Solving The Cybersecurity Skills Shortage Within Your Organization

As technology evolves and cyberattacks increase so does the gap in the cybersecurity workforce, read on to see tech shortage solutions for your business
Michael Buckbee
3 min read
Last updated September 24, 2021

It’s simple economics: supply and demand.

A seemingly endless supply of new and increasingly more complex cyber-attacks has been driving up the demand for qualified professionals to help defend businesses. But are we prepared to supply these professionals to meet this growing demand? It doesn’t look that way, as 74 percent of respondents to the ESG/ISSA research report say that their firms are being affected by the shortage. This number, by the way, has crept up from 70 percent last year.

Hate computers professionally? Try Cards Against IT.

Companies from different industries are expected to keep their customers’ data safe and secure, but the growing shortage of qualified cybersecurity professionals is making it difficult to do that. It’s estimated that the number of unfilled cybersecurity positions will grow to a staggering 3.5 million by 2021. We explore why this is and what companies are doing to combat it. Use the menu below to skip to your preferred section:

Where Are The Largest Shortages?

According to job postings data, the gap between the cybersecurity workforce supply and demand has reached a national average ratio of just over two job postings for every one available cybersecurity professional, with the lowest ratio being in Washington D.C. and the highest being in Indiana.

Washington, D.C., Baltimore, Boston, San Francisco and San Jose are major cities with the highest demand for cybersecurity professionals.

What Jobs Are The Most In-Demand?

There are many specialties underneath the cybersecurity umbrella. The roles with the most postings in 2018 included:

  • IT security specialists
  • Information security analysts
  • Network security engineers
  • Security engineers
  • Application security engineers

The most in-demand certifications are Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) based on the number of certification holders and the number of job postings requesting each certification. These are all advanced-level certifications.

illustrations of the most In-Demand Cybersecurity Jobs: IT security specialists, Information security analysts Network security engineers Security engineers Application security engineers

Causes and Solutions For the Cybersecurity Talent Shortage

By this point, you’re probably wondering why this is even an issue in the first place. What is causing this shortage and why are we seeing such a large turnover of existing cybersecurity professionals?

1. Increasing Number of Attacks

Each company’s security requirements are unique, but many security processes that could be standardized to improve efficiency and response times aren’t. This becomes a serious issue when you consider statistics like the 350 percent annual increase in ransomware attacks, which are becoming increasingly more complex.

Securing an online system from potential attackers is a job that can at least be partially automated. Services such as Varonis Edge and other detection and response services can help lessen the burden on cybersecurity professionals.

2. Lack of Interest from Younger Generations

While millennials have grown up using tech and are interested in computer-related careers, a career in cybersecurity is low on their list. In a recent survey, only 9 percent showed interest in a cybersecurity career.

This is largely because they’ve had little opportunity to learn about the industry and don’t understand what the roles entail. 65 percent reported that their schools never offered courses, so even if they were interested they didn’t have access to learning opportunities.

Millennials could be persuaded to join the industry with more accessible classes or training to see if they enjoyed it, and more information about what the jobs might entail.

3.  Not Enough Skilled Defenders

Cybersecurity attacks are constantly evolving and new kinds of attacks are being created quickly. So how can universities and employers keep up?

Universities can create programs that allow students to protect and defend their networks. Texas A&M’s Security Operations Center employs students alongside full-time staff to give them hands-on experience.

Employers can create apprenticeship programs that train entry-level employees properly so they can start their careers strong. Apprenticeships are also known to increase brand loyalty and enhance employee retention, giving employers who implement these programs a leg up in hiring.

Attributes for successful cybersecurity personnel can also be found outside of the IT department in areas such as human resources, finance or military veterans. Research revealed that assessing behavioral skills could be the key to helping HR and security teams join forces to find the right talent for those critical roles within an organization.

To combat the shortage, look beyond technical skills and consider hiring or promoting security professionals that possess the character traits that would make them successful in that position instead.

Additionally, employers can’t rely solely on cybersecurity and IT staff to bear the entirety of the information security workload. Requiring on-the-job cybersecurity training for all employees on how to recognize phishing scams, create strong passwords, use ad blockers and leverage threat detection tools helps to spread the security responsibilities throughout the organization. Only 32 percent of organizations currently provide adequate training in IT security.

4. Burnout and Turnover

Although workplace stress is common in many industries, the pressure put on cybersecurity experts is immense, and this is becoming increasingly true as the stakes are raised due to higher-profile targets.

The problem of burnout and stress in the cybersecurity workplace poses a huge risk to businesses, as 40 percent of surveyed cybersecurity executives cited the skills shortage as a major reason for turnover and burnout.

Employers can combat this phenomenon by creating hospitable, collaborative workplaces and re-investing in their employees’ skills.

Keep your current employees engaged by helping them stay up to date on the latest trends and skill sets through conferences, classes and certifications. 93 percent of employees say that they would stay at a company longer if it invested in their career development.

The gap in available cybersecurity skills isn’t going to start narrowing anytime soon, but it is manageable as long as you handle your budget accordingly. Allocating time, energy and money to properly train existing employees can be just as beneficial as hiring new security professionals, it all depends on your unique situation and business’s goals.

cybersecurity skills shortage infographic - written content found in original post - the inforgraphic has illustrations of the US showing job opportunities, a computer screen with an eye on it, people shaking hands

Sources: LinkedIn | Cyber Seek | NY Times | ISSA | Raytheon | PROTECTWISE

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

speed-data:-preparing-for-the-unknown-in-cybersecurity-with-ian-hill
Speed Data: Preparing for the Unknown in Cybersecurity With Ian Hill
Ian Hill, the Director of Information and Cybersecurity for Upp Telecommunications, offers his take on AI and the future of tech, shares his tricks for a good cyber defense, and explains why the best-laid plans of mice and security professionals often go astray.
is-your-company-prepared-for-a-cyber-attack?
Is Your Company Prepared for a Cyber Attack?
Would your company survive a cyber attack? Use our flowchart to see if your business is prepared for cybersecurity threats.
speed-data:-hiring-the-right-cybersecurity-professionals-with-leah-mclean
Speed Data: Hiring the Right Cybersecurity Professionals With Leah McLean
Cofounder of the nonprofit Whole Cyber Human Initiative, Leah McLean, shares her advice for recruiting teams looking for cybersecurity superstars and why it’s so important for women to have representation in tech.
speed-data:-rethinking-traditional-cybersecurity-principles-with-rick-howard
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.