By 2020, the cybersecurity market size is expected to grow to $170 billion, up from $75 billion in 2015 and security-savvy developers should work to capitalize on this astonishing growth through security related continued education.
A quick glance at the astronomical budgets that governments, and Fortune 100 companies, are allocating towards securing their cyber provides just a small look into the extreme challenges organizations are facing by the increase in both cyberattack sophistication and volume.
J.P. Morgan has increased their 2016 cybersecurity budget to $500 million, up from $250 million in 2015, and their general counsel for IP and data protection says that the company, “still feels challenged” when it comes to threats from cyber attacks. The Bank of America’s CEO Brian Moynihan has stated that when it comes to securing their cyber, there “is no budget constraints” while at the federal level, President Obama has increased their cybersecurity spend to $17 billion in 2017, up from $14 billion in 2016.
Along with the massive budgets being earmarked to protect organizations against the rising wave of cybercrime and cyber espionage comes a difficulty for organizations to fill all the open cybersecurity positions. In 2015 alone, more than 200,000 cybersecurity job positions went unfilled, a shortfall that is on track to increase to 1.5 million by 2019 according to Symantec CEO Michael Brown.
For developers passionate about securing code and willing to invest time adding security to their stack of IT skills, when it comes to career advancement, the world is their oyster.
At the top of the pyramid when it comes to information security jobs and cybersecurity certifications is the Certified Information Systems Security Professional (CISSP), however it requires years of prior experience in the field of information security.
For developers looking to boost their secure development knowledge by attaining a security certification, an ideal place to start your research is 10 Security Certifications To Boost Your Career in order to find the certification that matches both your goals and current qualifications.
When it comes to pinpointing which pathway best suits your career goals in terms of moving forward with cybersecurity, there are numerous routes to take. The number of possible cyber security career pathways available to developers is at least as diverse as any other IT subspecialty.
Developers who have a passion for policy enforcement, incident response, auditing, user awareness and are interested in providing a security perspective on 3rd party products can head in the direction of Enterprise IT security.
Compliance-minded developers with experience developing applications with PCI-DSS, MISRA, FIPS and other policy certifications can find roles available as security, or compliance, consultants or as internal, or external, auditors.
Other routes include jobs in wireless security, network security, cryptography, risk management, identity architects and many others. According to the U.S. Department of Labor, the most sought after job titles in cyber security include security engineer, security analyst, information security analyst, network security engineer and information technology security analyst.
Higher salaries are the most obvious benefit for developers who decide to enhance their cybersecurity knowledge and move into secure development roles. Roles in cyber security can pay up to 9% more on average than IT jobs outside of the security realm. In addition to the monetary benefits, secure developers also get a chance to gain a deeper understanding of the organization’s IT structure, needs and threats as a whole which provides an opportunity for advancement and possible fast track to team leadership positions.
Additionally, the best code defenders and security experts have a passion for security which goes beyond their paychecks. Knowing that they protect both the organization’s and their clients’ private data from cyber-espionage and malicious parties adds to any monetary compensation of working in cyber security.
Security engineers are tasked with building and maintaining IT security solutions within organizations. Among their daily tasks they will perform vulnerability testing, risk analyses and security assessments while creating innovative ways to solve existing production security issues.
Requirements: Degree in Computer Science
Median Salary: $88,777
Security analysts are in charge of the detection and prevention of cyber threats against an organization through an ongoing analysis of the company’s IT infrastructure. Day to day tasks include the planning and implementation of security measures and controls, data maintenance and the monitoring of security assets, in-house security awareness training and more.
Requirements: Between 1 and 5 years of prior cyber security experience
Median Salary: $66,787
Penetration testers, or legal hackers, help organizations to find security threats in applications, networks and systems. They’re also known as pentesters and will find themselves testing applications and other IT aspects by simulating cyber attacks which have been found in the wild, prior to a component’s release to production which is critical to securing an organization’s security posture in the face of growing cyber threats.
Requirements: Unlike other cybersecurity, many openings for pentesters do not require a previous degree, however this is a job where your abilities will be under constant scrutiny, so some formal education is recommended.
Median Salary: $77,774
Security consultants work to design and implement innovative security solutions that are aligned with the goals and needs of their organization. Since security consultants are relied upon by numerous different departments to guide, and implement, long-term cyber security strategy, extensive industry experience is required for this role. For developers who are new to the security role, starting as a pentester, or security analyst, is recommended, although after proving themselves in other security roles, and understanding the industry inside-out, for between three to five years, aspiring security analysts could find themselves relevant for this role.
Requirements: Degree in Computer Science, between three and five years of experience in cyber security.
Median Salary: $80,763
Incident responders, also known as CSIRT Engineers, or Intrusion Analysts, work to investigate and limit the damage from cyber attacks that have occurred while working closely with the security team to prevent further attacks from taking place. Incident responders constantly monitor their organizations networks and systems for threats while performing audits, risk analysis, malware assessments and liaising with other aspects of an organization’s security organization.
Requirements: Like pentesters, incident responders don’t necessarily have to have a specific degree, although a cyber security certification, or specialization
Median Salary: around $60,000
While security analysts and security engineers must have a degree and extensive experience, there are options for developers who want to turn their security passions into a profession in roles such as incident responders and pentesters, with less intensive requirements. If you’re a developer, don’t wait until November to vote for secure development, start working on enhancing your career in cybersecurity today!
*Salary statistics taken from payscale.com, job description information taken from cyberdegrees.org
For a list of cyber security career opportunities working with us at Checkmarx, click here.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.