It’s simple economics: supply and demand.
A seemingly endless supply of new and increasingly more complex cyber-attacks has been driving up the demand for qualified professionals to help defend businesses. But are we prepared to supply these professionals to meet this growing demand? It doesn’t look that way, as 74 percent of respondents to the ESG/ISSA research report say that their firms are being affected by the shortage. This number, by the way, has crept up from 70 percent last year.
Companies from different industries are expected to keep their customers’ data safe and secure, but the growing shortage of qualified cybersecurity professionals is making it difficult to do that. It’s estimated that the number of unfilled cybersecurity positions will grow to a staggering 3.5 million by 2021. We explore why this is and what companies are doing to combat it. Use the menu below to skip to your preferred section:
- Largest Tech Shortage Locations
- Most In-Demand Tech Jobs
- Shortage Causes and Solutions
- Cybersecurity Skills Gap Infographic
Where Are The Largest Shortages?
According to job postings data, the gap between the cybersecurity workforce supply and demand has reached a national average ratio of just over two job postings for every one available cybersecurity professional, with the lowest ratio being in Washington D.C. and the highest being in Indiana.
Washington, D.C., Baltimore, Boston, San Francisco and San Jose are major cities with the highest demand for cybersecurity professionals.
What Jobs Are The Most In-Demand?
There are many specialties underneath the cybersecurity umbrella. The roles with the most postings in 2018 included:
- IT security specialists
- Information security analysts
- Network security engineers
- Security engineers
- Application security engineers
The most in-demand certifications are Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) based on the number of certification holders and the number of job postings requesting each certification. These are all advanced-level certifications.
Causes and Solutions For the Cybersecurity Talent Shortage
By this point, you’re probably wondering why this is even an issue in the first place. What is causing this shortage and why are we seeing such a large turnover of existing cybersecurity professionals?
1. Increasing Number of Attacks
Each company’s security requirements are unique, but many security processes that could be standardized to improve efficiency and response times aren’t. This becomes a serious issue when you consider statistics like the 350 percent annual increase in ransomware attacks, which are becoming increasingly more complex.
Securing an online system from potential attackers is a job that can at least be partially automated. Services such as Varonis Edge and other detection and response services can help lessen the burden on cybersecurity professionals.
2. Lack of Interest from Younger Generations
While millennials have grown up using tech and are interested in computer-related careers, a career in cybersecurity is low on their list. In a recent survey, only 9 percent showed interest in a cybersecurity career.
This is largely because they’ve had little opportunity to learn about the industry and don’t understand what the roles entail. 65 percent reported that their schools never offered courses, so even if they were interested they didn’t have access to learning opportunities.
Millennials could be persuaded to join the industry with more accessible classes or training to see if they enjoyed it, and more information about what the jobs might entail.
3. Not Enough Skilled Defenders
Cybersecurity attacks are constantly evolving and new kinds of attacks are being created quickly. So how can universities and employers keep up?
Universities can create programs that allow students to protect and defend their networks. Texas A&M’s Security Operations Center employs students alongside full-time staff to give them hands-on experience.
Employers can create apprenticeship programs that train entry-level employees properly so they can start their careers strong. Apprenticeships are also known to increase brand loyalty and enhance employee retention, giving employers who implement these programs a leg up in hiring.
Attributes for successful cybersecurity personnel can also be found outside of the IT department in areas such as human resources, finance or military veterans. Research revealed that assessing behavioral skills could be the key to helping HR and security teams join forces to find the right talent for those critical roles within an organization.
To combat the shortage, look beyond technical skills and consider hiring or promoting security professionals that possess the character traits that would make them successful in that position instead.
Additionally, employers can’t rely solely on cybersecurity and IT staff to bear the entirety of the information security workload. Requiring on-the-job cybersecurity training for all employees on how to recognize phishing scams, create strong passwords, use ad blockers and leverage threat detection tools helps to spread the security responsibilities throughout the organization. Only 32 percent of organizations currently provide adequate training in IT security.
4. Burnout and Turnover
Although workplace stress is common in many industries, the pressure put on cybersecurity experts is immense, and this is becoming increasingly true as the stakes are raised due to higher-profile targets.
The problem of burnout and stress in the cybersecurity workplace poses a huge risk to businesses, as 40 percent of surveyed cybersecurity executives cited the skills shortage as a major reason for turnover and burnout.
Employers can combat this phenomenon by creating hospitable, collaborative workplaces and re-investing in their employees’ skills.
Keep your current employees engaged by helping them stay up to date on the latest trends and skill sets through conferences, classes and certifications. 93 percent of employees say that they would stay at a company longer if it invested in their career development.
The gap in available cybersecurity skills isn’t going to start narrowing anytime soon, but it is manageable as long as you handle your budget accordingly. Allocating time, energy and money to properly train existing employees can be just as beneficial as hiring new security professionals, it all depends on your unique situation and business’s goals.