Many people think cybersecurity professionals are technological masterminds who spend their days chasing hackers and other cyber attackers through the virtual corridors of cyberspace in real time. While this engaging caricature of cybersecurity undoubtedly inspires some to learn more about the field, it likely keeps others away – specifically, those without programming experience or a background in computer science. Myths about cybersecurity careers overshadow the realities of this profession, which is unfortunate given there is an ongoing talent shortage in the field.
According to the 2021 Cybersecurity Workforce Study from the information security organization (ISC)2, 65% of organizations report being unable to find the cybersecurity staff they need. Additionally, 59% say they are “at moderate or extreme risk of cybersecurity attacks” due to the scarcity of cybersecurity expertise and 63% report a shortage of cybersecurity-savvy IT professionals. This is an important distinction because one of the biggest myths surrounding this discipline is that only dedicated cybersecurity experts can ease the cybersecurity talent shortage.
Increasingly, cybersecurity is not a discipline that exists in a silo. Instead, it is part of IT, network engineering, information management and even people management – what labor market analytics firm Burning Glass Technologies calls cyber-enabled jobs. According to Burning Glass, these hybrid technology roles are common, and “more than half of jobs demanding cybersecurity skills are in fact other IT roles, where security is only one part of a broader job description as compared to jobs like information security analyst, where security is their primary function.”
Hybrid technology roles are so common, in fact, that Burning Glass began including all job openings calling for cybersecurity skills and certifications in its assessments of the cybersecurity and infosecurity employment landscape. This article looks more closely at how cyber-enabled jobs fit into the larger cybersecurity landscape, how cyber-enabled jobs differ from cybersecurity jobs and how a cybersecurity degree such as The University of Tulsa’s 100% online M.S. in Cyber Security can help you prepare for a future in which cybersecurity is fully integrated into digital operations.
The scope of cybersecurity is shifting
The answer to the question ‘What is cybersecurity?’ used to be relatively simple. It was a technological discipline focused on protecting computer systems and the information processed and stored within them. Today, cybersecurity also encompasses business risk assessment, compliance management, vendor/user education and other technology-adjacent concerns that IT may or may not handle. The idea that cybersecurity is everyone’s responsibility is gaining traction for several reasons, but two stand out.
First, cybersecurity is an economic issue. Cybercrime costs trillions of dollars annually, and a single large-scale hack or data breach can cost an organization $13 million. An organization’s best first line of defense may be information management professionals, human resource managers and executives who understand computer security and can prevent costly security mistakes before they have a chance to happen.
Second, cybersecurity is a human issue. Each person in an organization is a potential point of vulnerability. One 18-month analysis revealed that more than 99% of successful cyber attacks required humans to take some action (e.g., running a program or entering a password). Consider that a network protected by a single dedicated cybersecurity professional may have a user base of thousands of people who interface with the system daily. Cybercriminals don’t need to strong-arm their way into networked machines when security awareness and security tools are lacking. They can leverage malware or ransomware installations or phish for passwords from staff members in and out of IT to gain unauthorized access.
Cybersecurity transcends technology
Cybersecurity professionals may need advanced technical skills, but most cybersecurity jobs don’t involve catching cyber terrorists or going head to head with black hat hackers. Top cybersecurity master’s programs such as The University of Tulsa’s M.S. in Cyber Security acknowledge that a comprehensive education in modern information assurance and network defense must cover everything from threat intelligence, incident handling and recovery management to the human factors in information security, computer systems security and network security.
What does cyber-enabled mean?
The Burning Glass Technologies report linked above asserts that while cybersecurity is a specialty, “most of the workers who practice it are not specialists.” More than 55% of all job openings that mention or require cybersecurity skills are cyber-enabled jobs, not dedicated cybersecurity positions.
Workers in those positions are responsible for maintaining network security, developing security strategies or standards, securing processes, securing data, ensuring compliance and more; however, their titles and job descriptions do not necessarily reflect their responsibilities. Additionally, people in cyber-enabled roles may not think of themselves as cybersecurity professionals even if keeping systems and sensitive information secure – or creating cybersecurity strategies – is a large part of what they do.
What do cyber-enabled jobs look like?
Because there are numerous types of cyber threats, there are many different types of cyber-enabled jobs. Cyber-enabled workers tend to understand cybersecurity fundamentals but don’t need the breadth and depth of knowledge dedicated cybersecurity engineers and cloud security engineers typically have.
Most cyber-enabled jobs are in technology. Professionals in cyber-enabled positions at large companies may do technical work that supports the efforts of the cybersecurity team. In smaller organizations, IT staff with titles such as database administrator, information systems manager, network engineer or system administrator may be responsible for keeping data and systems secure.
Software development is another area of technology in which cybersecurity is increasingly critical. More organizations now prioritize secure software design that integrates cybersecurity best practices into processes at every stage of the development life cycle. This involves considering abuse cases as well as use cases, identifying potential cybersecurity threats and vulnerabilities, establishing secure defaults and finding ways to minimize the attack surface area of applications. Developers with cybersecurity skills can create system software and applications that are secure at the time of release and adaptable.
Many cybersecurity professionals already have non-technical roles
The online recruitment and employment giant Monster.com reports the most common job titles in cybersecurity are cybersecurity engineer, cybersecurity specialist, cybersecurity analyst and cybersecurity architect. However, many professionals whose responsibilities involve keeping systems, databases or software secure work in semi-technical or non-technical roles. Security auditors, for example, create organizational processes and policies designed to safeguard their organizations’ digital assets and ensure business continuity.
There are also cyber-enabled jobs in governance, risk and compliance. Professionals in this sector have titles such as risk manager, risk analyst, GRC analyst, data security administrator and privacy analyst. They tend to be experts in the security risks associated with typical business activities and operations, policies and processes related to data protection and privacy regulations that govern data security and information management.
Other cyber-enabled roles are in management and administration. Some professionals who oversee network security, information security and other elements of cybersecurity come from technical backgrounds. Other cybersecurity managers and directors have professional backgrounds in disciplines such as auditing and compliance or business intelligence. According to research conducted by consulting firm Frost & Sullivan, 33% of executives and C-suite professionals in roles related to cybersecurity launched their careers in non-technical fields.
Cyber-enabled jobs are the future of cybersecurity hiring
There are not enough cybersecurity experts in the U.S., and there is a shortage of qualified cybersecurity professionals worldwide. In 2020, there were 3.1 million unfilled cybersecurity-focused positions. There are 800,000 cybersecurity professionals in the U.S., but to fill all the open cyber positions across the country will take at least 500,000 more.
The cybersecurity talent gap is troubling for several reasons. Hacks and breaches go unaddressed for far too long, simply because there is not a large enough workforce. The average time to identify a data breach in 2020 was 207 days. Containing those breaches took an additional 280 days. The shortage also puts the onus for keeping systems and information secure on staff who have varying levels of tech-savviness. Some employers expect professionals in decidedly non-technical disciplines to have enough cybersecurity knowledge to keep the systems they use secure. And training up the next generation of cybersecurity engineers and experts may take a great deal of time, even with the expansion of advanced cybersecurity degree programs such as TU’s M.S. in Cyber Security and support for cybersecurity education initiatives from the White House and government agencies.
Organizations that can’t find qualified cybersecurity engineers will likely look to professionals with IT, computer science, data science and database management experience to manage information security, application security and system security and implement security solutions.
Preparing to join a cyber-enabled workforce
As more industries integrate digital technologies into products and processes, more jobs will become cyber-enabled. Employers will increasingly look for workers with ancillary cybersecurity skills and knowledge and may even prefer hiring cyber-enabled workers over dedicated cybersecurity specialists. The best way to prepare for the coming cyber-enabled future involves reskilling in a comprehensive program that does not require taking time out of the workforce.
TU’s online cyber security master’s program faculty prepare students to become experts in the theory, concepts and techniques of information assurance and network defense in real-world environments in as little as 20 months or over four years, depending on how many courses they take each semester. Because cybersecurity is such a broad discipline and evolving so quickly, there is no typical M.S. in Cyber Security student – and no typical career trajectory. Alumni work in cybersecurity, information systems and database management, IT management, network engineering, software engineering and system administration.
After earning your M.S. in Cybersecurity from The University of Tulsa, you may transition into a dedicated cybersecurity position. Or you may advance into seemingly unrelated positions that let you leverage your cybersecurity skills to build cybersecurity frameworks, prevent security incidents and protect end users from phishing attacks, security breaches or malicious software. Ultimately, there is no one ideal pathway in this field. What matters most in a cybersecurity landscape increasingly defined by cyber-enabled jobs will not be your title but the skills you bring to the table.
Are you ready to take the next step in your career? Apply now or visit the online M.S. in Cyber Security FAQ for more information about admissions, the student experience, scholarships and financial aid.