There is a cybersecurity talent gap across the US. Here's what to put on your résumé to a land high-paying job in the industry.
- There is a cybersecurity talent gap across the US.
- There are more than 700,000 open cybersecurity roles in the US, according to tracking site, CyberSeek.
There are currently 714,548 open cybersecurity roles across the US, according to data collected by the tracking site CyberSeek.
"There certainly is a talent gap in the United States," Kevin Bordlemay, senior manager of talent acquisition at computer security firm Mandiant, told Insider. "There is by no means enough talent to fulfill the roles that are out there."
This talent squeeze is especially affecting the supply of information security analysts, cybersecurity's largest job.
From May 2021 to April 2022, there was an annual talent gap of 39,000 information security analysts, according to CyberSeek's data.
These analysts can earn a base salary of $82,358 in the US, according to Payscale but analysts at some top firms can make more than double this figure. Two of the highest-paid analysts at EY made more than $170,000, according to publically disclosed foreign labor data.
Cyber jobs can range across at least seven categories spanning 52 different roles, Insider previously reported. Roles such as ethical hacker, information security engineer, and network security architect all reported average base salaries above the six-figure mark in 2019, according to research from Columbia University.
Landing one of these high-paying technical roles can be difficult for candidates who are trying to cast a wide net.
To get past the screening stage, cybersecurity experts and recruiters recommend highlighting unusual experiences and interpersonal skills when tailoring résumés to the industry.
Make an impression
When constructing a résumé, most candidates expect a human to be looking at it. But an increasing number of candidates are being screened by artificial intelligence.
"A lot of times a machine is taking the first glance at a résumé," Bordlemay said. "Most large companies have some type of technology to look at it."
Content and format are both important to get through this first stage. Bordlemay recommended making a résumé "easy to read with the information hitting the major buzz points."
"Once it gets past that machine, recruiters are looking at a resume within 20 seconds," he said.
Bordlemay recommended putting your most significant accomplishment at the top of a résumé. "Capture my attention with something unique that other people have not done. If you don't, nothing else on there is going to matter," he said.
Casey Ellis, founder of crowdsourced security platform Bugcrowd, suggested candidates use the start of a résumé to get across their "overall approach to work, not just the very specific technical cybersecurity things that they've done."
Highlight practical experience
"The biggest thing within cyberspace a lot of time is the hands-on experience," Bordlemay said.
He added that he often looks for candidates who are creative with their technical knowledge.
"A lot of times you have to be creative or even design your own tool to be effective because the threats aren't going to fall in a particular bucket," he said. "The attackers know what the security tools are."
This experience doesn't have to be in a full-time job or internship though.
Bordlemay said that a lot of time it's what candidates have done outside of the classroom that's important.
He said candidates tend to leave out things like having a home lab, working on independent projects, competing in competitions, and playing around with tools to build infrastructure.
Ellis also highlights the importance of being involved in projects. "I see organizations looking for contributions to open source projects," he said. "People can participate in those even if they've never worked in the space before. For example, they will look at GitHub repositories."
In terms of softer skills, Bordlemay said just mentioning "running a club or being in charge of a project can show these off."
Another expert, Dylan Buckley, who cofounded the job site DirectlyApply, said: "Cybersecurity is as much about human interaction as it is about technical capability."
Hackers often try to exploit human users to breach systems rather than overcome a company's security, he said, making interpersonal skills vital to stopping these attacks.