Layoffs largely impacted workers in product management, product development, marketing, sales, and recruiting. One group of employees who were largely left untouched? Those working in cybersecurity roles. 

Cybersecurity layoffs have been “few and far between,” says Dan Walsh, chief information security officer with VillageMD, a primary care company majority-owned by Fortune 500 company Walgreens Boots Alliance. VillageMD is planning an IPO. Some software engineers who have been let go at companies that had abandoned an entire feature or line of software, but there have been fewer layoffs in cybersecurity.

Broadly, the tech “layoffs are dwarfed by the amount of hiring during the pandemic,” Walsh says. Even still, Cybersecurity is still in high demand. “There’s still more jobs open than there are people to fill them.”

“There are just some core and strategic security roles that have to be filled,” Walsh adds.

Challenges for new cybersecurity professionals

Rather than a risk of layoffs, there’s a different challenge at play for cybersecurity workers who are newer to the industry. Amid news of Big Tech layoffs, Walsh—in a LinkedIn post—offered to do mock interviews for cybersecurity workers who were looking for a job. So far, he’s mostly spoken to cybersecurity professionals who are at the beginning of their career or who have made a career switch.

“When you’ve got harder times like that and they’re freezing budgets or they’re asking you to cut back a little bit, you really want to get someone in with [more] experience,” Walsh explains. 

That being said, there are still more cybersecurity positions open than filled, with some projections showing 700,000 open cybersecurity jobs in the U.S. But what gets in the way of entry-level workers entering the field is often that companies haven’t made enough room in their cybersecurity budget.

“Security is always scrambling for resources,” Walsh says. “As a security leader, I would love to eliminate all risk. But the business reality of it is that [hiring talent] is extraordinarily expensive.”

To that end, it’s often easier for companies to hire more seasoned professionals because “security is fundamentally a business of trust,” Walsh explains. 

“Do I want to take a chance on this person when I’m already resource constrained?” Walsh questions. “Sometimes yes, and sometimes no.” 

That being said, Walsh predicts that more early-career cybersecurity jobs will open up later this year because cybersecurity is a big concern during an economic downturn. It’s during these periods that businesses can become more vulnerable to bad actors and more cyber attacks.

For professionals who are looking to break into the industry, Walsh encourages people to start in adjacent roles—like working on an IT desk—to gain relevant experience. What’s more, people can show initiative by doing self-study and even volunteering cybersecurity services to show employers they’ve done the work.

“Security degrees have come on hot and heavy in the past handful of years, but we all started somewhere else,” Walsh says. “Some of us were software engineers, some of us were auditors at the Big Four, others of us started on the help desk or were system administrators. Those are still great ways to get into security.”

Cybersecurity wages

While working a help desk job can be one way to start a path to a cybersecurity job, it only pays about half as much as other roles. Cybersecurity analysts can make more than $80,000, while the same person working on a help desk may only make about $40,000, Walsh explains.

“That’s another obstacle that I think the industry’s going to have to kind-of sort out,” he says. “But if people are willing to do that for a period of time and get a little bit more experience, get closer to the action, that’s the best way.”

Tenured cybersecurity professionals are also on their way to earning even more. When Walsh had his first CISO job with Rally Health, security engineers were making about $120,000. These same engineers today make $180,000 to $200,000 right off the bat, Walsh says. That’s about a 40% increase during the span of six years. 

“The job market is still extremely strong for cyber security professionals,” Walsh says. “I think wages will continue to increase.”