Want a new job? Want one with a big pay packet where a shortage of competition means salaries will stay high for years to come? Then why not become an ethical hacker.
Joblift is reporting that demand for ethical hackers in the UK has risen again. More importantly, demand continues to outstrip supply by threefold. That means that anyone with reasonable skills should be able to get a job immediately.
The company is reporting that 4,320 ethical hacking jobs have been posted in the UK in the last 24 months. The number of positions is increasing as organisations look to bolster their internal cyber security teams. At the same time, they are competing with security providers and security vendors who are also looking for more skilled workers.
A quick look at several online job sites shows that daily contact rates for ethical hackers are between £400 and £700. A yearly salary for a Junior Penetration Tester starts at £27,000 and quickly rises to £100,000+.
What skills do you need?
The key thing is accreditation. 70% of jobs want people with some type of industry qualification. CREST, CHECK, CCT, APP, INF were the most mentioned. Demand for Certified Ethical Hacker (CEH), Cisco CCNA and (ISC)2 CISSP is also high. All of these take time to learn but there are a lot of self-learning resources and books out there. In addition, a lot of training companies run courses on a regular basis.
A knowledge of programming languages is cited in 25% of job adverts but is not required for all hacking jobs. Hacking teams are not all coders. Soft skills such as psychology are just as important as hard skills like coding. An increasing number of attacks are based on social engineering skills. The ability to research a company or target is also an important part of any hacking team.
Expect to have to pass a security check. For government departments this can be quite onerous and intrusive. Commercial organisation will outsource this so clean up those white lies on your CV.
Only 15% of hacking jobs require a university degree. This is good news and something that has begun to change. There are a lot of very skilled self-taught hackers looking for work. They don’t all have a degree and in fact, some might not even have finished school. Hacking is about problem solving and it is easier to overcome academic issues than it is to teach these skills.
Joblift says that just 1% of all job adverts for ethical hacking mentioned the General Data Protection Regulation (GDPR). It seemed to think this was a surprise but it is not something that most ethical hackers would be involved in. They might work on projects to make sure that personal data was secure but it is unlikely that they would have any responsibility for GDPR.
What does this mean
The growth in jobs across the cyber security continues to outstrip supply by a significant amount. Ethical hacking is very much in vogue at the moment. Organisations are beginning to develop their own Blue Teams to test their software and systems. Vendors and security services providers are struggling to meet demand for Red Teams. These attack systems to find vulnerabilities.
All of this means there is a burgeoning jobs market out there. When demand outstrips supply it creates opportunities especially for the self-motivated. It also creates problems for organisations who are keen to bring in anyone who claims to have skills. The latter runs the risk of businesses finding that their security teams are not as good as they think.
The most important part of this news is the rise of soft skills and the decline in demand for a university education. Part of the problem in the cyber security industry is that a lot of potential employees are disallowed due to poor educational records. That does not mean that they are unskilled, it just means they have a different skill set.
In October, Cyber Re:coded will take place in London. It is being positioned as Europe’s biggest cyber careers show. Anyone who wants to change career should take a look at what is on offer.