IT/technology experience, (typically 2 years or more) but you do not have any cybersecurity related experience. That related experience may be in the form of desktop support, system administrator, network administrator, database administrator, application support, etc.

?

That’s the gap.

Some common entry-level job titles could include:

1. Security Analyst: These professionals assist in monitoring network traffic, identifying security threats, and implementing basic security measures.
2. Security Technician: This role involves supporting and maintaining security infrastructure, such as firewalls, antivirus software, and intrusion detection systems.
3. Incident Responder: Entry-level incident responders help organizations investigate and mitigate security incidents, with a focus on learning the ropes of digital forensics and incident management.

So, what are some of the challenges that entry-level job seekers are having?

1. High Demand, Low Supply: The field of cybersecurity is experiencing rapid growth, driven by the increasing frequency and complexity of cyber threats. Organizations are eager to hire experienced professionals, but this means there is a scarcity of true entry-level opportunities.
2. Skills Gap: Many entry-level candidates lack hands-on experience and specialized skills, which makes them less competitive in a field that values expertise and practical knowledge.
3. Certification Expectations: Employers often seek certifications like CompTIA Security+ or Certified Information Systems Security Professional (CISSP) even for entry-level roles, which can be a barrier for candidates just starting their careers. Yes, I know CISSP is a 5 year experience driven cert, but that does not seem to stop companies from listing is as a requirement even for “entry-level” jobs. Seems like a way of saying we only want experienced candidates.
4. Internship Opportunities: Many entry-level positions expect candidates to have relevant internship experience, which can be an obstacle for those transitioning from unrelated fields.
5. Evolving Threat Landscape: The rapid evolution of cybersecurity threats and technologies means that even entry-level roles require a certain level of proficiency and the ability to adapt to new challenges.

What are other challenges that entry-level job seekers face?

Standardization of Job Descriptions: Many job descriptions are not standardized across different roles within an organization, which means they might include the same language and requirements as more senior positions. This can sometimes lead to the inclusion of experience requirements that don't necessarily align with the typical expectations for entry-level candidates. This is why you sometimes see CISSP on entry level cybersecurity positions.

?

Cautious Approach: In the field of cybersecurity, a high level of caution is often exercised due to the critical nature of the work. Employers might feel more comfortable hiring candidates with a few years of experience because they believe these individuals are more likely to handle security responsibilities responsibly and with a greater understanding of the potential consequences of their actions.

?

Specific Skill Set: While it might be an entry-level position, some organizations are seeking candidates with specific skills or certifications typically associated with mid-level roles. They may believe that candidates with several years of experience are more likely to possess these skills.

?

Competition: The demand for cybersecurity professionals has increased, making the job market highly competitive. To reduce the number of applicants and identify more serious candidates, some employers may use experience requirements as a filter.

?

Legal Requirements: In certain sectors, regulatory or compliance requirements can mandate a certain level of experience or certification for security roles, even at the entry level.

?

Unique Organizational Needs: Each organization may have unique security concerns that necessitate a more experienced entry-level candidate. They may have particular security protocols, systems, or procedures that require a candidate with a deeper understanding of security principles.

?

On-the-Job Training: Some organizations may provide on-the-job training, mentorship, or development programs for entry-level hires. In such cases, they expect candidates to learn and grow into the role, but they may use experience requirements as a guideline to gauge a candidate's readiness to take on this training.

?

?

Why Is It So Hard to Get an Entry-Level Job in Cybersecurity?

Securing an entry-level job in cybersecurity can indeed be challenging for several reasons. The number you often hear is there will be more than 3.5 million cybersecurity jobs by 2025. But that’s worldwide for one. According to Cyberseek, there are roughly about 700,00 open IT/cybersecurity roles in the U.S. as of 2022. A lot of those positions are located in certain cities in certain regions in the country. Although the age of remote work has become popular since the pandemic, the remote job playing field has leveled a little more. But even that, is starting to turn into “hybrid” job positions now.

?

?

?

To overcome these challenges, aspiring cybersecurity professionals should consider the following steps:

• Education and Training: Pursue formal education or relevant training programs to build your knowledge and skills in cybersecurity.
• Certifications: Consider obtaining entry-level certifications, which can help you stand out from other candidates. ISC2 Certified in Cybersecurity, CompTIA Security+, and SANS GISF (Information Security Fundamentals) all come to mind.
• Hands-on Projects: Create a portfolio of personal cybersecurity projects and demonstrate your practical abilities. If you have not set up a virtual home lab or even using the devices on your home network as a lab to find out what’s going across your home network.
• Networking: Build relationships with professionals in the field, attend industry events, and seek out mentorship opportunities. This is especially easier since most conferences have a virtual component now. Travelling for simple vendor events can yield you a host of contacts and possible job leads in this industry.
• Internships and Volunteer Work: Gain real-world experience through internships or by volunteering to assist non-profit organizations with their security needs. You should be a member of all of your local IT/cybersecurity organizations: ISACA, ISSA, ISC2, and any other that promote and host events in your area.

?

?

While the requirement for 5 years of experience in entry-level cybersecurity roles may appear paradoxical, it's essential for candidates to apply and communicate their qualifications and skills in their applications and interviews. Employers may be more flexible than their job postings suggest and may consider a candidate's potential, certifications, skills, and willingness to learn when making their hiring decisions. Ultimately, this requirement should not deter qualified and enthusiastic individuals from pursuing a career in cybersecurity.

To wrap this up, the path to an entry-level job in cybersecurity may be challenging, but it's not insurmountable. Demonstrating your commitment, learning, and networking can help you break into this dynamic and rewarding field. It's all about gaining the right experience and building a strong foundation for your cybersecurity career.