$100k is not a large salary

Sure, it may sound like a lot if you were born in the 1900s or you are used to working a minimum wage job.

These security career articles and similar marketing all tout "6 figure salaries". 6 figures isn't what it used to be and it's a LONG way to a 7 figure salary. $100k is not enough to be able to afford a house in a place you would actually want to live anymore.

So live somewhere cheap (where there are fewer security jobs) and get a remote job (which limits your options if you are requiring remote). Or live in a metro area where the jobs are but you'll probably never be able to afford a house.

Even in Austin, a popular tech city with a lower cost of living, you need to be making at least $126k/yr.

The median cyber security analyst salary in Texas is $96k.

The above article says, "Many people assume it’s a hard field to break into as it’s a highly specialized, technical role, she explains, but what they don’t realize is you don’t need a bachelor’s degree to land a high-paying job in the field — and once you do, the job security is strong."

I have already addressed the job security (very questionable) but it really is a hard field to break into. There are a lot of people trying to help people get into cybersecurity and make a buck off of them somehow. They tell people they can do it but the fact is that cybersecurity is not an entry level job. People need to go to IT and be a sysadmin or programmer or something for a while first and learn how things work before they can go to security. It really is like being a doctor or a lawyer or something. You need to go intern, be an orderly, be a law clerk, be a paralegal for a few years before getting into those jobs. Similar with security. But people don't like to hear that.

There are a lot of people out there with a certificate or even a degree trying to get a job in cybersecurity. Either the jobs just aren't there or they require people with more experience. I always tell them to get into IT, have a home lab where you build your own network and servers, do personal projects, publish their configs and source code, etc. You really need to learn a programming language to be in security. But that itself is a huge learning curve for most people.

Here's a post from a cybersecurity forum that I follow regularly from someone trying to get a job

Read through the comments. For example, this comment where he says:

"As a hiring manager here is what I can share: - you will be one of more resumes than you can imagine. And some of us actually manually review each one after hr performs a low level filter. My last open analyst position received 700 applications in two weeks."

There is definitely no shortage of candidates. There might be a shortage of experienced candidates in certain niches but I'm skeptical of even that based on what I'm hearing out there.

The number of intrusions we are seeing suggests that there is certainly a need for security people but the willingness to actually hire and pay them (and probably even to listen to them) is definitely lacking.

links