The demand for security professionals today is higher than it’s ever been before. It’s a hot field to be in, considering how fast technology is advancing, companies are digitizing, and threats are proliferating. 2017 paved the way for massive growth in the security field, so let’s take a look at where the hotspots are and why now is the time to get into security, if you’re not already.

Why Security? Why Now?

Cybersecurity Ventures predicts that global cybersecurity spending will exceed $1 trillion from 2017 to 2021. Accordingly, there will be 6 million more security jobs coming on the market — but 1.5 million of them will go unfilled due to a major talent gap.

If you’re a security professional today, this is good news for you. Being in high demand means you have excellent job security, strong compensation, and plenty of options if and when you’re ready for a change. If you haven’t decided on a career path yet, or are considering getting into the security field, these statistics alone may be just what you need to consider security as an avenue.

With that said, finding a niche that suits your unique personality, skills, and interests can be challenging. To help you navigate the crowded scene, we’ve broken down the top roles and responsibilities on the market today to help you find the best fit.

2017’s Top Security Roles and Responsibilities

Companies of all shapes and sizes today need security talent — but it can be confusing to sort through what each role entails and, most importantly, if it’s right for you. In our eBook, Defining the Career Path of a Security Professional, we provide a detailed security careers matrix. For the sake of this post, we’ve simplified it, but grab a copy of the full eBook to see it in its full glory.

PositionResponsibilitiesRequired Skills
AdministratorConfiguring and maintaining the company’s IT infrastructure
  • Fluency with computer systems, networks, and equipment
  • Ability to troubleshoot complex issues
  • Detail-oriented
Security AnalystStrategizing and executing security protocols, monitoring company networks, responding to threats.
  • Computer systems experience
  • Deep understanding of the threat landscape
  • Strong problem-solving and communication skills
  • Calm and collected under pressure
Incident ResponderMonitoring for intrusions and vulnerabilities, cleaning up after and attack and mitigating future attacks
  • Process-driven
  • Fluent with generating detailed reports
  • Strong communication skills
  • Ability to act fast
Security EngineerDesigning and building secure IT systems
  • Strong development skills
  • Comprehensive understanding of the threat landscape
  • Strong communication skills
Security ResearcherResearching, tracking, and responding to incidents
  • Expert research skills
  • Persistence
  • Ability to follow complex problems
Penetration TesterTesting computer systems, networks and applications for vulnerabilities
  • Deep understanding of computer systems, networks and servers
  • Expert knowledge of threat vectors and complex attacks
  • Ability to think like an attacker
Security AuditorPerform a security audit of systems and recommend changes to improve the integrity of systems
  • Auditing and analysis experience
  • Knowledge of common security policies
  • Communication skills
CryptographerDevelop encryption models for information and system security, decode encrypted messages, detect weaknesses in security systems
  • Mathematical and analytical skills
  • Ability to think like an attacker
  • Problem solving skills
Leadership: CISO, CSO, CPO, ManagerBuild the security strategy, communicate security priorities to the organization, oversee the security program’s effectiveness
  • Broad and deep security experience
  • Leadership skills
  • 10+ years of experience in the security or compliance field
  • Top notch communication skills
  • Ability to work well with and manage others

As you can probably tell, security requirements have gone digital. Today’s top roles are responsible for detecting both known and unknown threats, and are measured on how fast and effectively they can respond. This is one overarching reason why security automation and orchestration have become key to both small and large enterprises alike — it allows security teams detect and respond to threats faster by enabling their tools to do most of the work for them.

Needless to say, 2018 will be equally, if not more, interesting in the world of security. If you think you’re cut out for it, this can be a fantastic industry to start or continue your career in.