By Samantha Humphries, security strategist, Exabeam
Interested in a career in cybersecurity — or are you wondering what your peers in the space are thinking? Exabeam’s 2020 Cybersecurity Professionals Salary, Skills and Stress Survey, compiled from a survey of 351 international security professionals has revealed some interesting findings:
- Cybersecurity professionals are satisfied and secure in their jobs despite high-stress levels
- Ongoing education and automation are opportunities for positive change
- Diversity is still low, but moving in the right direction
Fifty-three percent of participants reported they felt their jobs were “stressful” or “very stressful.” Further analysis results reveal that professionals in medium businesses with 251-500 employees are more stressed than their peers in smaller and large enterprises. Based on respondents’ titles, SOC content creation engineers and security engineers reported the highest stress (at 80% and 75%, respectively). In terms of the type of work, participants with packet analysis and penetration testing responsibilities reported the highest stress (57% and 58%, respectively). And respondents in Australia cited the lowest stress levels compared to their peers in the U.S., Australia, Singapore, and Germany.
Yet, despite the high levels of stress, an overwhelming majority (96%) of cybersecurity professionals stated they were happy with their role and responsibilities, and 89% reported being secure or very secure in their careers. Seventy-seven percent cited a positive work/life balance.
Respondents were also satisfied with their salaries. Eighty-seven percent of respondents reported they are pleased with their wages and earnings. Salary satisfaction was generally similar, regardless of gender, industry, company size, or title. The one notable difference was a lower salary satisfaction reported by respondents without a college degree.
Figure 1: Eighty-seven percent of cybersecurity professionals report satisfaction with their current salaries.
The paradox between high job stress and high job satisfaction could be related to the inherent nature of cybersecurity itself. Cybersecurity is just hard work. Security professionals accept and embrace this reality.
Senior managers should be aware of their staff’s stress level and proactively reach out to their teams. Fifty-four percent of respondents reported that frequently communicating with their managers about their objectives is a primary method for managing heavy workloads. Managers should be empathetic in their endeavor to understand and address factors contributing to their employees’ high-stress levels.
Senior leaders: Use ongoing education and automation as career levers for your team
Senior leaders should also take an active interest in their team’s career paths, including their ongoing education. Investing in training would help employees develop advanced skills, open up new job opportunities, and enable organizations to deal more effectively with new, emerging threats.
Many cybersecurity professionals are highly educated and value learning. Sixty-six percent cited being self-educated. Ninety-six percent of respondents have a degree or have completed some college. Of those with a degree, 43% hold a master’s degree. Regarding ongoing learning, 34% are participating in continuing education, with 33% using their funds.
Figure 2: A significant number of security staff fund their own education leaving an opportunity for employers to add training as a benefit.
Education and training are also critical, given the increase and importance of automation in cybersecurity. Eighty-eight percent of respondents believe automation would make their jobs easier. Forty percent are currently using artificial intelligence and machine learning. Eighty-six percent believe SOAR technology can help security analysts and SOCs improve SOC response times.
Despite the use of automation and the view that it simplifies cybersecurity work, 47% of respondents also believe it’s a threat to their jobs.
Figure 3: Forty-seven percent of respondents view automation including AI and machine learning as a threat to job security.
Security leaders should reassure staff members that automation improves productivity and outcomes rather than eliminate jobs. Leaders can discuss how automation provides security professionals with an opportunity to transition from lower-valued activities to other high profile, strategic projects. Senior security leaders may also consider partnering with their IT peers to share automation best practices further to alleviate concerns.
Diversity is still low, but remote work provides an opportunity to accelerate change.
Last year, our survey highlighted the lack of diversity in the cybersecurity profession. This year, there’s been some progress as 21% of respondents self-identified as women. However, our survey also revealed that women in most countries are paid less than their male counterparts.
As remote work continues to take hold in most organizations, senior managers have an opportunity to diversify their workforce further by recruiting talent from anywhere in the world. A diverse team can bring creativity and new out-of-the-box ideas to cybersecurity. Studies have shown that diversity is a competitive advantage. Another related study found diverse groups make better decisions 87% of the time. In particular, women carry a high level of emotional IQ and empathy, which aids in facilitating team collaboration. To protect users within an organization, cybersecurity teams should reflect a broader, more diverse workforce to address threats that are continually changing. Fresh ideas, better teaming, and new cybersecurity approaches will yield positive results for the business and professionals.
Download the full 2020 Cybersecurity Professionals Salary, Skills, and Stress Survey report for further insights from your peers.
About the Author
Samantha Humphries has 20 years of experience in cybersecurity, and during this time has held a plethora of roles, one of her favorite titles being Global Threat Response Manager, which definitely sounds more glamorous than it was in reality. She has defined strategy for multiple security products and technologies, helped hundreds of organizations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained many people on security concepts and solutions. In her current role at Exabeam, she has responsibility for EMEA, data lake, compliance, and all things related to the cloud. Samantha authors articles for various security publications, and is a regular speaker and volunteer at industry events, including BSides, IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team Village (DEF CON).