With the increase of cybersecurity incidents, the demand for cybersecurity professionals has more than doubled. However, around 3.5 million cybersecurity jobs are likely to go unfilled worldwide between 2021 and 2025. Considering the impact of cybersecurity incidents and the number of open jobs, why is it so difficult to staff cybersecurity professionals?
Dissecting the Scarcity Problem
Simply put, there are not enough qualified professionals to fill all the job requirements. By the end of 2021, it was estimated that there were 1,053,468 employed cybersecurity professionals and 597,767 job openings. Organizations often look for the following cybersecurity roles:
- Cloud Security: Focuses on implementing and managing the security of critical assets in cloud environments
- Security Analysis and Investigation: Focuses on in-depth analysis of threat intelligence artifacts for proactive incident response processes
- Application Security: Focuses on developing and configuring mobile and web application codes using secure coding best practices
- Security Orchestration and Automation: Focuses on leveraging human and machine intelligence to prioritize and drive process standardization for cybersecurity operations
It’s tough to find a suitable candidate with the right combination of skills, certifications, and experience. The practitioners that have the opportunity to uplevel their skills and deploy creative solutions are sought out by other employers. This often leads to talented professionals resigning for other high-paying offers due to the rising demand for skill — leaving organizations struggling to fill available roles due to budget constraints.
Are Employer Expectations Unrealistic?
Although numerous data and stats show the scarcity of skilled workforce in the cybersecurity industry, the hiring process may be the main culprit. Hiring managers and recruiters miss collaborative opportunities to set realistic expectations, understand the technical discipline required, and post job descriptions that are tailored to suitable candidates. Often, organizations don’t consider the skills gained through the personal pursuit and focus on the years of professional experience. Furthermore, organizations prefer candidates with experience over potential.
Repercussions of the Talent Shortage
Open roles affect team members who are already at the organization. As the complexity of the cyberattacks increase, the complexity of deploying, configuring, and managing security solutions increases also. These security solutions create many alerts, and if not tuned properly, will flood teams with false positives.
A team already stretched thin may not be able to handle the influx of alerts and is likely to experience burnout amongst team members. And burned out security practitioners will likely make more mistakes. In this way, organizations suffer at the hands of the very problem they created.
Combating the Cybersecurity Skills Crisis
Today, the cybersecurity skill crisis affects over 57% of organizations. It’s challenging to fill the workforce shortage without organizations changing their hiring strategy. Organizations of any size should look for alternatives. For instance, a cybersecurity team member can provide guidance and help develop a robust cybersecurity program. Hiring managers can focus on assessing aptitude rather than exclusively testing skills. We can offer interested candidates the opportunity to learn and receive mentorship outside of the workplace and we should provide continued education to new team members.
Organizations ready to take major steps toward filling open cybersecurity roles should:
- Encourage cybersecurity education and provide required certification courses to support professionals at all job levels.
- Eliminate pay gaps and provide more flexible working conditions.
- Diversify management and hiring team practices for providing essential guidance to interested candidates.
- Promote and encourage women, minorities, and under-represented groups who have the required qualifications for leadership roles.
- Implement cybersecurity automation to help refocus human efforts and reduce the daily workload.