Cybersecurity Insiders: The Cybersecurity Talent Gap — Where Do We Go from Here?
April 26, 2023
We are syndicating the original article from Cybersecurity Insiders.
By Tanya Freedland, VP of Human Resources and Talent Acquisition, Identiv
Currently there are 1 million cybersecurity workers in the U.S., yet there are still upwards of 700,000 positions in the field that need to be filled immediately.
As the number of job openings in cybersecurity continues to multiply, cyber attacks are growing at an exponential rate, putting the infrastructure of the entire world at risk. The infrastructure of every critical resource on the planet is run using digital technology: healthcare, commerce, energy, government, transportation, public services, education, banking, etc. This leaves an infinite number of attack surfaces for hackers to steal public and private information. In fact, U.S. corporations experienced 50% more cyber attacks in 2021 than they did in 2020.
The same need for qualified cybersecurity professionals is expected moving into 2025. With so many experts needed to fill these important positions fast, should the cybersecurity industry hire IT professionals and teach them cybersecurity on the job, or hire those already trained in the industry?
Hiring talent in cybersecurity: What’s the issue?
One of the biggest challenges in filling many cybersecurity positions is the lack of people with qualifying credentials to enter the profession. Those credentials can be as high-level as a master’s degree in cybersecurity or one of several certificates that can be completed in a matter of months.
A recent report states that four-year universities tend to be the main provider of entry-level cybersecurity professionals. However, the challenge facing recent university cybersecurity graduates is that by the time they complete their studies, their skills are oftentimes already obsolete. Still, 52% of hiring organizations required a degree to fill entry-level positions in 2022. This number was 6% lower than in 2021, demonstrating that a degree is becoming less important.
The skills gap is also due to the lack of opportunities for non-technical professionals to gain cybersecurity training in an industry that is constantly evolving. Cyberthreats continue to rise as technology becomes more complex. Artificial intelligence (AI) can be used to launch attacks on companies big and small just as they can be used to block them. This makes it more complicated for organizations to define exactly what skills they need at any point in time.
The Great Resignation has affected the movement of cybersecurity professionals as it has just about every other industry. The cybersecurity industry was facing hiring challenges well before the pandemic. However, the pandemic did make people reconsider how they wanted to live and work. One recent report states that as many as 54% of security professionals want to quit their job, citing their increasing workload as one of the main reasons for experiencing work-related stress. The work involves a high amount of tedious tasks that can lead to burnout. While the need for cybersecurity professionals was made bigger by the pandemic, the transition to remote work put companies at a higher risk for attacks. Still, there just are not enough qualified people to fill these critical roles.
Diversifying the pool of applicants is critical to the digital landscape
The answer to the hiring problem in cybersecurity may lie in creating a more diverse pool of applicants in the industry. According to one recent report, only 24% of cybersecurity professionals identify as women. Only 9% identify as black and 4% as hispanic. Salary discrepancies exist across race and gender while women and people of color are least likely to serve in leadership positions.
It is critical that companies find ways to tap into new sources of talent and open up nontraditional entryways to a career in cybersecurity. This can be further supported through formal on-the-job training, accessible professional development opportunities, affordable certifications, mentoring programs, and much more.
Focusing on diversity, equity, and inclusion (DEI) in the hiring and training of cybersecurity professionals brings tremendous value to the workforce in general. Companies that invest in DEI initiatives have benefited from improved levels of problem solving and a greater generation of ideas. Diverse teams are able to innovate at a more rapid pace, anticipating consumer demand and buying patterns, offering their companies a competitive advantage.
The cybersecurity industry cannot afford to wait for answers
The safety and security of business as we know it hangs on the ability to hire cybersecurity professionals who are ready to work. It does not matter whether they are IT professionals who want to make a career change, or individuals who have completed a degree and/or certifications for an entry-level position. Both are legitimate career opportunities that should be invested in to meet the needs of business in the U.S. and abroad.
The pandemic has increased opportunities to hire remote workers to fulfill the security needs of most companies. This also brings new opportunities to offer creative options in training for those who, first and foremost, are dedicated to learning the job from the ground up.