There are roughly 500,000 unfilled cybersecurity positions in the United States right now. That number comes directly from CyberSeek, a project supported by NIST and the National Initiative for Cybersecurity Education. Half a million openings — and the gap keeps widening. If you've been searching for jobs in computer security, you're looking at one of the few career fields where demand genuinely outstrips supply, salaries keep climbing, and employers are increasingly willing to hire based on skills rather than diplomas.

I've spent years in this industry, watched it evolve from a niche IT function into a boardroom priority. I've hired analysts, mentored career-changers, and seen people break in from backgrounds you wouldn't expect — teaching, law enforcement, restaurant management. Here's my honest breakdown of what the computer security job market actually looks like in 2024, what roles exist, what they pay, and exactly how to position yourself.

Why Jobs in Computer Security Are Exploding

The simplest explanation: every organization now runs on data, and threat actors want that data. The FBI's 2023 Internet Crime Complaint Center (IC3) report logged over $12.5 billion in reported losses — a 22% jump from 2022. Ransomware attacks hit critical infrastructure. Business email compromise still drains millions from companies every month. Credential theft fuels it all.

Every one of those attacks creates demand for defenders. When the Colonial Pipeline attack shut down fuel distribution across the eastern U.S. in 2021, it didn't just make headlines — it triggered a sustained wave of hiring across energy, healthcare, and government. That wave hasn't slowed. In 2024, the Verizon Data Breach Investigations Report confirmed that the human element remains involved in roughly 68% of breaches, which means organizations need people — not just tools.

The Workforce Gap Is Your Advantage

Most industries have more applicants than openings. Cybersecurity has the opposite problem. The (ISC)² 2023 Cybersecurity Workforce Study estimated the global cybersecurity workforce gap at nearly 4 million professionals. Companies are lowering degree requirements, investing in training pipelines, and creating apprenticeship programs they never would have considered five years ago.

If you're looking to switch careers, this is the window. It won't stay this wide open forever.

The Actual Roles: What Jobs in Computer Security Look Like

"Cybersecurity" is a broad label. The day-to-day work varies dramatically depending on the role. Here are the positions I see hired for most frequently, with realistic 2024 salary ranges based on data from the U.S. Bureau of Labor Statistics and industry surveys.

Security Analyst (SOC Analyst)

This is the most common entry point. You monitor alerts, triage incidents, investigate suspicious activity, and escalate real threats. It's shift work at many organizations, especially in a Security Operations Center. Expect to spend time in SIEM tools, reading logs, and chasing false positives.

Salary range: $60,000–$95,000. SOC Tier 1 roles sit at the lower end; Tier 2/3 analysts with incident response experience push higher.

Penetration Tester / Ethical Hacker

You break into systems — legally — to find vulnerabilities before threat actors do. Pen testers write detailed reports showing organizations where they're exposed. This role requires deep technical skill: networking, scripting, web application exploitation, and social engineering techniques.

Salary range: $85,000–$140,000. Senior pen testers and red team leads can exceed $160,000.

Security Engineer

Security engineers build and maintain defensive infrastructure. Firewalls, intrusion detection systems, endpoint protection, multi-factor authentication implementations, zero trust architecture — that's your world. You design security into systems rather than bolt it on after the fact.

Salary range: $100,000–$155,000. Cloud security engineers with AWS or Azure expertise command premiums.

GRC Analyst (Governance, Risk, and Compliance)

Not every security role is technical. GRC analysts map organizational practices to frameworks like NIST CSF, ISO 27001, or HIPAA requirements. You conduct risk assessments, manage audit evidence, and write policies. If you have a background in law, auditing, or project management, this is a natural fit.

Salary range: $70,000–$120,000.

Incident Responder / Digital Forensics

When a data breach happens, incident responders contain the damage, preserve evidence, and figure out what happened. Forensics specialists dig into disk images, memory dumps, and network captures. This is high-pressure, high-reward work.

Salary range: $90,000–$145,000.

Security Awareness and Training Specialist

Given that human error drives the majority of breaches, organizations increasingly hire people to build and run security awareness programs. You design phishing simulations, develop training content, measure behavior change, and report results to leadership. This role blends communication skills with security knowledge.

Salary range: $65,000–$105,000.

What Skills Do You Actually Need?

Forget the job postings that demand 10 certifications and 5 years of experience for an entry-level role. Here's what actually matters, broken down by category.

Technical Foundations

  • Networking: TCP/IP, DNS, HTTP/S, subnetting. You cannot defend what you don't understand.
  • Operating systems: Solid comfort with both Windows and Linux. Most security tools run on Linux. Most targets run Windows.
  • Scripting: Python and Bash at minimum. PowerShell if you're going the Windows/Active Directory route.
  • Security concepts: Encryption, authentication, access control, the CIA triad, common attack frameworks like MITRE ATT&CK.

Soft Skills That Actually Get You Hired

  • Written communication: Every security role involves writing — incident reports, policy documents, executive summaries. Clear writing is a career multiplier.
  • Analytical thinking: Security work is puzzle-solving under pressure. You need to connect dots across noisy data.
  • Curiosity: Threat actors evolve constantly. The people who thrive in this field are the ones who genuinely enjoy learning how things break.

Certifications Worth Your Time

I recommend a focused approach. Don't collect certifications for the sake of it.

  • CompTIA Security+: The standard entry-level cert. It's a DoD 8570 baseline and widely recognized by employers. Start here.
  • CompTIA CySA+: A strong next step for analyst roles. More hands-on and practical than Security+.
  • Certified Ethical Hacker (CEH) or OSCP: For pen testing. OSCP carries significantly more weight in hiring because it's a practical exam.
  • CISSP: For experienced professionals moving into management or architecture. Don't pursue this first — it requires five years of experience.

How to Break Into Computer Security Without a Degree

I've hired people without degrees. Plenty of hiring managers in this field have. Here's the path I've seen work repeatedly.

Step 1: Build a Knowledge Base

Start with structured cybersecurity awareness training to build your foundational understanding of threats, social engineering, and defensive strategies. Understanding what end users face — phishing, pretexting, credential theft — gives you context that purely technical people often lack.

Step 2: Get Hands-On in a Lab

Set up a home lab. Use VirtualBox or VMware to run vulnerable machines like DVWA, Metasploitable, or HackTheBox. Document what you do. Write it up like a professional report. This becomes your portfolio.

Step 3: Earn Security+

Study for two to three months. Pass it. This single certification opens doors to entry-level SOC analyst and IT security roles that were previously filtered out by automated hiring systems.

Step 4: Contribute and Network

Join local ISSA or OWASP chapters. Attend BSides conferences — they're affordable and practical. Contribute to open-source security projects on GitHub. Write about what you're learning. Visibility matters in a field where hiring managers actively look for passion.

Step 5: Target the Right Roles

Don't aim for "Senior Security Engineer" on day one. Target SOC Analyst Tier 1, IT Security Administrator, or Junior GRC Analyst positions. Managed Security Service Providers (MSSPs) hire aggressively and offer exposure to dozens of environments.

What Does a Computer Security Job Actually Pay?

According to the U.S. Bureau of Labor Statistics, the median annual wage for information security analysts was $112,000 in 2023. The top 10% earned over $174,000. The field is projected to grow 32% through 2032 — roughly six times faster than the average for all occupations.

But salary depends heavily on specialization, geography, and clearance status. A security analyst in Des Moines earns less than one in D.C. A cleared penetration tester with TS/SCI access can command $180,000+ easily. Remote work has leveled the playing field somewhat, but clearance-required roles still tie you to specific metro areas.

The Role Security Training Plays in Your Career

Here's something I tell every aspiring security professional: learn to see the human side of cybersecurity. The Verizon DBIR consistently shows that phishing and social engineering are the top initial access vectors. If you understand how these attacks work at a granular level, you become more effective in every security role — analyst, engineer, pen tester, or manager.

Running phishing awareness training for organizations teaches you how real attacks succeed and why users fall for them. That experience is directly transferable to threat detection, incident response, and security architecture. I've seen analysts who ran phishing simulations catch real business email compromise attacks faster because they recognized the patterns.

Why Employers Value Security Awareness Experience

Organizations increasingly treat security awareness as a measurable program, not an annual checkbox. They need people who can design campaigns, interpret click-rate data, customize training to different departments, and present results to executives. If you can do that, you're filling a role that most technical security professionals avoid — and that makes you valuable.

What Are the Best Entry-Level Jobs in Computer Security?

If you're searching specifically for where to start, these five roles offer the best combination of availability, learning potential, and upward mobility:

  1. SOC Analyst (Tier 1): Highest volume of openings. Teaches you alert triage, log analysis, and incident workflow.
  2. IT Security Administrator: Blends traditional sysadmin work with security — managing firewalls, patching systems, configuring MFA.
  3. Junior Penetration Tester: Harder to land without experience, but available at MSSPs and boutique consulting firms.
  4. GRC/Compliance Analyst: Ideal for career changers with business, legal, or audit backgrounds.
  5. Security Awareness Coordinator: Perfect if you have training, communications, or HR experience and want to pivot into security.

Each of these feeds into higher-level roles. A SOC Tier 1 analyst who performs well can move to Tier 2 within 12–18 months, then into incident response or threat hunting. A GRC analyst can progress into risk management or CISO advisory.

Three Mistakes That Stall Security Careers

1. Chasing Certifications Without Building Skills

I've reviewed resumes with six certifications and zero practical experience. Certifications open doors. Skills keep you employed. Balance both. Every certification you earn should be paired with lab work or project experience that demonstrates you can actually do the job.

2. Ignoring the Business Side

Security exists to protect business operations. If you can't explain a vulnerability in terms of business risk — revenue impact, regulatory exposure, customer trust — you'll plateau. Learn to speak the language of the people who sign budgets.

3. Waiting Until You're "Ready"

You will never feel ready. Apply when you meet 60-70% of a job posting's requirements. The cybersecurity workforce gap means employers are more flexible than their postings suggest. I've watched people talk themselves out of roles they were qualified for because they fixated on one bullet point they couldn't check off.

Your Next Move

The jobs in computer security aren't theoretical — they're open right now, at organizations scrambling to fill them. The barrier to entry is lower than most people think, especially if you're willing to learn aggressively and demonstrate your skills through hands-on work.

Start by building your security knowledge with structured cybersecurity awareness training. Understand the threats from the ground up. Set up a lab. Earn Security+. Then start applying — even before you feel ready.

Explore phishing simulation and awareness training to understand the human attack surface that drives the majority of breaches. That knowledge sets you apart from candidates who only know tools and never learned why those tools exist.

The gap is real. The salaries are real. The only question is whether you'll move on it — or keep researching until someone else does. Check the CISA careers page if you're interested in public sector security roles, and start building your path today.