The 2026 Skills Shortage: Why New Zealand Needs More Cybersecurity Analysts
New Zealand faces a cybersecurity workforce crisis. With approximately 3,500 professionals needed to fill the gap and 70% of local businesses reporting that skills shortages are increasing their cyber risk, the opportunity for career changers has never been clearer.
If you've been considering a move into tech but feel overwhelmed by the idea of coding or complex engineering, cybersecurity offers a different path. It's a field where analytical thinking, attention to detail, and a willingness to learn matter more than a computer science degree.
What does the cybersecurity skills shortage actually look like in New Zealand?
The shortage is severe and getting worse. According to Fortinet's 2025 Cybersecurity Skills Gap Report, 92% of businesses in New Zealand and Australia experienced at least one security breach in the past 12 months. The report found that 70% of organisations believe the skills shortage directly increases their cyber risk (businessdesk.co.nz).
The numbers tell a stark story. CERT NZ's Q1 2025 report shows New Zealanders lost $7.8 million to cybercrime in just three months, marking a 14.7% increase from the previous quarter (packetlabs.net). Meanwhile, the National Cyber Security Centre responded to over 1,300 incidents in Q4 2024 alone, with 17 incidents causing losses exceeding $100,000 each (cert.govt.nz).
The shortage extends globally, with nearly 5 million cybersecurity positions unfilled worldwide. For New Zealand specifically, projections indicate the country needs approximately 3,500 new cybersecurity professionals (nucamp.co).
Why is cybersecurity on Immigration New Zealand's skills shortage list?
ICT Security Specialist appears on Immigration New Zealand's Long-Term Skill Shortage List, recognising the critical national need for qualified professionals. This classification makes it easier for skilled overseas workers to obtain work visas and even pathways to permanent residency (skillshortages.immigration.govt.nz).
The government's decision to include cybersecurity on this list reflects broader economic priorities. The tech sector contributes over $23 billion to New Zealand's GDP, and securing digital infrastructure has become essential for everything from banking to healthcare to agriculture.
What salary can cybersecurity analysts expect in New Zealand?
Cybersecurity analysts in New Zealand earn competitive salaries that reflect the demand for their skills. According to SEEK, the average salary for a Cyber Security Analyst ranges between $90,000 and $95,000 (seek.co.nz).
Entry-level positions typically start between $55,000 and $75,000, while professionals with several years of experience can earn upward of $125,000. The trusted salary data platform PayScale reports an average of $80,664 for Cyber Security Analysts in New Zealand, with entry-level professionals earning around $58,555 (payscale.com).
Senior cybersecurity professionals, including Security Architects and Security Managers, regularly command salaries exceeding $170,000. The salary trajectory is steep for those who continue developing their expertise and obtaining advanced certifications.
| Experience Level | Salary Range (NZD) | Typical Roles |
|---|---|---|
| Entry Level 0-2 years |
$55,000 – $75,000 | Junior Security Analyst, SOC Analyst Tier 1, Help Desk Security |
| Mid-Level 2-5 years |
$80,000 – $110,000 | Security Analyst, Incident Response, Security Engineer |
| Senior 5-8 years |
$110,000 – $140,000 | Senior Security Analyst, Penetration Tester, Security Consultant |
| Leadership 8+ years |
$140,000 – $175,000+ | Security Manager, Security Architect, CISO |
Sources: SEEK, PayScale, Glassdoor (2025 data)
Do you need a university degree to work in cybersecurity?
No, you don't necessarily need a degree to start a cybersecurity career. The industry is increasingly shifting toward skills-based hiring, where employers prioritise demonstrated competencies over formal education credentials.
According to the Hays Cyber Security Talent Report, 56% of organisations now access cybersecurity talent by upskilling existing IT staff (securitybrief.co.nz). Nick Baty, Chief Security Advisor at the Ministry of Health New Zealand, emphasises that businesses can look at upskilling people, and employees shouldn't view a lack of technical experience as a barrier.
The industry values candidates who demonstrate a combination of technical knowledge, problem-solving ability, and communication skills. Peter Frochtenicht from NEC Australia notes that when recruiting talent, he looks for someone who is easy to manage and a self-starter. "If a person has a 'can-do' attitude, I know I can work with them and train them up very quickly."
Industry certifications provide a structured way to validate your knowledge and prove your capabilities to employers without committing to years of university study.
What entry-level certifications open doors to cybersecurity careers?
Two certifications stand out as accessible starting points for aspiring cybersecurity professionals: the Microsoft SC-900 and the Cisco Certified Support Technician (CCST) Cybersecurity.
Microsoft SC-900: Security, Compliance, and Identity Fundamentals
The SC-900 certification validates foundational understanding of security, compliance, and identity concepts across Microsoft cloud services. It's designed for anyone interested in Microsoft security solutions, regardless of technical background (learn.microsoft.com).
This certification covers essential concepts including the Zero Trust security model, identity management through Microsoft Entra ID, and compliance solutions across Microsoft 365 and Azure. The exam tests your understanding of how Microsoft security tools protect users and organisations from threats.
The SC-900 is particularly valuable because Microsoft products dominate New Zealand's corporate environment. Understanding how security, compliance, and identity work together in the Microsoft ecosystem makes you immediately useful to employers.
Cisco CCST Cybersecurity
The Cisco Certified Support Technician (CCST) Cybersecurity certification validates entry-level knowledge of security principles, network security, and endpoint protection (cisco.com).
This certification prepares you for entry-level positions such as cybersecurity technician, cybersecurity analyst, and Tier 1 help desk support. The curriculum covers threat intelligence, risk management, and practical skills for protecting organisations from cyber attacks.
The CCST Cybersecurity also serves as a stepping stone to more advanced Cisco certifications, including the CCNA (Cisco Certified Network Associate), which is widely recognised as a gold standard in networking credentials.
Which certification should you choose first?
Consider your career goals and the types of organisations you want to work for. The SC-900 certification focuses on Microsoft's security ecosystem, making it ideal if you're targeting roles in organisations that heavily use Microsoft 365, Azure, or Windows environments. Most New Zealand businesses fall into this category.
The CCST Cybersecurity takes a more network-focused approach, covering how threats move across networks and how to protect endpoints and infrastructure. This certification aligns well with roles that involve monitoring network traffic, responding to incidents, or supporting security operations centres.
Many professionals choose to earn both certifications, creating a comprehensive foundation that covers both the Microsoft environment and broader network security principles. The combined knowledge positions you as a versatile candidate capable of addressing security across multiple layers of an organisation's infrastructure.
| Feature | Microsoft SC-900 | Cisco CCST Cybersecurity |
|---|---|---|
| Focus Area | Microsoft security, compliance, and identity solutions | Network security, threat intelligence, endpoint protection |
| Prerequisites | None required | None required |
| Best For | Roles in Microsoft-heavy environments, compliance-focused positions | Network security roles, SOC analyst positions, incident response |
| Study Time | 4-8 weeks typical | 6-10 weeks typical |
| Next Steps | SC-200, SC-300, AZ-500 | CCNA, CyberOps Associate |
| Key Topics | Zero Trust model, Microsoft Entra ID, Microsoft Defender, compliance solutions | Security principles, network security, vulnerability assessment, endpoint security |
What roles can you pursue with entry-level cybersecurity certifications?
Entry-level certifications open doors to several positions that serve as launching pads for cybersecurity careers.
Junior Security Analyst positions involve monitoring security systems, reviewing alerts, and documenting potential threats. You'll learn how security operations work in practice while contributing to your organisation's defence posture.
Security Operations Centre (SOC) Analyst roles focus on real-time monitoring and incident response. These positions often operate in shifts, providing 24/7 coverage of an organisation's security infrastructure.
IT Support with Security Focus positions combine traditional technical support with security responsibilities. You might help users with password resets and access issues while also identifying potential security concerns.
Compliance and Risk Support roles assist organisations in meeting regulatory requirements and managing security risks. These positions suit people who enjoy documentation, processes, and attention to detail.
Help Desk Security Liaison positions bridge the gap between IT support and the security team. You'll help end users understand security policies while escalating potential incidents to appropriate teams.
How quickly can you transition into cybersecurity?
The timeline depends on your starting point and how intensively you study. Someone with existing IT experience might prepare for an entry-level certification in four to eight weeks of focused study. Complete beginners should plan for three to six months to build foundational knowledge before attempting certification exams.
The key advantage of certification-based entry is speed. Compared to a three-year degree, you can demonstrate verified competency and start applying for roles within months rather than years.
Many successful cybersecurity professionals took non-traditional paths into the field. The Hays research found that technical expertise alone isn't enough. Employers value strong soft skills, analytical thinking, and the ability to communicate security concepts to non-technical colleagues.
What's the career progression like in cybersecurity?
Cybersecurity offers clear advancement paths for those who continue developing their expertise. Entry-level analysts typically progress through several stages over five to ten years.
After gaining experience in entry-level roles, you might move into intermediate positions such as Security Engineer, Penetration Tester, or Incident Response Specialist. These roles involve more hands-on technical work and greater responsibility for security outcomes.
Senior positions include Security Architect, Security Manager, and Chief Information Security Officer (CISO). These roles combine technical expertise with strategic thinking and leadership capabilities.
The salary progression reflects this growth. While entry-level positions start around $55,000 to $75,000, senior cybersecurity professionals can earn well over $170,000. The combination of strong demand and limited supply creates excellent conditions for salary negotiation and career advancement.
How do you get started today?
The cybersecurity skills shortage represents a genuine opportunity for career changers and newcomers. New Zealand needs more professionals, organisations are willing to train motivated candidates, and salaries reward those who build their expertise.
Start by choosing a certification that aligns with your interests and career goals. The Microsoft SC-900 and Cisco CCST Cybersecurity both provide solid foundations without requiring prior technical experience. Commit to consistent study, engage with practice materials, and connect with others on the same journey.
The IT Specialist certification bundle from NZIQ provides comprehensive preparation materials alongside your exam voucher and a retake voucher if needed. This combination of learning resources and exam access gives you everything required to earn an industry-recognised credential.
Explore IT Specialist Certification options and start your cybersecurity journey →