Security engineers are the builders in cybersecurity, constructing not only technical solutions but also systems, such as those for access control, or processes, such as plans for incident response. They often focus narrowly on specific technologies, such as networks or architecture, or tasks, such as threat modeling, software or hardware testing, or dealing with network intrusions.
Because of this, security engineers are paid handsomely, with an average salary in the US at US$127,094. Despite the lucrative pay, there is still a massive gap: The US Bureau of Labor Statistics estimates that there will be a 33% growth in the field by 2033.
ISC2 postulates that the demand for security engineers is high because they provide immediate benefits. Because they have a hands-on role in shoring the organization’s cyber defenses, they are a high priority for any team. They prevent data breaches, ransomware attacks, and other intrusions that have high direct and indirect costs, like reputational damage and lost productivity, making them well worth their high salaries. Crucially, they minimize opportunity costs, enabling organizations to focus on strategic plans rather than resource-draining and distracting breaches or hacks.
Relevant certs
1. Cloud computing security
Hiring manager preference: 36%
Non-hiring manager preference: 48%
According to Gartner, cloud computing is the fastest-growing technology market, and with businesses investing so much into the cloud, it should be no surprise that cloud security ranks as the most in-demand skill, according to ISC2’s survey. This skill area retained its top position from 2023, suggesting relative stability for security professionals who want to develop this ability.
By ISC2’s definition, cloud security comprises three areas: cloud platform and infrastructure security, cloud data security, and cloud architecture and design. These skills matter to organizations because they are responsibilities enterprises share with all major providers, such as Azure, Amazon Web Services, and Google Cloud Platform.
While the definition and scope of shared responsibility differs slightly between providers, the overall relationship is the same. The cloud provider secures the data centers, servers, and virtualization layer, and the customer must secure everything built on that foundation, including applications, data, and access management. There is a similar division of responsibilities for platform-as-a-service (PaaS) and software-as-a-service (SaaS) as well.
With cloud resources now the top target for cyberattacks in 2024 — cloud management infrastructure at 26%, cloud storage at 30%, and SaaS applications at 31%, per Thales — enterprises would be wise to prioritize protecting their properties in the cloud. Hiring managers and non-hiring managers agree, with both placing cloud security skills atop their lists.
Relevant certifications
See also:
