The field of cybersecurity is full of opportunities for people of all different backgrounds—but it can often be difficult to decipher what exactly is needed to land an entry-level job. The industry still tends to hire candidates who are tech savvy, but cybersecurity experts are pushing for companies to hire for the non-technical and train for the technical aspects of these roles.
Launch your cybersecurity career for free: This organization is giving away 1 million entry-level certificationsBY Sydney LakeDecember 15, 2022, 3:22 PM
Now there’s a benchmark for entry-level candidates to illustrate an interest in the industry and willingness to learn—and that’s a new online program offered by nonprofit cybersecurity certification organization (ISC)2 called Certified in Cybersecurity. This program, which launched in the spring, helps candidates learn the basics of cybersecurity including security principles, business continuity (BC), disaster recovery (DR) and incident response concepts, access controls concepts, network security, and security operations.
And there’s an enticing incentive for people interested in cybersecurity careers—this new certification is free for the first 1 million people who sign up to complete the online course and certification. In the three months since its inception, the program has registered more than 110,000 candidates. As the world’s largest nonprofit association for certified cybersecurity professionals, (ISC)2 chose to invest in entry-level candidates, although the organization has certification programs for the upper echelons of the industry.
“As we promote hiring for non-technical skills and personality attributes, it [gives] that little extra insurance that allows [employers] to have confidence that this person has demonstrated that they have the capability to understand these core concepts,” Clar Rosso, CEO of (ISC)2, tells Fortune. “Since this workforce gap is this big hairy issue, this is what we’re investing in now.”
Projections from cybersecurity research firms including CyberSeek and Cybersecurity Ventures show that the industry has more than 700,000 unfilled positions in the U.S. Globally, the estimated gap is about 3.4 million.
How to get certified in cybersecurity for free
There are many different ways to enter the cybersecurity industry, according to (ISC)2’s Cybersecurity’s Workforce Study 2022. Nearly half of the people under the age of 30 who enter the cybersecurity workforce are coming from a career outside of IT, the study shows. So this new entry-level certification levels the playing field, allowing those people with less exposure to technical training to learn cybersecurity basics.
“It’s really designed for no-experience people, people who are maybe doing career changes, and also people who are in IT and want to move over to security,” she adds.
To develop the Certified in Cybersecurity program, (ISC)2 went out into the cybersecurity marketplace and interviewed hiring managers to figure out the kinds of skills entry-level cybersecurity workers need to be successful without getting too technical, Rosso says.
There are three pathways candidates can take in the Certified in Cybersecurity program, all of which include cybersecurity training and the exam needed to earn the certificate. Candidates choose whether they’d like to attend live sessions in addition to the self-paced curriculum; this option costs $649. The free pathway includes just one chance to take the certification exam, whereas a $199 option includes two chances to pass the exam.
The course takes 14 hours to complete, and—depending on the learning pathway you chose—will include just self-paced course material or a blend of self-instruction and live courses. There are also pre- and post-course assessments, study sheets, quizzes, and interactive study materials such as flashcards. Students have access to the material for 180 days.
How much entry-level cybersecurity workers can make
The cybersecurity or information security analyst role is a popular job held by entry-level candidates—and it’s also one of the fastest-growing jobs in the U.S. Salaries for cybersecurity or information security analysts range from about $80,000 to $100,000 and the median base salary for this role grew to $102,600 in 2021, according to figures from the U.S. Bureau of Labor Statistics. Information security analysts or cybersecurity analysts with a bachelor’s or master’s degree can earn well into the six-figure range.
True entry-level cybersecurity workers make between $70,000 and $80,000 per year, data from several job recruiting sites shows. That’s about double the average salary for entry-level employees at U.S., which stands at about $40,000, according to Indeed.
Depending on certification and education levels, cybersecurity workers can make pay packages in the $100,000 to $200,000 range, with top leadership—chief information security officers—making between $250,000 and $400,000, Mary McHale, a career advisor for the master’s of information and cybersecurity program (MICS) at the University of California—Berkeley, previously told Fortune.
Certification exam and partnerships with universities
The certification exam takes two hours to complete and includes 100 multiple choice questions. Students must correctly answer 70% of the questions to pass. There are questions about all of the main concepts in the training course including security principles, business continuity, disaster recovery and incident response concepts, access controls concepts, network security, and security operations.
(ISC)2 is also working on developing partnerships with universities to include the certification in their programs. The organization is first planning to work with cybersecurity degree programs, as well as business programs to offer the certificate program.
“We’ve noticed the employers are still hiring for certification, not necessarily degree programs,” Rosso says. “We are just in the very beginning stages of working with universities to help guide them and share with them information we have from industry about what’s important to cover in their programs.”