The cybersecurity profession is undergoing explosive growth. Much of that growth is due to escalating cyber threats, tightening regulatory pressures, and accelerating enterprise digital transformation. The U.S. Bureau of Labor Statistics (BLS) finds employment in computer and information technology occupations, including cybersecurity roles, projected to grow much faster than the average for all occupations (4%) from 2024 to 2034, with information security analysts alone expected to see 29% growth—the fifth-fastest overall.
The growth won't be limited to the U.S. The World Economic Forum's Future of Jobs Report 2025 ranks information security analysts among the top 15 fastest-growing professions globally through 2030, with cybersecurity skills second only to AI in projected Growth.
We've looked at the available data on job growth and created projections based on a synthesis of authoritative sources, including the BLS Occupational Outlook Handbook and the National Science Foundation's (NSF) Cybersecurity Workforce Supply and Demand Report. The projections focus on U.S. data for consistency.
Projected growth rates, annual job openings, and skills shortages measure demand. While roles are ranked by estimated growth potential and current openings, broader IT roles are included where they overlap significantly with cybersecurity responsibilities.
The U.S. salary ranges are based a synthesis of BLS data and open source data such as Glassdoor, PayScale, Robert Half, ZipRecruiter where available. The ranges are based on U.S. national estimates, and may vary based on geographic region:
Job Title: Information Security Analyst
Projected Growth (2024-2034): 29%
Annual Openings (Projected): 16,000
Annual Salary (2024): $88,000-$144,000
Key Responsibilities: Monitor networks for breaches, implement security measures, and respond to incidents; high demand due to rising cyberattacks.
Job Title: Cybersecurity Engineer
Projected Growth (2024-2034): 29% (tied to analysts via BLS IT security category)
Annual Openings (Projected): ~15,000 (subset of analyst openings)
Annual Salary (2024): $74,000-$149,000
Key Responsibilities: Design and build secure systems, including firewalls and encryption, driven by cloud and IoT adoption.
Job Title: Penetration Tester (Ethical Hacker)
Projected Growth (2024-2034): 29% (under security specialists)
Annual Openings (Projected): ~12,000
Annual Salary (2024): $93,000-$136,000
Key Responsibilities: Simulate attacks to identify vulnerabilities; adapt to regulatory mandates such as GDPR/CCPA.
Job Title: Incident Responder
Projected Growth (2024-2034): 25-30% (per CyberSN and ISC2 incident management data)
Annual Openings (Projected): ~10,000
Median Annual Salary (2024): $80,000-$120,000+
Key Responsibilities: Investigate and mitigate breaches in real-time.
Job Title: Security Architect
Projected Growth (2024-2034): 17% (aligned with software developers in secure design)
Annual Openings (Projected): ~8,000
Annual Salary (2024): $110,000-$180,000+
Key Responsibilities: Develop overall security frameworks; essential for AI and zero-trust models.
Job Title: Cloud Security Specialist
Projected Growth (2024-2034): 29% (subset of analysts, per BLS cloud integration)
Annual Openings (Projected): ~7,500
Annual Salary (2024): $146,000-$177,000+
Key Responsibilities: Secure cloud environments (e.g., AWS/Azure).
Job Title: Cybersecurity Consultant
Projected Growth (2024-2034): 29% (advisory roles under analysts)
Annual Openings (Projected): ~6,000
Annual Salary (2024): $100,000-$159,000+
Key Responsibilities: Advise on risk management and compliance; high demand in non-tech sectors such as finance/healthcare.
Job Title: Forensic Analyst (Digital Forensics)
Projected Growth (2024-2034): 29% (investigative subset)
Annual Openings (Projected): ~5,500
Annual Salary (2024): $115,000-$125,000+
Key Responsibilities: Analyze breach evidence for legal proceedings; demand from FBI-reported 860,000+ annual complaints.
Job Title: Security Operations Center (SOC) Analyst
Projected Growth (2024-2034): 25% (monitoring roles per NSF)
Annual Openings (Projected): ~5,000
Annual Salary (2024): $70,000-$100,000+
Key Responsibilities: Oversee 24/7 threat detection; critical for enterprise-scale operations amid skills gaps.
Job Title: Chief Information Security Officer (CISO)
Projected Growth (2024-2034): 15-20% (leadership growth per BLS management)
Annual Openings (Projected): ~4,000
Median Annual Salary (2024): $201,000-$376,000
Key Responsibilities: Lead strategy and policy; rising board-level focus.
These projections account for an estimated 450-500,000 U.S. vacancies according to data from BLS and Lightcast. Entry-level roles like SOC analyst require certifications such as CompTIA Security+, while senior positions demand experience and advanced credentials, such as the CISSP. Cybersecurity skill demand is highest in finance, healthcare, and government, per NSF data. For state-level insights, tools like CyberSeek show supply-demand ratios varying from 50:1 in high-need areas.
Where does AI fit in these roles? As we cover below, AI fits in everywhere.
Follow the skills and job functions more than job titles
The names of cybersecurity job roles may all soon have AI. Still, this emergence of AI-labeled cybersecurity roles reflects a familiar pattern in technology job title evolution that closely mirrors previous mega-trends, such as the trajectory of cloud computing — which is why we didn't include AI in our titles.
Still, as David Marcus, federal senior security technologist and principal engineer at Intel, explained, many professionals are starting to fall behind because they are not highlighting —or even updating —their skills to reflect AI knowledge. "I've watched several people who have lost pen testing jobs simply because they haven't thought through how AI has impacted the profession. Are they an AI pen tester, or do they just need to sell themselves as an AI pen tester to rebrand themselves?
Ultimately, I don't think the jobs are changing. I think how they get categorized may have changed, or will change, based upon what the market or the workforce thinks AI actually is right now," Marcus said. "But what the market thinks AI 'is' will change over time," he said.
Consider the SANS Institute's latest career poster, which showcases 10 AI-focused positions. The SANS poster presents ten emerging roles: AI SOC Orchestrator, AI Offensive Orchestrator, AI Incident Response Orchestrator, AI/ML Security Engineer, AI Ethics & Compliance Officer, AI Security Specialist, AI Governance Lead, Quantum-AI Security Specialist, AI Prompt Engineer (Security), and AI Threat Intelligence Analyst. That's a lot of AI.
These positions emphasize orchestration, governance, and strategic oversight rather than purely technical implementation, suggesting AI is being integrated into existing workflows rather than creating entirely new disciplines. That means it's best to pick a discipline, learn it inside and out, and learn how AI can enhance your work in that discipline.
That's because history suggests these explicit AI designations may be temporary markers rather than permanent fixtures.
The ongoing evolution of cloud computing provides the most instructive parallel for how role titles will likely evolve. During 2005-2015, the industry spawned numerous explicit "cloud" titles, including Cloud Security Engineer, Cloud Architect, Cloud Security Specialist, Cloud Solutions Architect, and Cloud Security Analyst.
However, as cloud adoption matured and "cloud-first" became ubiquitous, these titles began shedding their explicit "cloud" identifiers. Traditional "Cloud Engineers" are increasingly described simply as "Engineers" with cloud expertise assumed. "Cloud Architects" evolved into "Solutions Architects," where cloud knowledge became a baseline requirement.
Cloud titles are dead, long live cloud.
This pattern reflects broader evolution in technology job titles, where explicit identifiers fade as innovations become standard. "Web developers" became simply "developers," "internet specialists" became obsolete as internet literacy became universal, and "mobile app developers" are increasingly called "app developers" as mobile-first development became the norm.
The timeline for AI job title evolution appears to be accelerating compared to previous technology adoptions. Over half of entry-level cybersecurity positions already require AI competencies, suggesting faster normalization than cloud computing experienced. Unlike cloud computing, which involves infrastructure changes, AI tools integrate into existing security workflows relatively quickly, speeding the process.
However, specific AI roles may persist longer due to regulatory complexities. Positions such as AI Ethics & Compliance Officer and AI Governance Lead address unique challenges in AI transparency and compliance that require specialized expertise. The Quantum-AI Security Specialist role represents an emerging specialty that may maintain explicit technology identifiers due to quantum computing's specialized requirements.
Within five to seven years, most AI cybersecurity job titles will likely drop the explicit "AI" prefix as artificial intelligence becomes standard tooling rather than specialized technology. The current proliferation marks a transitional phase in which organizations need specialists to guide AI adoption. Once AI capabilities are embedded in standard cybersecurity tools—much as cloud services became the default infrastructure—the technology identifier will fade from job titles, while enhanced capabilities remain fundamental to the roles themselves.
"What does this all mean for the marketplace right now"? asked Marcus. "Do people get several AI certifications and rebrand their current and primary skill set around being AI-enabled? I think there's a lot to be said for that strategy," he said.
"What does AI mean in the marketplace? Do people get several certs and rebrand their current skill set as AI-enabled? I think there's a lot to that strategy," said Marcus.
