The United States continues to face a significant and serious cybersecurity workforce shortage. According to new research from (ISC)2, the world’s largest nonprofit membership association of certified cybersecurity professionals, the worldwide cybersecurity workforce needs to increase by 145%. Currently the cybersecurity workforce in the United States is estimated to be around 804,700 and the shortage of skilled professionals needed is nearly 500,000 – requiring an increase of 62% to better defend U.S. organizations.
The 2019 (ISC)2 Cybersecurity Workforce Study found the shortage of skilled/experienced cybersecurity personnel was a top concern among 36% of respondents. Despite workforce challenges, the study cast the spotlight on some positive findings as well.
Bright Spots in the Cybersecurity Workforce
Two-thirds, or 66% of respondents said they were either satisfied (37%) or very satisfied (29%) in their current jobs, and more importantly 65% said they intended to work in cybersecurity for their entire careers. This sector is also not facing as significant of a “graying” as other high tech jobs – with 37% of respondents below the age of 35, while 5% were categorized as Generation Z and were under 25 years of age.
Women are making up an increasingly greater number of cybersecurity workers at 30% of respondents, 23% of whom have security-specific job titles.
Job security and high salaries could help draw in more workers, too. The average North American salary for cybersecurity now stands at $90,000, while those holding security certifications have an average salary of $93,000 – and 59% of cybersecurity professionals said they are pursuing new certifications.
“Now that we are establishing a clearer picture of what the actual scope of the challenge is, we can begin to solve the problem together as an industry,” said Wesley Simpson, chief operating officer at (ISC)2.
“Since this is a global epidemic that every organization and country is involved in, it is going to take the collective collaboration of the private, public and academic spaces to bring unity and clarity to this profession in order to attract future generations,” Simpson told ClearanceJobs. “We need to get creative in order to attract new talent that hasn’t traditionally been interested in cybersecurity.”
As noted by the survey results, the world of cybersecurity is becoming far more diverse – yet there is still room for improvement.
“While we saw an increase in the number of women in the profession this year, it’s important to recognize that only 5% of the current workforce is under 25 years old,” added Simpson.
“This Gen Z population is going to be a critical segment to bring into the fold as the Baby Boomers and Gen X begin to retire,” he explained. “One of the strategies outlined in the report is level-setting on job requirements and descriptions, so that hiring managers are not searching for too narrow of a skill set.”
This will include determining the traits that are truly needed for a role, and that enables hiring managers to be far more creative in their recruitment efforts. In addition, they should look at a broad spectrum of backgrounds.
“They shouldn’t be afraid to go outside the technical landscape of traditional candidates,” said Simpson. “Not every position requires a CISSP with five years of experience. They need to hire for what they actually need.”
Building the cyber Workforce
The (ISC)2 report outlined four main strategies that include (1) highlighting training and professional development opportunities that contribute to career advancement, (2) properly level setting on applicant qualifications to make sure the net is cast as wide as possible for undiscovered talent, (3) attracting new workers, such as recent college graduates, who have tangential degrees to cybersecurity, or seasoned pros such as consultants and contractors into full-time roles, and (4) strengthening from within by further developing and cross-training existing IT professionals with transferable skills.
While cybersecurity and IT professionals are largely satisfied in their careers and optimistic about their futures, the size of the current workforce still leaves a significant gap between the number of cybersecurity professionals working in the field and the number needed to keep organizations safe.
“There’s no sugar-coating it,” Simpson told ClearanceJobs. “If we don’t change our approach and start to flip the equation and shrink the gap soon, we’ll only see more harmful cyber attacks that compromise our critical data and the way we live our lives. We need to close the gap by making the next generation aware of how great this career is and put it in terms that they understand, find appealing and rewarding.”