As more organizations hire information security professionals to help protect their data from breaches, demand for these roles has far outpaced the supply of skilled talent. With the cyber security industry estimated to grow from $75 billion in 2015 to $170 billion by 2020, the gap will continue to widen.
Globally, there are more than 1 million unfilled security jobs. In the United States, more than 200,000 cyber security jobs aren’t filled and the number of job postings has grown by 74 percent over five years.
The median U.S. wage for information security analysts — an entry-level position — was $90,120 in 2015. By comparison, the median pay of a computer and network systems administrator was $77,810.
Many security professionals earn six-figure incomes. Cyber security engineers earn an average of $170,000 and the average pay for the top-earning category of lead software security engineers is $233,333. Chief Information Security Officers (CISOs) can expect to earn an average of $204,000.
Employers are looking for highly educated and experienced candidates. About three-quarters of job postings require a bachelor’s degree and about a third call for a certification. Continuing education is not only necessary to keep up with the latest threats, trends, and technology, but also for career progression.
Below is a list of online educational resources that can help you take your cybersecurity career to the next level.
Online Resources for Cyber Security Training
Lists close to 200 courses — some under an hour long and some that are at least nine hours — in the areas that include penetration testing, digital forensics, and security auditing.
Individual membership costs $29 per month or $299 per year and includes knowledge-assessment tests, one-on-one mentoring, and other specialty areas such as IT and software development.
Offers free online classes on topics such as penetration testing, ethical hacking, malware analysis, and reverse engineering. They also offer preparation courses for industry certifications such as CISSP (Certified Information Systems Security Professional) and CompTIA Security+.
SANS is a cooperative and research nonprofit that is considered a leading training institution in security. In addition to classroom-based training, it offers more than 30 courses online.
Training topics range from mobile device security, network penetration testing and intrusion detection, to forensics and IT security planning.
NICCS’ training catalog is a comprehensive resource of courses available across the U.S. from hundreds of providers, including both classroom-based and online. You can search for courses based on location, subject, proficiency level, and delivery method.
A simple application is required in order to validate that the student has the right experience for the program. Tuition is $495 per class.
(ISC)2 offers online course for those seeking CISSP certification. This certification is focused on the operations side of security and is recommended for security practitioners such as analysts, system architects/engineers, network security professionals, etc.
Areas covered by the only course include security and risk management, communications and network security, security assessment and testing, and risk management, among others. Cost for the on-demand seminar is $2,495. CISSP certified professionals report getting a pay increase within a year of as much as 25 percent, and an average salary as a CISSP of $117,030.
Security professionals who have cloud computing knowledge and experience are in high demand. Entry-level salaries for someone with a graduate degree and cloud background can be as high as $125,000 per year and climb over $300,000 within five years. The Certified Cloud Security Professional credential from (ISC)2 is widely recognized in the industry.
This on-demand course from (ISC)2 helps prepare you to take the CCSP exam. The self-paced content includes nearly 30 hours of video instruction as well as post-instruction assessments.
Course graduates will be able to do things like identify principles of cloud-based systems, evaluate and implement security controls, and conduct risk assessments. Cost of the training is $495.
Offers nearly a hundred courses and boot camps for certifications as well as topics like information assurance, security coding, and virtualization, with both online and offline options. The institute has trained some of the leading technology companies like Microsoft and Symantec.
CMU’s Software Engineering Institute has several self-paced online courses, including big data architecture and technologies, and information security risk assessment using the OCTAVE (operationally critical threat, asset and vulnerability evaluation) approach.
Delivers an education platform that offers free and low-cost courses from more than a hundred universities around the world (including Ivy League schools) and other partners such as IBM. Course materials include videos and reading, and some classes have a peer evaluation option.
Some information security classes include: cryptography (created by Stanford, includes optional certificate for $79), a six-course cloud-computing specialization (taught through University of Illinois Urbana-Champaign), and cyber security and mobility, designed for those who want to move into a management role in mobility (part of a four-course specialization in developing a cyber security program for your business, offered through the University System of Georgia).
Part of U.S. Department of Homeland Security, the Industrial Control Systems Cyber Emergency Response Team focuses on critical infrastructure, which extends to industries such as healthcare, financial services, and information technology.
ICS-CERT classes generally focus on control systems but some extend into broader topic areas. For example, Operational Security for Control Systems provides an overview of operational security, which “crosses all fields and environments and even extends to your private life.”
A Cloud Security Alliance Survey found that incident response management is a skill that’s becoming more important. This free 10-hour course on cyber incident analysis and response is part of FEMA training and is geared toward emergency services providers such as those in healthcare.
It covers “incident analysis tools and techniques that support dynamic vulnerability analysis and elimination, intrusion detection, attack protection and network/resources repair” and uses real-world scenarios.