Are you looking for a job in the cybersecurity field? You might have heard that there are nearly 4 million cybersecurity jobs are vacant. It is an eye-catching number! As shared in the previous blog article, the skill gap in cybersecurity is very significant and has posed serious challenges for organizations. But soon, I realized it is not as straightforward as it sounds (like many other industries!). We heard from our students that it is not that easy to land a job, and it takes some time.
So, what is the disconnect? Why is the cybersecurity industry struggling with the skill gap issue, yet candidates — especially those just starting out — are finding it difficult to get hired? In this blog article, we will explore the current challenges in the cybersecurity job market from a candidate’s perspective and offer some tips to help you navigate these hurdles and secure a good job.
The disconnect between job openings and job seekers
Fewer entry- or junior-level positions
One of the major reasons behind this mismatch is the limited number of entry- or junior-level positions available. Not only in the cybersecurity industry, but anyone who has searched for an entry-level job can relate to the frustration feeling of, “You need experience to get the job, but you can’t get experience without the job.” The cybersecurity industry is no exception.
While cybersecurity job openings are abundant, many of them require extensive experience. This leaves newcomers in a tough spot. It’s a bit of a paradox: the industry is in desperate need of fresh talent, yet there are far fewer opportunities for those just starting out. According to ISC2, entry-level positions are surprisingly scarce. Many companies are reluctant to invest in training new hires, preferring “ready-made” professionals who can onboard and hit ground running. This creates a frustrating cycle. Eager, ambitious cybersecurity job seekers struggle to join the workforce and gain practical experience. At the same time, employers continue to face a shortage of qualified candidates.
The skills dilemma: employers want skilled workers, but hesitate to train them
Many cybersecurity positions demand a wide range of technical competencies, including expertise in niche areas like incident response, penetration testing, or cloud security. In theory, this is necessary given the complexity and constant evolution of cyber threats. But from the candidate’s perspective, it can feel like employers are asking for the impossible—expecting mastery in too many areas without offering a clear path to develop those skills on the job.
Cybersecurity is one of those fields where certifications and education are important, but valuable hands-on training is also essential to get you through the door. Many job descriptions call for years of hands-on experience that simply isn’t feasible for someone fresh out of a degree program or with only a few industry certifications. This creates a significant challenge for job seekers who may be passionate, educated, and certified, but lack real-world experience.
There’s another side to this story as well: organizations facing tight budgets and increasingly sophisticated cyber threats often feel they don’t have the time or resources to train employees from the ground up. As a result, they tend to focus on hiring senior professionals with proven track records, leaving fewer opportunities for those at the beginning of their careers. Well, this may seem like a rational decision in the short term, but it only worsens the long-term talent shortage.
What can you do as a candidate?
A recent article written by Peter Kosel, the Founder and Talent Community Manager at Cyberunity AG, highlights additional issues in the current cybersecurity job market, such as long hiring processes, poor relationship management, and the lack of creative solutions to resolve this skill gap situation. Peter argues that there are areas that employers can address by implementing new strategies.
Yes, employers need to take action to close the skill gap, but it might take some time to change the whole dynamics in the job market. So, what can you do as a job seeker?
- Build a strong personal portfolio
Even if you don’t have years of professional experience, you can demonstrate your skills through projects, internships, or personal endeavors. Consider contributing to open-source cybersecurity projects or volunteering with non-profits in need of cybersecurity assistance. Having real-world projects to showcase can make a huge difference. Here are some platforms you can find open-source projects: GitHub, HackerOne, OWASP, InSecurity Stack Exchange
- Focus on certifications that matter
While certifications won’t entirely replace experience, they can open doors. Focus on industry-recognized certifications that align with your career goals, like Cyber Security Specialist Federal Diploma, Certified in Governance, Risk and Compliance(CGRC), or Certified Information Systems Security Professional(CISSP). Research the specific skills in demand for the types of roles you want.
- Network within the industry
Sometimes it’s not just about what you know, but who you know. Attend cybersecurity conferences, webinars, and meetups to connect with professionals already working in the field. Networking can help you find opportunities that may not be advertised widely or gain insider tips on how to get hired. Swiss Cyber Institute have a dedicated Discord Community channel, where cybersecurity professionals, lecturers, our current students, and alumni can connect. Also, there are opportunities to meet them in person at our networking events and BBQ Summer Party! Be connected and build up your network!
- Embrace project-based work
The industry is seeing a trend toward project-based employment, where cybersecurity professionals often move on after completing specific challenges. Be open to short-term or contract work (typically 12-18 months), as this is becoming the norm in the industry.
- Stay persistent and adapt
Breaking into a competitive field like cybersecurity can take time, but persistence pays off. Stay adaptable by continuously upgrading your skills, keeping up with the latest trends in the field, and maintaining a positive mindset.
Here’s some more content from our blog articles to help you better understand the cybersecurity job market! Take a look! Also, Swiss Cyber Institute supports our students in starting or advancing their cybersecurity careers by offering training programs, collaborating with our partner headhunter agency Cyberunity AG, and providing access to an extensive cybersecurity network in Switzerland. If you need any guidance, don’t hesitate to contact us.
Swiss Cyber Institute blog articles regarding cybersecurity jobs:
Top 7 Cybersecurity Skills Every Company Must Have in 2024 (April 19, 2024)
Why cybersecurity good career in Switzerland (January 11, 2024)
Cybersecurity job salary 2022 (November 24, 2021)
How to become a cybersecurity specialist : career guide (August 8, 2021)
3 reasons to consider a career in cybersecurity (May 18, 2021)
ICT Security Expert: your next move in cyber career (February 11, 2021)
Are Cyber Security Careers in High Demand? Here’s the Answer (February 2, 2021)
ICT Specialists are in high demand in Switzerland (September 11, 2020)
