- The demand for cybersecurity jobs is expected to grow significantly in the coming years.
- Cybersecurity executives told BI that the threat landscape has changed in the wake of AI.
- They also explained why it's been difficult to meet demand.
The launch of ChatGPT just over two years ago sparked an AI race among tech companies. The resulting easy access to the AI tools also ushered in new risks that have led to increased demand for cybersecurity talent.
"Every time you create something for good or for growth, some adversary is going to use that," Chris Schueler, CEO of cyber solution provider Cyderes, told BI.
In short, the bad guys can access the same AI smarts and efficiencies the tools unlock.
And while AI companies have safeguards in place to prevent bad actors from using tools maliciously, cybersecurity professionals have to actively work to "stay one step ahead of them," Schueler said.
"The bad guys are getting really good," Chris Risley, CEO of wireless threat intelligence company Bastille, told BI.
As the threat landscape changes, cybersecurity jobs are in high demand as companies and governments seek to safeguard against AI-fueled cyberattacks.
The number of employed information security analysts, who focus on protecting computer systems, is expected to grow 33% between 2023 and 2033, according to the US Bureau of Labor Statistics.
In conversations with Business Insider, more than half a dozen cybersecurity executives explained why demand for cybersecurity roles has grown and how the security concerns facing companies have evolved.
Paul Caron, head of cybersecurity of Americas at global corporate intelligence and cybersecurity consultancy S-RM, said that attackers are using AI to "better understand behavioral analytics," such as the time someone logs into work.
Danny Jenkins, the CEO, and cofounder of cybersecurity platform ThreatLocker, said that AI also opened the door to anyone with a computer being able to create malicious software.
"Two years ago, if you wanted to write a piece of malware, you had to be skilled enough to write malware," Jenkins, whose company has clients including Jet Blue, told BI, adding that you "no longer need to be a smart engineer."
AI tools have also made it easier for traditional phishing scams to mask some of theusual red flags, like detectable spelling errorsor poorly constructed messages. It's also advanced newer attack methods for bad actors, like deepfakes, with AI-powered audio and video.
"All I need is one good picture of your face, and I can run a deepfake video on you within 20 minutes," Schueler said.
Mike Britton, chief information officer for Abnormal Security, told BI that the evolution of the digital age has also allowed bad actors to attack from virtually anywhere around the globe.
"That's essentially taken a lot of my natural perimeters and protections, and it's dropped all of those walls," Britton said, adding that attackers no longer have to "beat your firewall" or "get into your building."
Technology is also much more deeply integrated into everyday life than it used to be, offering would-be attackers new devices to try to compromise.
"The old insider threat was the disgruntled employee," Risley said. "But the new insider threat is the loyal employee with a compromised device."
'It's a harder job than it was'
There's a growing gap in the workforce of about 4.8 million cybersecurity jobs globally, according to a 2024 study from cybersecurity member association ISC2 — a 19% year-over-year increase.
As cybersecurity risks become more sophisticated, the job has also become more challenging, industry executives told BI, which has made it difficult to meet the rising demand. Cybersecurity roles take 21% longer on average to fill than other jobs in the IT field, according to data analytics firm Cyberseek.
"It's a harder job than it was a few years ago," Risley said. "There's just so many more protocols, so many more policies."
MK Palmore,a director at Google Cloud's office of the chief information security officer, previously told BI that many cybersecurity professionals started in IT and transitioned over. He said it can be difficult for a new candidate to get the needed hands-on experience in the field.
Schueler, who's been in the industry for 25 years, said cyberattacks are "escalating at a pace" he's never seen. That's made it challenging for candidates to keep up with the skills needed. He said an employee taking just three months off could face a "pretty massive" knowledge gap upon return.
The stakes are also incredibly high. DNA-testing company 23andMe agreed to pay $30 million in September to settle a lawsuit after hackers accessed the personal data of millions of its customers.
Last year, a software issue caused by cybersecurity firm CrowdStrike resulted in a global IT outage that disrupted several industries, including airlines, banks, and emergency services. While the incident wasn't the result of a bad actor gaining access to a system, it's a testament to how integrated cybersecurity systems are within the tech that powers the world.
While some companies like Cyderes or S-RM offer specialized training programs, smaller firms may not be able to provide that kind of programming. Risley told BI that his company doesn't usually hire recent graduates, and looks more for "battle-hardened cyber security people."
If you do happen to get a job in the field though, it may be worth holding onto. Schueler told BI the career path is here to stay — and will become increasingly important as technology evolves.
Plus, it tends to pay well.
At the top ranks of the profession, US-based CISOs make about $565,000 annually, with some exceeding $1 million, according to an IANS Research and Artico Search report that includes data from over 755 CISOs between April and August 2024.
Schueler told BI that recent grads and seasoned professionals in cybersecurity can earn above-average salaries.
"This industry does pay very, very well," he said.