Using the CyberSeek Interactive Map to Develop Your Own Career Roadmap
*Note: This article was originally published by the author on May 27, 2020.
Perhaps you’ve heard of the CyberSeek Interactive Map, but maybe not? For those who are unfamiliar, let’s take a brief moment to dissect and analyze this convenient and free cybersecurity career tool. This is a project that is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under Grant #60NANB15D267. Though I don’t get any kickbacks or anything from promoting this content, it’s only fair to mention that I did help write some of NICE’s material in a volunteer capacity. Their CyberSeek interactive map, however, I had no part in and I think it is a fantastic, practical tool that many new and existing cyber pros would find useful.
The map is designed to show the cyber workforce gaps by each state and cyber career paths in the U.S. It also provides the Bureau of Labor Statistics’ average salary information for each job type. A useful aspect of it is that you can use it to create a career roadmap. For instance, let’s say that I wanted to be a Cybersecurity Engineer which, by the way, happens to be the case. Let’s also hypothetically say that I am currently a penetration tester (also true once upon a time) that is working towards becoming a cybersecurity engineer.
The CyberSeek Interactive Map reveals the top skills requested for a cybersecurity engineer as being: Information Security (valid); Network Security (valid); Linux (valid); Information Systems (valid); Python (good to know, but often not necessary); Cryptography (valid); Project Management (valid); Cisco (valid, among other vendor products); and Authentication (valid). The Top Certifications requested are CISSP (valid, but more for mid-level to senior roles); GIAC (valid); CISM (valid, but more a senior-level role requirement); Security+ (valid, but more so on the entry-level positions); CISA (valid and useful from a security controls selection, testing, assessment perspective).
There are usually cybersecurity engineer positions open in any large metropolitan area. Some are Federal and DoD-affiliated so those will require applicants to be U.S. citizens capable of getting a security clearance from a sponsored company or already possesses one. There are plenty of Information Security Engineer roles available that don’t require security clearances though. The average salary seems a little low in my estimate but try to keep in mind that this figure is a national average and costs of living vary from city to city and state-to-state depending on a number of factors. Since I live in California, I’ll zoom in on the details that pertain specifically to my state to see how accurate they are based on my work experience.
In California, we see that the stats show that there is a supply of qualified cybersecurity workers which is good for qualified candidates. That is what you call a job hunter’s market and it allows job hunters to negotiate higher salaries and benefits because employers don’t have a big pool of qualified candidates to choose from and they want to attract and retain the best talent. It’s safe to say that this won’t always be the case though, which means that qualified candidates should take advantage of the situation while they still can.
Eventually, the tables will turn and employers will gain more leverage once the qualified candidate pool increases. Additionally, it is relevant to point out the top cybersecurity certifications that are requested of cyber job applicants in the state of California: Security+, GIAC, CISSP, CIPP, CISA, and CISM. In my experience, this is also accurate data as with 2 or 3 of these certifications you could land a 6-figure job for life as long as you don’t screw it up.
You’ll also notice that there are 111,644 total employed cyber pros already in the state of California which has a population of approximately 40,000,000 people which calculates as 0.0028% of the total population is cyber pros. This means that unless you’re trying to get a job in San Francisco, Los Angeles, San Diego, or Sacramento, you probably won’t be facing a lot of competition for a particular job.
There is a high concentration of cyber pros in certain geographic regions though such as Silicon Valley (think Apple, Google, Facebook) so you know if you live or relocate there that competition will be a lot more fierce and likely much more qualified. Good luck finding affordable housing in Silicon Valley though… No thanks. We can also sort this data by public or private sector data and even metro areas which are very useful.
By narrowing our search parameters we can now see on a national level where the hot pockets of cyber jobs are in the U.S. I find this to be accurate data from my experience. Most U.S. cyber jobs are located on the West Coast (Seattle, San Francisco, Los Angeles, San Diego, Phoenix) and East Coast (Boston, New York City, D.C., Northern Virginia, Florida) with a smattering of job concentrations in mid-West and Southern states like Colorado, Texas, Kentucky, and Alabama.
Taking all of this data into account, I can then use it to formulate a career roadmap for the particular type of cybersecurity job I want to get in the region I live in or a region I want to relocate to. I know the approximate salary and I can then check what the cost of living is at the new location by using a site such as https://www.bestplaces.net/cost-of-living/ to calculate whether or not the salary will support my needs for housing, where to buy a home or rent an apartment, what type of cyber jobs are in need the most, and even what type of certifications are most requested there. That is a great deal of relevant information that any U.S.-based cyber professional can use to develop a solid career roadmap.
IT Security Certifications & Degrees: Necessary or Not?
*Note: This article was originally published by the author on May 8, 2020.
Digital Forensics Investigator: A Road Few Have Traveled
*Note: This article was originally published by the author on February 10, 2020.
Information Security Engineer: A Road More Frequently Traveled
*Note: This article was originally published by the author on September 23, 2020