With ransomware attacks, nation-state hacking campaigns, data breaches and other cyberthreats making news nearly every day, there’s one item missing from the headlines: An increasing need for cybersecurity professionals to fill more than 400,000 open positions across the U.S. private sector.
The fact that there are more open cybersecurity positions than workers who can fill them is well-trodden ground at this point. A recent series of high-profile attacks and new industry statistics, however, are now putting this talent gap in a new light.
As of June 1, there are more than 428,000 open cybersecurity positions across the U.S. private sector, according to Cyber Seek, which is a job-tracking database developed by the Department of Commerce and CompTIA, an IT trade group. The openings include more than 52,000 positions in California and another 40,000 in Texas. New York, Virginia, North Carolina, Florida and Georgia also have a significant number of security jobs that need filling.
Some of the top titles and positions in demand right now include cybersecurity analyst, cybersecurity manager or administrator, cybersecurity consultant, network engineer or architect and systems engineer, the Cyber Seek stats show. For those with certifications, the numbers show that the Certified InformationSystems SecurityProfessional (CISSP) is the most sought-after by potential employers.
The need for security professionals is so great, especially for those with skills or those looking to retrain, that the White House highlighted cybersecurity jobs as one of the key foundations of the Biden administration’s proposed American Jobs Plan.
“The American Jobs Plan will build on that work and deliver resilient infrastructure for the American people, including a renewed electric grid. Cybersecurity is a core part of resilience and building the infrastructure of the future, and the American Jobs Plan will allocate opportunities and resources to bolster cyber defenses,” according to a fact sheet published by the White House in May.
Rita Gurevich, founder and CEO of security firm Sphere, noted one reason that private companies have had trouble finding enough cybersecurity professionals is that the demands of the job keep changing. This is now even more challenging with the newfound ability to work anywhere due to the COVID-19 pandemic, creating even more competition.
“The demand for cybersecurity job professionals will always be greater than the supply simply because threats continue to evolve and increase in numbers. Up until a few years ago, cybersecurity professionals specialized in a particular field or technology,” Gurevich told Dice. “Today, the role requires a broad range of experience in technology and business to be successful. Evolving threats mean that cybersecurity professionals must also be able to adapt to change frequently. People like this are not easy to find.”
Cyberthreats Put Pressure on Companies
One of the main reasons that the number of open security positions remains high is that cybersecurity is now a major risk management concern for companies. In the past six months, attacks that targeted SolarWinds, Colonial Pipeline and, more recently, meat processing giant JBS have shown that a ransomware incident or nation-state hacking attempt can mean significant disruptions for any business in any industry.
Recently, security firm Proofpoint published its Voice of the CISO report, which is based on interviews with more than 1,400 chief information security officers from around the world. Overall, that study found that about 66 percent of those CISOs surveyed felt their organization was unprepared to handle a cyberattack.
In addition, 53 percent of CISOs surveyed by Proofpoint said they are more concerned about the repercussions of a cyberattack in 2021 than they were in 2020. Another 58 percent noted that the shift to work-from-home over the last year has made their jobs more challenging.
With these added pressures and concerns over security, Lucia Milică, global resident CISO at Proofpoint, said that companies are now scrambling for cybersecurity talent, opening up vast new opportunities for those that want to move up in the field or change careers.
“The security industry is thriving as a result, and there is a pressing need for talent to create and develop products and solutions that enable companies to stay ahead of the cybercriminals. Yet filling these roles has proven challenging, as demand far outpaces the available workforce,” Milică said. “There are no simple solutions to this talent deficit, but an investment in education and training by both the private sector and government, along with a focus on diversity aimed at recruiting women and minorities too often overlooked by some within the industry, can help bridge the employment gap.”
And while the job openings are there, not everyone is convinced the shortfall in qualified cybersecurity professionals relates to greater awareness of security issues. John Bambenek, a threat intelligence advisor at security firm Netenrich, believes schools are not properly preparing students for future careers.
“While it is true there is a significant amount of work and job security isn’t going to go away from cybersecurity professionals, these open positions are an indictment that higher education and community colleges are not yet doing the job they need to do to train people, and industry is not doing what it needs to do foster talented individuals and get people in the door into these jobs without upfront excessive costs and time by potential employees,” Bambenek told Dice.
Practical Cybersecurity Steps
Timur Kovalev, CTO at security firm Untangle, believes that companies need to do more to attract the top cybersecurity talent to fill these positions, which means going beyond advertising for technologists with certain certifications.
There are four specific areas that Kovalev believes companies need to focus on:
Branding: Cybersecurity careers have a perception as “uncool” and need to be positioned to compete against jobs in software development, artificial intelligence and data science at companies such as Amazon.
Learn How to Recruit Generation Z: This generation is now entering the workforce and companies need to learn what is important to them, such as flexible work hours, work-from-anywhere, and social causes.
Upskill Current Employees: To retain current talented workers, providing training and a career path are important. Companies with a clear program will also have an advantage in recruiting.
Invest In Education: Teaching cybersecurity in school will provide future workforces a better understanding of the opportunities available to them.
“At the core of this issue is that there just aren’t enough skilled workers for the positions available. While computer science is a growing major in colleges, only a small portion of graduates are going into cybersecurity,” Kovalev told Dice.