THE SKILLS GAP According to a recent report by Cybersecurity Ventures, the cybersecurity market is expected to grow from $170 billion in 2020 to $270 billion by 2026. With such rapid market growth and an ongoing influx of innovation, the lack of cybersecurity talent remains a prominent issue in the industry. Research from ISC(2), which polled almost 12,000 people in charge of their cybersecurity programs, revealed that 70% of respondents say they have a worker shortage. This remains consistent year over year, with a brief exception during the pandemic.
Cybersecurity Ventures also predicts that by 2026, there will be 3.5 million unfilled cybersecurity jobs globally. CISOs and security leadership struggle to fill open job postings in a timely manner reflective of this high demand. 32% of security managers say it takes six months or more to find a qualified candidate for an open position. This is especially challenging for organizations considering they need to hire candidates with a broad range of specializations. Additionally, due to an increasingly remote workforce, cybersecurity salaries have become more competitive. These statistics on why the skills shortage exists imply the challenge of unfilled positions is one of a limited pool of qualified candidates and a shifting recruitment landscape within the industry.
HOW TO MAKE STRIDES AS AN INDUSTRY As an industry, it is key to take a step back and understand the root cause of the challenge we are facing. The cybersecurity workforce lacks a diverse array of professionals. According to a recent research by (ICS)2, only 25% of cybersecurity professionals are women. The industry must encourage more women to enter careers related to STEM (science, technology, engineering and math). Integrating more women in the industry will not only lower unfilled positions, but potentially add a stronger variety of traits including different skillsets and problem solving approaches.
Many CISOs we interview for this magazine believe their greatest accomplishments are when they influence and make an impact on young people interested in entering the field. Some encourage internships with high school and college students at their organizations. Others host students for educational cybersecurity days or teach at local colleges and universities. A large amount of CISOs who teach use this as a way to give back, but also to recruit future team members.
PROMOTING AND GROWING In addition to these internship and mentorship programs, it is key to support existing talent and build skills in-house, instead of by hiring experts. To retain a strong, quality workforce, many CISOs invest heavily in a core group of team members. By providing training, education, and certification support, these professionals aspire to grow within the organization and seek to take on more leadership roles. Promoting cybersecurity job openings amongst other departments within an organization may be integral to attaining additional talent.
Many CISOs agree they can teach cybersecurity skills to anyone, but the soft, business skills are what they look for in candidates. When this is the case, looking outside of professionals with cybersecurity backgrounds and expanding the talent search may prove beneficial.
In conclusion, the skills gap is a fundamental and persistent challenge that is continuously growing. Industries and organizations must work together to: promote cybersecurity careers by way of internship and training opportunities, create accessibility in the cybersecurity industry, develop talent from within, and continually look for proactive ways to procure talent.
SOURCES: Cybersecurity Ventures, “2023 Official Cybersecurity Jobs Report” (ICS)2, “2022 Cybersecurity Workforce Study” ISACA, “State of Cybersecurity 2020 Report” Fortinet, “2022 Cybersecurity Skills Gap: Global Research Report” TechTarget, “Cybersecurity skills gap: Why it exists and how to address it” Forbes, “How Do We Close The Skills Gap In The Cybersecurity Industry?”