There are many more openings for security systems administrators than qualified applicants. That creates opportunities for IT professionals willing to get the training and certification. Credit: Thinkstock download What it takes to become a security systems administratorCSOWith 1.8 million unfilled global cybersecurity job openings by 2022, according to a recent study by (ISC)2, job hunters can often expect higher-than-average salaries than for similar IT jobs outside the security category. For those who work in IT and want a piece of the security action, there’s hope if you have skills you can leverage and are willing to get the right certifications.Take, for example, the job of security systems administrator. The national median salary for this job is $66,517, according to Glassdoor, compared to $65,273 for a systems administrator.And qualified applicants are hard to find, said Kennet Westby, chief security strategist at Denver-based Coalfire Systems, Inc., who has hired people for this position. “This is a highly recruited and difficult position to fill today,” he said. “Every organization, even if they’re outsourcing a lot of their services to the cloud, have a need for this.”Westby said that educational programs focusing on this specialty are starting to appear, but the solution is to hire someone who was previously a network or systems administrator and has a security background or has completed a security certification program. Another approach, he said, is to focus on specific security platforms and get certification from the vendors. According to Westby, the security systems administrator is responsible for the systems that manage overall security for the organization, including the firewall and authentication and access controls for all servers and platforms. A strong virtualization background also helps. CSO download What it takes to be a security systems administratorCSO “So much of the environment, including the traditional hardware-based firewalls, is migrating to virtualized security tools and platforms,” he said. “And there’s the migration to cloud infrastructure. The security systems administrator needs to have much more experience with setting up and managing cloud security infrastructure.” Related job titles include network security administrator, cloud security administrator, firewall administrator, and security analyst.Large companies and government agencies are all actively recruiting security systems administrators, said Westby. “All our enterprise customers are looking to recruit for this,” he said. “But the biggest employers for this are the service providers. everything from a telco provider to your large cloud services providers and SaaS application providers. They’re putting pressure on the whole market.”As a result, salaries are going up, especially for those with specialized skills. Salaries can reach as high as $120,000 to $140,000 for those who specialize in, say, cloud security.Plus, while some security jobs might be automated, this isn’t one of them, he said. “The layers of security and complexity are just continuing to grow and escalate,” he said.According to Payscale, skills that affect salaries for this position include security risk management, security intrusion detection and network security management.Common certifications that employers look for include Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP). There’s a big shortage of people with those certifications, as well. According to Cyberseek, there are 69,549 people who hold the CISSP certification — but 92,802 open jobs that ask for it. The shortfall is even larger for the CISM certification, with 10,447 people holding it, and 30,549 open jobs asking for it.But degrees or certifications are just part of what it takes to be a security systems administrator, said Dale Meredith, author and cybersecurity trainer at Farmington, Utah-based Pluralsight LLC. “It’s more about changing your mindset,” he said.In IT, the job focus is on making the systems productive and convenient for users. “And from a security perspective, it’s how you make it safe,” he said. “I don’t necessarily care if it’s convenient — I have to protect company assets.”Head to Facebook to leave your comments on this story. Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe