If We Really Cared About the Cybersecurity Talent Shortage…
…We Wouldn’t Make Cybersecurity Jobs So Hard To Fill
The cybersecurity industry is booming with job openings, but organizations don’t have the talent to fill them. Over a third of the 1.8 million cybersecurity jobs in the U.S. go unfilled due to lack of skills and expertise — generating a talent gap that could fill Yankee Stadium thirteen times over. (That’s 18 times the amount of seats in Fenway Park for you Red Sox fans.)
Meanwhile, cyberattacks keep increasing in frequency and sophistication. By 2023, the number of global malware attacks is projected to reach over 1.4 billion — and that’s just known malware. It’s impossible to predict the real impact of new threats in the years to come.
With such an overwhelming demand for talent and innovation, you would assume that the path to employment would be streamlined. But that’s far from the reality.
The cybersecurity industry is difficult to break into, workers report high levels of burnout, and too few employers offer room for career advancement. Without industry-wide solutions to bridge the talent gap, cybersecurity teams won’t keep up with rapidly evolving threats.
Barriers to Entry
Most cybersecurity positions require at least a bachelor’s degree and three or more years of experience. That includes entry-level positions. Meanwhile, computer science has one of the highest dropout rates in higher education, meaning fewer potential candidates are heading into IT in the first place, let alone cybersecurity.
Assuming a potential new hire has graduated with a bachelor’s degree in computer science — and even with a cybersecurity certificate or two — landing a cybersecurity job worth the effort is a difficult task. Breaking into the cybersecurity field is often unclear, and navigating a cybersecurity career path can be just as confusing.
Cybersecurity is constantly changing and evolving to face the latest threats and meet new and stricter standards. That means the learning curve gets steeper and more complex with time. It’s harder for every fresh wave of college grads to gain a foothold. And when they do, the workload is heavy and demanding, with too few rewards to keep skilled workers around for the long haul.
Overwork and Burnout
The people who do manage to break into the industry often find that it’s a far more demanding job than they might have anticipated. Notorious for overwork and burnout, cybersecurity jobs are not for the faint of heart. Cybersecurity professionals are often ignored when things go right and villainized when things go wrong.
CodeHunter CEO Larry Roshfeld applies this exhausting thought to the cybersecurity industry as a whole: “The thing about being responsible for cybersecurity is that we know we can’t win; the best we can ever hope for is not to lose.”
The fatigue that comes with this line of work shows in the numbers. Over half of surveyed IT security professionals said they or someone they knew left their job due to overwork and burnout or worked with someone who has. In the federal cybersecurity space alone, 27% of cybersecurity workers left within their first year. Meanwhile, 60% of employers report difficulties retaining qualified cybersecurity professionals.
These obstacles have created a skills gap that’s become increasingly difficult — and increasingly urgent — to overcome. If there aren’t enough opportunities for new hires to learn and grow, the current generation of cybersecurity professionals won’t have anyone to pass the baton to.
We Need a Culture Shift
Employers must balance expectations, workers’ well-being, and industry demands from multiple angles. To lead the way, the cybersecurity community can do the following:
Promote cybersecurity training in local colleges offering computer science programs.
Provide internships that offer meaningful experience in the cybersecurity field and help prospective cybersecurity professionals get ahead as quickly as possible.
Hire for top talent potential (as opposed to current skill levels), and provide the support and training to reach that potential.
Upskill and reskill current employees and promote from within while regularly freeing up entry-level positions.
Train all employees on cybersecurity best practices, compliance, and managing risk factors on a routine basis throughout the organization to share the burden of responsibility.
Look for exceptional soft skills in addition to tech skills — especially in management positions. Over half of ISACA’s survey respondents report a significant gap in soft skills in the cybersecurity industry.
Offer flexibility with scheduling and consider what employees need for a healthy work-life balance. This helps prevent burnout and attracts new talent.
Foster diversity. Employers who create a welcoming environment for everyone are recruiting from a larger talent pool, and are at less risk of high turnover.
Market the critical mission of cybersecurity: we make a difference by protecting people and organizations from cyber threats, big and small. The work is constantly evolving — and never dull.
Unfortunately, We Don’t Have That Kind of Time
While all of the above would set up the cybersecurity industry for a brighter and more robust future, none of those things will make a difference overnight — and we still need viable solutions now.
Even if we could hire armies of well-trained cybersecurity professionals, we would still be outnumbered by constantly evolving threats and increasingly sophisticated cyberattacks. We need solutions that help workers efficiently face threats at scale — and we needed them yesterday.
CodeHunter helps bridge the talent (and numbers) gap in cybersecurity with automated threat detection and analysis. It rapidly identifies otherwise undiscoverable threats and saves organizations precious time to discovery, resources, and man hours.
Learn more about the scale of the issue and how CodeHunter can help tackle it.