The cybersecurity industry has a longstanding reputation of having a perpetual “Help Wanted” sign on display. While it is true that there remains a need for cybersecurity professionals at many organizations, the reality is more nuanced as we navigate a period in which hiring is slowing, according to ISACA’s State of Cybersecurity research.

“It’s pretty tough,” assessed Jeff Combs, cybersecurity recruiter and career coach, in a recent interview with global digital trust association ISACA. “There are a lot of people in the market and there are fewer roles available. And the practices that companies use to recruit people are not very transparent and are creating a lot of FUD (fear, uncertainty, and doubt) and confusion. That said, everything is cyclical and I’m starting to see signs that things are starting to pick up again, and now is the time to retool and get ready for what’s coming in the next couple of years.”

In a tighter hiring market, it is even more important for candidates to find ways to differentiate themselves and demonstrate they are equipped to be assets to the organization. Here are some strategies that cybersecurity professionals can use to stand out.

One tried-and-true way to differentiate yourself is to achieve industry certifications that are aligned with the specific roles a candidate is pursuing. Earning respected industry credentials is a clear way for jobseekers to demonstrate an investment in their career and a commitment to gaining deep expertise in their domain.

While many certifications test a candidate’s knowledge, others, like the new Certified Cybersecurity Operations Analyst (CCOA) credential from ISACA, also have a hands-on component that validates the technical expertise that is especially in-demand for many organizations. As Combs noted, there is no shortcut to gaining the deep, technical understanding of the systems practitioners are charged with defending.

“If you really are invested in a technical career path, that means you’ve got to dig the foundation, and that means getting dirty and learning those hard skills,” Combs said.

CCOA helps early-career practitioners prove they can evaluate threats, identify vulnerabilities and counteract cyber incidents, and is a useful precursor to more senior-level security credentials such as the Certified Information Security Manager (CISM). CISM is focused on management and is tailored for those looking to develop and manage an enterprise information security program. There are many other options, too, such as credentials that focus on more specialized areas such as ethical hacking and cloud security. Jobseekers should identify which type of security role they are most interested in and research which industry credentials will best validate that they are serious about excelling in that role.

In a tighter hiring market, it is even more important for candidates to find ways to differentiate themselves and demonstrate they are equipped to be assets to the organization.

Additionally, in a job interview, the ability to reference a recent professional development course with an emerging technology focus — and especially learning that ties in with the specific role that the candidate is applying for — can go a long way toward positioning the candidate as somebody who recognizes the importance of keeping pace with the evolving threat landscape.

Some areas to focus on include:

• Artificial Intelligence and Machine Learning: Understanding how AI and ML can be used for cybersecurity applications, like threat detection and response, is becoming increasingly important.
• Blockchain Technology: With its growing use in various sectors, understanding blockchain’s security implications can give professionals an edge.
• Cloud Security: As organizations continue to migrate to the cloud, knowledge in cloud security practices and tools is invaluable.

While achieving certifications and being attuned with emerging tech puts candidates in solid shape when it comes to substance, many strong candidates are overlooked for roles if they are unable to effectively frame why they are the right person for the job. In other words, substance matters, but so does style — or at least presentation. Talent acquisition professionals are stretched thin and often lack the deep subject matter expertise to know exactly what they are looking for in a cybersecurity professional.

It is important for applicants to ensure their résumés, cover letters, and LinkedIn presences accentuate the most valuable skills and experience they have to offer. Career expert Caitlin McGaw recommends creating and highlighting a master list of top projects and accomplishments that align with the role.

“Build your résumé to guide interviewers to ask about the work you really want to tell them about, the experience that sells you for the role,” McGaw writes. “By doing this, you will have brilliantly created — in advance — a path for the interviewer to follow.”

Although the security job environment may not be as favorable for candidates as it was a couple of years ago, there are still opportunities to enter and advance in the profession. The cyber threat landscape remains precarious, and smart organizations know they need robust, well-prepared security teams to safeguard their organization’s data and reputation. By recognizing the value of pertinent industry certifications, becoming knowledgeable about how emerging technology is reshaping the enterprise landscape, and being intentional in how they communicate their qualifications, there are promising paths for professionals to enter and advance in the cybersecurity field.

In this ever-evolving field, staying proactive, adaptable and continuously learning are the keys to standing out and achieving career success in cybersecurity.