In a recent revelation, new data from the International Information System Security Certification Consortium (ISC2) has shed light on the exciting developments in the cybersecurity realm. Picture this: In 2022, a staggering 700,000 cybersecurity professionals stormed the labor force, igniting a 25% surge from the previous year’s payroll numbers. But hold on tight because the adventure doesn’t end there.
To meet the ever-growing security requirements and staffing needs, the field yearns for an audacious growth spurt of 89% globally. Yes, you heard it right! The demand for cybersecurity talent is soaring sky-high, craving bright and innovative minds like never before.
What is the reason for the cybersecurity talent gap?
Amidst the quest to bridge the cybersecurity talent gap, examining the tumultuous happenings within the marketplace is crucial. Why does this considerable gap persist? Is it due to a demand that surpasses the supply of passionate individuals seeking to embark on a cybersecurity journey? Or could it be attributed to inadequate training for the available talent? Perhaps companies are yet to comprehend their cybersecurity needs fully.
In the intriguing landscape of information security, recent events illuminate the urgency of our current predicament. March 2023 witnessed three significant data breaches reverberating through the industry, impacting notable entities like Latitude Financial, Go Anywhere, and AT&T. Among these incidents, Latitude Financial fell victim to the most significant data breach of that month, sending shockwaves through the cybersecurity realm.
With over 14 million compromised records, the breach at Latitude Financial proved to be a significant blow. Cybercriminals infiltrated their systems, gaining access to a wide range of sensitive data. Shockingly, nearly 8 million driver’s licenses, 53,000 passport numbers, dozens of monthly financial statements, and an additional 6 million records dating back to “at least 2005” were exposed. The source of this attack remains elusive, compelling investigators to delve into the depths of this enigma.
Another Part of the Problem: Recruiters’ Traditional Approach.
Over the past year, we’ve been monitoring job postings on the web or social media, especially those looking to hire for entry-level positions, such as cybersecurity analysts. Many of them, though not all, have requirements far beyond the possibilities of someone just starting their career. Among the most common job requirements are candidates with a bachelor’s degree, several years of experience, and knowledge of advanced cyber skills. In practice, however, a cybersecurity analyst or Jr. Engineer should have skills and knowledge of operating systems, hacking processes, computer scripts, diverse systems, and network administration.
Most industries have figured out the background requirements for their entry-level jobs. Most career paths have entry-level requirements of one or two years of experience that can be traded for specific educational accomplishments. But in cybersecurity, we know many wondering why there truly is no such thing as an entry-level job. Perhaps we need to rethink this model.
Here is a typical job posting for an entry-level cyber analyst.
How does someone get experience with policies, penetration testing, vulnerability scans, etc., in a corporate environment if that experience is necessary to get your foot in the door in the first place?
Additionally, cybersecurity has witnessed a remarkable shift in recent years, challenging traditional notions and paving the way for a more inclusive and diverse workforce. For example, while a bachelor’s degree can certainly provide a strong foundation for a cybersecurity career, it is no longer considered an absolute requirement to enter the field. Here’s why:
- Evolving Skillset: Cybersecurity is a dynamic and ever-evolving field that demands diverse skills. While formal education can provide valuable knowledge, the industry recognizes the importance of practical, hands-on experience and specialized certifications. Employers now emphasize an individual’s skills, aptitude, and ability to address cybersecurity challenges.
- Rapidly Changing Landscape: The cybersecurity landscape continuously evolves, with new technologies, threats, and techniques emerging rapidly. The industry needs an adaptable, agile workforce. As a result, many employers are open to considering candidates who have gained relevant skills through alternative paths such as self-study, online courses, boot camps, or practical experience in related fields.
- Skill-Based Roles: The cybersecurity field comprises various specialized roles with unique skill requirements. Some positions may require expertise in areas like network security, penetration testing, incident response, or security analysis. Acquiring specific skills and certifications relevant to the desired role could be more valuable than a generalized bachelor’s degree.
- Diversity and Inclusion: Recognizing that talent can come from various backgrounds, the cybersecurity industry actively strives to promote diversity and inclusion. By removing strict degree requirements, organizations can tap into a more diverse pool of talent, including individuals who may have acquired relevant skills through non-traditional paths or have transferable expertise from other disciplines.
- Continuous Learning Culture: Cybersecurity professionals must possess a lifelong learning mindset to keep pace with the rapidly evolving threats and technologies. This emphasis on constant learning means that individuals can continually develop their skills and knowledge, regardless of their initial educational background.
While a bachelor’s degree can still be beneficial and advantageous for specific career paths within cybersecurity, it is no longer an insurmountable barrier to entry. The industry values practical skills, relevant certifications, passion, and a commitment to ongoing learning. By embracing diverse pathways, we can foster a vibrant and inclusive cybersecurity workforce that effectively tackles the challenges of our digital era.
As an industry, we need to understand better what skills are required and how to hire for those skill needs. Like other sectors, we need to train from the ground up and prepare our employees for more complicated job functions later in their careers. Suppose we don’t give cyber professionals time to grow into their jobs. In that case, we will continue to be staffed with individuals unprepared for pending attacks and simply insufficient people in the cybersecurity workforce.
There is little doubt that we must collectively dig deeper into organizational and industry needs and better understand what skills a person has to have to succeed in an entry-level job. Then those jobs follow as their skills and experience expand. Is it possible that job postings like the above should be different?
As cybersecurity practitioners and trainers, we need to help create more realistic expectations and more effective training programs and better understand cyber threats and how we combat them. We need to know what our needs are so that we can close the talent gap in a faster and more effective way. We believe diversity is key.
Diversity: Key to Close the Cybersecurity Talent Gap.
As cybersecurity practitioners and trainers, we have a vital role in bridging the cybersecurity talent gap and fostering a more inclusive workforce. To accomplish this, embracing the importance of diversity in cybersecurity is crucial. Here’s how diversity can help close the talent gap:
- Diverse Perspectives and Problem-Solving: Diversity brings together individuals with unique backgrounds, experiences, and perspectives. We gain access to a broader range of ideas and problem-solving approaches by fostering diversity within the cybersecurity field. Diverse teams can offer fresh insights and innovative solutions to combat cyber threats, leading to more effective cybersecurity practices.
- Enhanced Creativity and Innovation: Different perspectives encourage out-of-the-box thinking, enabling cybersecurity professionals to devise novel strategies and defenses. By promoting diversity, we unlock a wealth of untapped potential, fueling innovation within the field.
- Expanded Talent Pool: Embracing diversity allows us to tap into a wider talent pool. By removing barriers and biases, we attract individuals from diverse backgrounds, cultures, and skill sets. This expands the pool of potential cybersecurity professionals, helping to address the talent shortage and close the gap more efficiently.
- Representation and Inclusivity: Building a diverse cybersecurity workforce allows underrepresented groups, such as women, racial and ethnic minorities, and individuals from marginalized communities, to contribute their unique skills and perspectives. This promotes equality and ensures that cybersecurity initiatives consider the needs and concerns of diverse user populations.
- Cultural Competence and Global Reach: Cybersecurity is a global concern, and having a diverse workforce enables organizations to understand better and address the unique challenges faced by different regions and cultures. By embracing diversity, we foster cultural competence and establish connections with diverse communities, enhancing our ability to protect digital infrastructures worldwide.
By recognizing the importance of diversity and actively promoting it within the cybersecurity field, we can attract a broader range of talent, foster innovation, and create a more inclusive and resilient cybersecurity ecosystem. Let us champion diversity as a key driver in closing the talent gap and fortifying our defenses against evolving cyber threats.
In conclusion, the time has come for introspection and action. We cannot afford to persist with that traditional recruiting model as cybersecurity demands continue to outpace our existing talent pool. The path ahead may be uncertain, but we are determined to contribute to the solution. It’s time to confront the challenges head-on and embrace a new approach. Together, we will seek innovative strategies and reshape the landscape of cybersecurity talent to meet the ever-growing demands.
Webinar “The Cybersecurity Talent Gap: Opportunities & Obstacles for Service Providers.”
We’re thrilled to partner with Media Sonar Technologies to discuss the opportunities and challenges that lie ahead for Service Providers in the cybersecurity landscape.
Discover how Managed Service Providers (MSPs) can leverage the talent gap to their advantage and strengthen their cybersecurity posture. Mark your calendar and secure your spot now.
Why is there a talent shortage in cyber security?
There are several reasons for the talent shortage in cyber security, such as:
- The rapidly evolving and complex nature of cyber threats and technologies, which require diverse and specialized skills that are not easily acquired or taught.
- The inadequate training and education opportunities for the existing and potential talent pool, especially in developing regions and underrepresented groups.
- The unrealistic and rigid expectations of employers and recruiters, who often demand a bachelor’s degree, several years of experience, and advanced cyber skills for entry-level positions, creating a mismatch between supply and demand.
- The lack of diversity and inclusion within the cyber security field, which limits the access and representation of women, racial and ethnic minorities, and individuals from marginalized communities.
What is the strategy for addressing the it cyber security skills gap?
There is no single strategy for addressing the it cyber security skills gap, but rather a combination of approaches that involve various stakeholders, such as:
- Industry: Cyber security employers and recruiters need to adopt more flexible and realistic hiring criteria, recognize alternative pathways to enter the field, such as certifications, boot camps, or self-study, and invest in training and retaining their existing workforce.
- Academia: Educational institutions need to update their curricula to reflect the current and future needs of the cyber security field, offer more practical and hands-on learning opportunities, and collaborate with industry partners to provide mentorship, internships, and career guidance.
- Government: Policymakers need to support initiatives that increase the awareness and interest in cyber security careers among students and professionals, provide funding and incentives for cyber security education and training programs, and foster a culture of cyber security across all sectors and levels of society.
- Community: Non-governmental organizations, professional associations, media outlets, and influencers need to promote the importance and benefits of cyber security careers, showcase role models and success stories from diverse backgrounds, and create platforms and networks for peer support and knowledge sharing.
Is there a cybersecurity skills gap?
Yes, there is a cybersecurity skills gap. According to the 2021 (ISC)² Cybersecurity Workforce Study 1 , the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. The study estimates that there are currently 2.72 million unfilled cybersecurity positions worldwide.
Is there really a shortage of cybersecurity professionals?
Yes, there is really a shortage of cybersecurity professionals. According to Cyberseek 2, an online tool that provides data on the supply and demand of cybersecurity workers in the U.S., there are around 1.1 million people employed in cybersecurity in the U.S., but over 700,000 unfilled positions are currently available. Worldwide, the cyber workforce shortfall is approximately 3.5 million people 3, according to Cybersecurity Ventures.