We keep talking about a major cyber talent shortage. Trainings are popping up all over to build the next wave of talent, but is the shortage as bad as they say? And if so, what will chip away at the deficit?
IS IT AS BAD AS THEY SAY?
The reality is that we have a massive deficiency in cyber talent in industry. Companies are hiring anyone with a pulse who has knowledge on cyber, or heck, an interest…so we can train you up with the hopes that it will be enough out the gate to get a stronger cyber defense. If this sounds like a recipe for disaster, you are spot on.
With this shortage in cyber talent leaving several open positions out there in the job postings, you can bet your bottom dollar you are open to being overworked…but, maybe (just maybe) you will not be underpaid! The shortage comes down to this, there are not enough cybersecurity professionals (never mind the even smaller pool of those who are cleared) as well as those with advanced enough skills to match the needs of industry, today. So, if you find yourself with a skill set that aligns with a position… capitalize on the moment. Weave in extra vacation days, sign on bonuses, and salary increases because as much as we hate to take advantage, we absolutely do not mind taking advantage. It never hurts to ask, and the worst they can say is no.
WHAT IS REALLY GOING ON with the Cyber Talent Shortage?
Just a peek at job postings on ClearanceJobs.com, and you’ll find an overwhelming number of companies looking for: IT Cybersecurity Specialist (INFOSEC), Cybersecurity Engineers, Cybersecurity Analysts, Cybersecurity Consultant, Cyber Manager, Cybersecurity Instructor, etc. If the 376 pages of jobs or the 7,503 jobs that come up on a basic search on our site for “Cybersecurity” does not make the demand clear, you can also check out an article by Steve Morgan. He says that the number of unfilled cybersecurity jobs grew by 350% from 2013 to 2021. Morgan’s article predicts the same number of openings (3.5 million) ahead in 2025.
I am holding breath while thinking about these openings and comparing them to the needs of professionals in this work as CMMC ramps up and cyber hygiene becomes a regulated entity by DoD. Will the demands of the government be met by companies who are in a desperate shortage of cleared cyber professionals? Should we really keep drawing this line to concluding how those who are uncleared are going to need clearances and the toll that is going to take on the increased amount of workload on DCSA with background investigations? Hate to say supply chain issues is in play here, but if we have a shortage in one area, are the other areas well equipped to handle the rising need and demand?
How Can We Fill the Cyber Talent Gaps?
If your foot is already in the door and you are working for one of the big industry CDCs, you’re well aware you just need to send an email to your supervisory asking for a SANS course voucher or some other platform to get certified in “things” and growing your cyber skills. If your foot is not already in the door and you are deciding what to do with your career, its great to keep in mind the high demand in cyber and to potentially go that route via degree, certificates, and/or experience. Large companies often offer to train candidates to get the skills matched to their needs. We all must start somewhere, and although the salary for beginning type of positions doesn’t exactly WOW the in-laws, its never a bad idea to recognize the industry growth and to forge your own path to getting that experience and those certs. According to CSIS, Hacking the Skills Shortage; ISACA, “State of Cyber Security 2017: Part 1: Current Trends in Workforce Development” surveys consistently show that organizations value hands-on experience above all other factors when evaluating new hires.
Michael Ruark, a Senior Cyber Threat Intelligence Analyst and military veteran with 15+ years experience in the Intelligence Community and private sector weighs in with his experience, “Many of the skills I have learned in the IC are valuable in cybersecurity. They allowed me to compete with other folks with purely cybersecurity backgrounds. Right now, with me currently looking for an opportunity, with so many job openings I thought I would have no issue finding a position, but that has not been the case. I have had interviews 3-5 times a week on average and upwards of 5-6 interviews per company. It’s exhausting, but I think that competing for fully remote jobs right now is a challenge. Especially when there is so much interest from job seekers to obtain one.”
Out of the millions of reasons why we look for new jobs, Ruark is moving his family from the D.C. metro region to Georgia, which has changed his criteria search from being in the capitol of cleared cyber jobs to looking for remote positions to support his family’s logistics. If that is not 2022 and what the rest of us are doing, I do not know what is. Clearance or no clearance, talented cyber professionals need to be offered flexibility, money, and work-life balance to keep them happy. We can’t afford a cyber talent shortage in national security. It’s a problem that has to be solved.