Chevron icon It indicates an expandable section or menu, or sometimes previous / next navigation options. HOMEPAGE

A senior IT recruiter says cybersecurity professionals are in high demand. Here's his advice for breaking into the field without a degree and nabbing a 6-figure job.

stlucia
Alex Kovalenko. Alex Kovalenko

  • IT recruitment specialist Alex Kovalenko said the market is hot for high-paying cybersecurity jobs.
  • The best IT candidates have at least two years of experience — but not necessarily a degree.
  • Kovalenko recommended starting off with penetration testing and getting certified.
  • See more stories on Insider's business page.

Alex Kovalenko, a lead IT recruitment specialist with Kovasys IT Recruitment, said there's a huge demand for IT security professionals right now.

Recent data from the Information Systems Security Association showed a 63% increase in cyberattacks related to COVID-19 as more people work from home.

What's more, Kovalenko, who's worked with clients such as Warner Bros. and Morgan Stanley, said that there's a major shortage of trained IT professionals. While 2.8 million people work in cybersecurity jobs globally, the ISSA reported in 2019, the IT industry would need another 4 million trained workers to properly close the skills gap.

"We have clients reaching out to us trying to hire candidates. However, most experienced cybersecurity professionals are already employed," Kovalenko said.

He added that the Fortune 500 companies he's worked with typically offer $250,000 or more in annual salary, or up to $200 an hour for cybersecurity consultants.

"We see some kids out of universities getting $100-an-hour contract gigs doing pen testing," he said. "Governments and Fortune 500 alike spend billions on cybersecurity, and it will only keep on increasing."

While lucrative, it can be a stressful position. "The company is relying on you to protect their data, their customers, and their finances," he said. "If you are not one step ahead of hackers, your company can get hacked."

No degree required

In terms of how newcomers can find jobs in IT, Kovalenko emphasized that the most important thing is to have at least two years of cybersecurity experience.

"Once you get a certification and some training, you need to find a job with a cybersecurity agency or company," he said. "Your initial base will not be high — probably around $60,000 base — but after two to three years, you will be able to pick and choose jobs with six-figure salaries."

While the required skills vary from company to company, professionals in IT security generally start off as penetration testers — pen testing is an authorized security test of a system by way of a simulated cyberattack — then move into security risk analysis and assessment, Kovalenko said.

He said that candidates don't necessarily need a four-year engineering degree. And he flagged Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Certified Information Security Manager (CISM) as good certifications to check out. Since CISSP is geared more toward management and policy, it can be most useful four to five years into your security career, he added.

Each of these certifications is expected to cost less than a grand. Kovalenko said that a CISSP certification costs about $700, CRISC around $600, and CISM around $750.

To get started as a beginner, Kovalenko recommended Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH), which are geared toward penetration testing and "easy to pick up." OSCP is about an $800 investment, while CEH will set you back about $1,200, Kovalenko said.

"Get certified as quickly as possible, and get experience with a reputable company as quickly as possible — even if that means volunteering there for a few months to prove your skills," he added.

The recruiter worked with a candidate who has an OSCP certification and landed a job close to six figures with that credential and a few years of experience.

"The candidate did have previous networking experience, but never actually did a bachelor's degree or anything like that," Kovalenko said.

To break into the field without a degree, the candidate completed some college courses and got certified in Network+. Then he applied for a job as a junior network administrator with a local cybersecurity firm and passed his OSCP.

"After working there for two years, he got a job through us to work for our government client as an entry-level cybersecurity professional," Kovalenko said.

Cybersecurity Careers

Jump to

  1. Main content
  2. Search
  3. Account