3.5 Million Unfilled Positions — And Counting

Cybersecurity Ventures projected 3.5 million unfilled cybersecurity jobs globally by 2021. We've hit that number. Right now, organizations across every sector — healthcare, finance, government, retail — are scrambling to hire people who understand how to defend networks, investigate breaches, and build secure systems. If you've been thinking about jobs in computer security, the timing has never been better.

I've spent years watching this talent gap widen. The Colonial Pipeline ransomware attack in May 2021 shut down fuel distribution across the U.S. East Coast. The SolarWinds supply chain compromise rattled federal agencies and Fortune 500 companies. These aren't abstract threats. They're multibillion-dollar disasters that prove one thing: organizations need skilled security professionals yesterday.

This guide breaks down the actual roles available, what they pay, what skills you need, and how to break into the field — even without a traditional computer science degree.

Why Jobs in Computer Security Are Exploding in 2021

The numbers tell the story. According to the FBI's Internet Crime Complaint Center (IC3), reported cybercrime losses exceeded $4.2 billion in 2020 alone. That figure almost certainly understates the real damage since most incidents go unreported.

Ransomware attacks surged 150% in 2020 according to multiple industry reports. The average cost of a data breach hit $3.86 million globally, per IBM's 2020 Cost of a Data Breach Report. Every one of those breaches creates urgency to hire — and every unfilled position makes the next breach more likely.

The shift to remote work during the pandemic blew open new attack surfaces. Organizations suddenly needed people who understood zero trust architecture, endpoint detection, VPN hardening, and cloud security. The demand for computer security professionals didn't just grow. It exploded.

The Roles: What Computer Security Jobs Actually Look Like

"Cybersecurity" is a broad umbrella. Here's what the actual job titles look like, what you'd do every day, and what they pay based on current industry data.

Security Analyst (SOC Analyst)

This is the most common entry point. You sit in a Security Operations Center monitoring alerts, triaging incidents, and escalating threats. Think of it as the emergency room of cybersecurity — you're the first responder.

Typical salary range: $55,000 – $90,000 depending on location and experience. You'll work with SIEM tools like Splunk or QRadar, analyze log data, and investigate phishing attempts and credential theft incidents. If you understand social engineering tactics and can think like a threat actor, you'll stand out.

Penetration Tester

Pen testers get paid to break into systems — legally. You probe networks, applications, and physical security controls to find vulnerabilities before malicious actors do. This role requires deep technical knowledge: networking, scripting, exploit frameworks like Metasploit, and web application testing.

Typical salary range: $80,000 – $130,000. Senior pen testers and red team leads can clear $150,000+. Certifications like OSCP carry serious weight here.

Incident Response Analyst

When a breach happens, you're the one who contains it, investigates the root cause, and coordinates recovery. I've worked incident response engagements where the IR team's speed literally determined whether a company survived or closed its doors.

Typical salary range: $70,000 – $120,000. You'll need strong forensic skills, knowledge of malware analysis, and the ability to stay calm when everything is on fire. Familiarity with frameworks like NIST's Cybersecurity Framework is expected.

Security Engineer

Security engineers build and maintain the defensive infrastructure: firewalls, intrusion detection systems, multi-factor authentication deployments, encryption protocols. You design the architecture that keeps threat actors out.

Typical salary range: $90,000 – $140,000. This role demands hands-on experience with network security tools, cloud platforms (AWS, Azure), and scripting languages like Python or Bash.

Security Awareness and Training Specialist

Here's a role most people overlook. The Verizon 2021 Data Breach Investigations Report found that 85% of breaches involved a human element — phishing, credential misuse, errors. Organizations need people who can design and deliver security awareness programs that actually change employee behavior.

Typical salary range: $65,000 – $100,000. If you're skilled at communication, understand adult learning principles, and have solid technical knowledge, this role lets you make an outsized impact. Platforms like our cybersecurity awareness training course give you a model for what effective programs look like.

Chief Information Security Officer (CISO)

The CISO sits at the executive table. You own the organization's entire security strategy, manage risk, set budgets, and report to the board. This is the pinnacle role for many security professionals.

Typical salary range: $150,000 – $350,000+. Getting here usually requires 10-15 years of progressive experience, strong business acumen, and the ability to translate technical risk into language the C-suite understands.

What Skills Do You Actually Need?

Let me be direct: you don't need a four-year computer science degree to land jobs in computer security. I've hired analysts who came from help desk roles, military backgrounds, and even teaching. What matters is a specific set of skills and the ability to demonstrate them.

Technical Foundations

  • Networking: TCP/IP, DNS, HTTP/S, firewalls, routing. You can't defend what you don't understand.
  • Operating Systems: Windows and Linux administration. Most enterprise environments run both.
  • Scripting: Python, PowerShell, or Bash. Automation separates good analysts from great ones.
  • Security Tools: SIEM platforms, vulnerability scanners (Nessus, Qualys), Wireshark, endpoint detection and response (EDR) tools.

Soft Skills That Separate You From the Stack

  • Written Communication: You'll write incident reports, risk assessments, and policy documents. Clear writing is non-negotiable.
  • Analytical Thinking: Threat actors don't follow playbooks. You need to think creatively about attack paths.
  • Business Context: Understanding how your organization makes money helps you prioritize the right risks.

Understanding the Human Element

Technical skills alone aren't enough. The most effective security professionals understand why people click on phishing emails, how social engineering exploits trust, and what makes a phishing simulation program effective versus performative. Our phishing awareness training for organizations demonstrates how to build this kind of human-centered security program.

How Do I Break Into Computer Security With No Experience?

This is the question I get most often, so here's the honest answer: you build a foundation, prove your skills, and network relentlessly.

Step 1: Get Certified (Strategically)

Certifications aren't magic, but they open doors — especially when you lack professional experience. Here's where to start:

  • CompTIA Security+: The industry standard entry-level certification. Most SOC analyst job postings list it as required or preferred.
  • CompTIA Network+: If your networking knowledge is weak, get this first. Security without networking knowledge is like medicine without anatomy.
  • Certified Ethical Hacker (CEH): Useful if you're targeting penetration testing roles, though OSCP carries more technical credibility.
  • CISSP: Not for beginners — requires five years of experience — but it's the gold standard for mid-to-senior roles.

Step 2: Build a Home Lab

Nothing impresses a hiring manager more than someone who can describe their own security lab. Set up virtual machines, practice with tools like Kali Linux, deploy a vulnerable web app (DVWA or HackTheBox), and document what you learn. Your GitHub or personal blog becomes your portfolio.

Step 3: Leverage Adjacent Experience

Already in IT? You're closer than you think. Help desk, system administration, network engineering — all of these provide foundational knowledge. Volunteer to assist your current organization's security team. Offer to run a phishing simulation. Propose a security awareness training initiative. Show initiative, and the transition becomes natural.

Step 4: Use Government Resources

CISA's career page lists federal cybersecurity roles and resources for building your skills. The CyberCorps Scholarship for Service program pays for education in exchange for government service. NIST's NICE Framework maps cybersecurity work roles, helping you understand exactly which skills each position demands.

The $4.88M Lesson Most Organizations Learn Too Late

IBM's 2020 data shows that breaches caused by compromised credentials cost an average of $4.77 million — and the cost rises with every day an organization takes to detect and contain the incident. The average time to identify and contain a breach was 280 days.

What does this mean for your career? It means the organizations hiring right now aren't doing so because cybersecurity is trendy. They're doing it because the alternative is existential risk. That urgency translates directly into job security, competitive salaries, and rapid advancement for people with the right skills.

Remote Work and the Future of Computer Security Careers

The pandemic permanently changed where security work happens. Many SOC analyst, security engineer, and incident response roles are now fully remote or hybrid. This is good news if you're in a market without a major tech hub — you can work for a company headquartered in San Francisco from anywhere.

Remote work also creates new security challenges, which means new job opportunities. Organizations need professionals who can secure distributed workforces, implement zero trust models, manage cloud security postures, and train remote employees to recognize phishing emails and social engineering attacks.

What Hiring Managers Actually Want to See

I've been on both sides of the interview table. Here's what actually moves candidates to the top of the pile:

  • Demonstrated curiosity: Blog posts, CTF competition results, home lab write-ups, security conference attendance (even virtual). Show me you eat this stuff for breakfast.
  • Specific technical knowledge: Don't say "I know networking." Say "I can analyze a PCAP file in Wireshark and identify C2 traffic patterns."
  • Business awareness: Understand your potential employer's industry, regulatory requirements, and threat landscape. A hospital's security challenges differ wildly from a fintech startup's.
  • Communication skills: Can you explain a buffer overflow to a non-technical executive? Can you write an incident report that's clear, concise, and actionable?

Certifications and degrees check boxes. The items above are what actually get you hired.

Your Next Move Starts Today

The cybersecurity workforce gap isn't closing anytime soon. The threats are accelerating — ransomware, supply chain attacks, credential theft, and social engineering campaigns grow more sophisticated every quarter. Every new breach reinforces the demand for skilled defenders.

Start by building your knowledge base. Our cybersecurity awareness training program gives you a solid grounding in the threats and concepts that every security professional needs to understand. If you want to specialize in the human side of security, our organizational phishing awareness training shows you how real-world programs are built and delivered.

Then get certified, build your lab, and start networking with the security community. The jobs in computer security are there. Over 3.5 million of them. The only question is whether you'll be ready when opportunity knocks.