Light Dark
November 6, 2015 By Douglas Bonderud 2 min read

There are more than 200,000 positions available for cybersecurity professionals in organizations across the country, yet many of them sit vacant for months or even years. Part of the problem is a cyber skills gap fueled by millennials’ lack of interest in cyber careers and the emergence of a gender gap, which leaves fewer women exposed to possible careers in technology and without any real access to IT mentors or programs.

According to CSO Online, however, the National Institute of Standards and Technology (NIST) is now funding the creation of a heat map that will show prospective applicants which jobs are open, where they are located and what type of qualifications are required to apply. The hope? That NIST’s map can stoke the fire of potential cyber professionals and encourage them to burn bright where they’re needed most.

Evolving Encouragement

Along with NIST, other government agencies are trying to drum up interest in cybersecurity careers. The NSA, for example, recently held its first annual Day of Cyber, which “enables students to test drive their future by living a day in the life of six NSA cyber leaders.” The idea of an interactive, self-guided experience that raises the profile of science, technology, engineering and math (STEM) careers can only benefit the industry as a whole.

As noted by Bloomberg Business, there’s a burgeoning interest among business school graduates for cyber careers, often from sources outside Silicon Valley. According to the Bloomberg piece, “A handful of B-schools in unlikely regions graduated more students into technology jobs in 2014 than into any other sector.” Why the change?

In large measure, the advancement of cloud and social networking technologies is responsible — students are no longer at a disadvantage if they can’t attend schools in California, New York, Boston or other tech hubs.

Cybersecurity Professionals Fire It Up

The NIST-funded heat map is meant to shine a light on companies across the nation that have available positions for cybersecurity professionals but simply haven’t been able to get the word out. For interested parties, the map provides much-needed choice: Do prospective IT employees prefer to work in areas of high tech concentration or opt for jobs in areas where they’re the only cybersecurity professional for miles in any direction?

The mapping tool, developed by analytics and research firm Burning Glass Technology and IT trade association CompTIA, will also let users break down specific job information to see details such as titles, necessary skills and required degrees, helping ensure they don’t waste their time applying for jobs they don’t have the qualifications to fill.

Despite cybersecurity jobs enjoying a $6,500 salary bump over other IT careers, they take 8 percent longer to fill, according to Burning Glass; companies demanding more specialized skill sets could wait months for a single qualified applicant. With the number of IT jobs doubling over the last few years and post-secondary institutions finally starting to turn out cyber-savvy graduating classes, the next logical step is linking IT pros to suitable positions.

Ideally, NIST’s career heat map should help address the burning need for cyber expertise and help fuel the fire for potential STEM graduates by giving them a sense of the market’s true depth.

 |  |  | 
Douglas Bonderud
Freelance Writer

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature