If you’re interested in pursuing a career in information security, Atlanta might serve as the perfect launching pad. Georgia is home to more than 115 information security companies, including several Atlanta-based managed security solutions providers (MSSPs) that are actively adding penetration testers and analysts to their security operations center (SOC) teams. “Cybersecurity is a priority for Atlanta companies,” said Marci McCarthy, CEO and chairman of ISE Talent, a staffing firm that specializes in information security. “The local colleges can’t produce enough graduates to meet demand, so finding the right opportunity often comes down to your experience and the type of role and environment that appeals to you.” Annual pay averages around $110,000, but positions at the high end of the spectrum pay $150,000 to $180,000, with candidates receiving multiple offers, McCarthy added. Here’s what you need to know to pursue a lucrative career in Atlanta’s information security sector.

Hot Subsectors and Roles

Understanding the trends that are driving the various subsectors and hiring needs within the Atlanta information security market can help you decide which career path and company to pursue. For instance, if you're just starting out, a security service provider might be the best place to build up your résumé. Providers are experiencing rapid growth, and expanding their portfolios of cybersecurity services and staff to meet market demand. In the past, most security firms have preferred to hire newbies and train them on their methods and processes, explained Meenaxi Dave, CISSP, CEH, and instructor of certified ethical hacking at Gwinnett Technical College and Kennesaw State University. “Specialized firms provide a good foundation because they use the latest tools and they also provide opportunities to grow and advance,” said Dave, who is also Director of Education for ISSA’s Metro Atlanta Chapter. The environments at these firms are fast-paced, security-focused, and less formal than at a corporate headquarters. However, Dave noted, some firms have recently upped their hiring requirements: they are looking for hands-on experience, so interning is one way to break in, while transitioning from the military or law enforcement is another option. “Not everyone who gets hired for a security role comes from a four-year college,” McCarthy noted. “I recently placed a candidate who had a two-year degree, but she acquired hands-on experience by playing cyber war games through Kennesaw State.” In the corporate world (some 26 members of the Fortune 1000 are headquartered in the Atlanta metro area), more companies are implementing hybrid SOCs by outsourcing monitoring and other tasks to MSSPs, all while handling analysis and level-two and -three response or remediation in-house. The trend is spawning reorganizations and additional opportunities for seasoned analysts and security engineers; some companies are hiring penetration testers and security managers, as well. Cloud security is another hot specialty in corporate environments. Employers are willing to take the gloves off and fight for candidates who have worked with Amazon Web Services (AWS) and/or Google Cloud Platform, or who have experience assessing and managing security risks in Software-as-a-Service (SaaS) or cloud-based applications. There’s also a huge demand for software security assurance analysts to assist development teams with the creation of secure legacy programs, software and mobile apps. You generally need experience with Open Web Application Security Project (OWASP) vulnerabilities and standards and HP Fortify to land one of these jobs, which can pay upwards of $160,000. Of course, you’ll need to meet all the requirements to land an offer. “What corporate employers are looking for is qualified talent,” McCarthy said. “There are a lot of checks and balances in the hiring process; you will definitely need to pass a technical evaluation to land an offer.”

Additional Tips

Adding security certifications to your résumé can absolutely help you get a foot in the door. Dave recommends that you start with the “industry-neutral” CompTIA Security +, then shoot for Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) if you want to pursue a more technical role. The exams for these certifications are difficult and a bit pricey, she admits. However, you can attend free certification training and seminars on the latest tools, such as Wireshark, by joining your local ISSA chapter. Also, you can get free admission to security conferences by volunteering to man the registration desk for a few hours. Given the evolving risks and hiring requirements, security pros will need to recertify via continuing education to keep their careers moving forward in the future.