TOP 4 Answers: Is It Hard to Get a Job in Cyber Security?

Is it hard to get a job in cyber security…YES!

But if you want to know why or want to find some ways to make it easier, let’s reads on!

Is It Hard to Find a Job in Cyber Security?

No, it’s not actually that hard to find a job in cyber security?

Go to any mid to large-sized company and you’ll find a good supply of available cyber security jobs.

At a national level, there are quite a few cyber security positions open.

Is It Hard to Find a Job in Cyber Security Showing Number of Cyber Security Job Openings and Supply Demand Ratio
Source: Cyberseek

That means that of the 457,398 cyber job openings, there’s only enough people to fill 83% of them.

Even if every person had a cyber security job, there would still be about 78,000 cyber security jobs remaining!

Here’s another statistic showing the percent of organizations that have open cyber security positions.

Is It Hard to Find a Job in Cyber Security Showing % Organizations Having Unfilled Cyber Security Positions
Source: ISACA

From this, you see that in 2024 roughly 64% of the 1,868 respondents, or nearly 2/3rds, worked in organizations that had unfilled cyber security positions.

To recap, not it’s not hard to find cyber security positions; being qualified is a different story.

How Long Does It Take to Get into Cyber Security?

Is it hard to get a job in cyber security?

In a survey of 1042 managers involved with hiring, 78% of them take up to 3 months to hire a candidate!

What does that mean…

Don’t just apply to jobs posted less than 30 days ago but don’t waste time applying to jobs over 3 months old either!

So, is it hard to get a job in cyber security…it is if you’re an entry level cyber security candidate.

It can take between 3-6 months before employers make the choice to hire a qualified cyber security candidate.

How Hard Is It to Get into Cyber Security Showing Time to Fill Cyber Security Positions
Source: ISACA

Keep in mind this only applies if you’re considered a qualified candidate. If you’re don’t meet the minimum qualifications or they find someone more qualified, it can take even longer!

Why Is It Hard to Get a Job in Cyber Security?

Well, there’s really 4 reasons why you’re having a tough time trying to find a job in cyber security.

1. It’s the Economy’s Fault

Sometimes things are simply out of your control.

This could be due to a company-wide layoff, or maybe there’s a market wide recession making it tough for employers to hire more labor.

Showing Unemployment Rates During Periods of Recession
Source: BLS

During periods of economic recession, it’s tough for anyone to get a job, much less cyber security.

2. Shortage of opportunities in your specific cyber niche

After all, there are only so many penetration testing positions available.

If everyone wants to be a pen tester, then some of you are naturally out of luck.

Showing Limited Penetration Tester Jobs Available
Source: MyTurn

As you can clearly see, I wouldn’t hold my breath trying to find a job as a pen tester.

3. Employers Post Unrealistic Job Expectations

Employers make it hard to get a job in cyber security. Sometimes it’s intentional, sometimes not so much.

What do I mean by that?

For example, you’ll look at a job description that ask for too many responsibilities or have unrealistic qualifications when the title clearly states entry-level position.

Showing Unrealistic Job Expectations for Entry Level Job Candidates
Source: Reddit

When I see this, it’s usually because of 3 reasons:

  • There’s a disconnect between the hiring manager and the HR team. One is expecting too much, while the other doesn’t temper expectation.
  • The hiring manager doesn’t have much experience in hiring entry level personnel.
  • Some employers might not know what they need. This is especially true for companies that’ve never hired in the security space.

But there’s another reason why employers make it especially hard…

4. Employers Post Ghost Jobs

You might have been told not to apply for jobs that are more than 30 days old, even though you really should!

That’s because, it’s common for hiring managers to purposely leave jobs open more than 30 days after the role has been filled.

These are known as “ghost jobs”. I know it’s a horrible thing to do to job seekers because it’s a clear waste of your time.

But why do they do this? Let’s take a look…

Basically, it’s a way to get some extra resumes for free just in case a new vacancy opens up!

I can’t completely blame employers for doing this because the cost to purchase resumes is expensive.

But here’s something making even more hard to get a job in cyber security…

That’s right. Roughly 1/3 of all employers were too lazy to remove the job posting.

It could be YOUR fault for not getting a cyber job!

You already know how tough it is to get a job in this field.

Are you truly doing everything in your power to find a job? Because none of what I’m about to tell you is anything new!

1. First off, how marketable are you?

Do people know you? Have they ever heard of you?

You can’t expect people to hire you if they don’t like you. And you can’t get people to like you if they’ve never met you.

Are you going to career fairs, industry networking events, and infosec conferences?

If the answer’s no, that means you’re not spending the time networking with others. Get out there, make yourself known, and tell them (or better yet, show them) what you can do!

Trying syncing with like-minded people at cybersecurity clubs in school or your local MeetUp and BSides.

2. Are also you upgrading your skills at every opportunity?

To be real, everyone’s got security certifications and a college degree. Do you think for one second, a recruiter’s going to waste their time on someone with anything less?

They might…but then you’ve got to work twice as hard to get their attention!

That means go get a new certification, go back to school, or even join a CTF…do something!

3. Are you spending time applying and applying to jobs?

If you already have a job, or are in school, then you’ve got plenty of time in the evenings and weekends.

But, if you don’t have either to worry about, you’ve got absolutely no excuse! You should be applying 10-12 hours per day!

Now, there’s probably dozens of other little things you can do. But the few I mentioned above are critical if you want a job!

Above all else, perseverance and patience are golden. It may take weeks, months, or years; but it will happen.

Looking to upgrade your career?
View our listing of cybersecurity jobs!

What Do You Think?

Is it hard to get a job in cyber security?

Are you currently having trouble finding a job?

What have you done to look for a job?

If you recently found a cyber security job, what do you think worked for you?

Either way, let me know by leaving a comment below right now.

Author

  • Amit Doshi

    Driven by a vision to bridge the cybersecurity talent gap, I’m dedicated to fostering a community where budding enthusiasts and seasoned experts come together. Join me in building a network where we collaborate, learn, and fortify the digital frontier together.

    View all posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top