The cybersecurity worker shortage worldwide has hit three million, according to research from (ISC)2, a nonprofit cybersecurity professional association. More than 10%, or roughly 300,000 of those openings, are in the United States, according to experts at the SANS Institute.
In its most recent Cybersecurity Workforce Study, (ISC)2 polled 1660 cybersecurity and IT professionals and found that 63% of respondents reported that their respective organizations had a shortage of dedicated cybersecurity staff, while 59% said their organization was at moderate or even extreme risk due to that cybersecurity staff shortage.
The U.S. Bureau of Labor Statistics reported just a few years ago that employment of information security analysts could grow at a pace faster than the average for all occupations within the field.
Understanding the Cybersecurity Shortage
“Cybersecurity” is used as a catch-all for a number of positions, but it actually falls into four main categories that include researchers, policy and management strategy experts, tests and tool builders. According to SANS Institute, right now it is the researchers and tool builders that are in the shortest supply.
The good news is that most people working in the field of cybersecurity aren’t likely to be looking for a career change. (ISC)2 reported that 64% of cybersecurity workers plan to finish out their careers in their field. The bigger concern for employers is that with a shortage of workers, there is the chance many will still make lateral moves for better pay or more attractive working conditions.
To prevent the loss of employees, (ISC)2 has suggested that employers put serious effort into retention, with measures that include robust training, professional development and open communication. Employers may be wise to listen to their employees as well, as research shows that cybersecurity professionals want their opinions to be taken seriously, especially when it involves input for cybersecurity matters. Employers that fall short could be driving those employees away.
Keeping Cyber Workers
(ISC)2’s Cybersecurity Workforce Study noted that professionals who did plan to remain in cybersecurity for the rest of their careers had worked in IT roles for an average of 11 years, and cybersecurity roles for nearly seven years. Cybersecurity pros do have a strong job satisfaction, but did expect budgets to increase and wanted the ability to sharpen their skills – 36% of respondents in the study said skill gap was a top concern, while 68% said they were satisfied with their job, and 55% noted that they expected a larger security budget.
Commitment to the job is important to cybersecurity pros, who consider relevant work experience as a top driver of success. Cybersecurity workers are also seeing the need to remain proficient with the latest skills to do their jobs, and 71% of the survey’s respondents said they were already interested in working in IT security while in school.
While many cybersecurity workers also started their careers in related fields such as IT or communications, and then made the switch because of opportunity as well as earning potential, the (ISC)2 study found that participants who pursued a cybersecurity-focused education were likely to find a job quickly. 53% of those who specialized in cybersecurity studies landed the first job of their career in the field – which compares to 35% for all the IT/cybersecurity professionals surveyed. The same respondents said that cybersecurity certifications were the second most important qualification for cybersecurity professionals seeking employment, and that only followed relevant cybersecurity workforce experience.
The study found that 42% of respondents who planned to see out their respective careers as cybersecurity professionals had a bachelor’s degree, while 33% had a master’s degree.
