- To fill the talent gap for cybersecurity experts, the cybersecurity workforce would need to grow 145%, according to (ISC)², a membership association for cybersecurity professionals. The 2019 (ISC)2 Cybersecurity Workforce Study estimated that an additional 4.07 million trained professionals will be needed.
- The study showed that 65% of companies reported a cybersecurity staff shortage, and for 36% of respondents, the lack of skilled cybersecurity specialists was their top concern. Among cybersecurity specialists, two-thirds said they’re either somewhat or very satisfied in their jobs, and another two-thirds said they plan to remain in the field for the rest of their career.
- Demographically, women in the study accounted for 30% of cybersecurity professionals, 23% of whom had IT security job titles; more than a third of respondents were below age 35; and 5% were below age 25. Top recruiting sources included recent college graduates, consultants and contractors, other departments within a company, vendors of security/hardware and career switchers.
Although cybersecurity training pushes have escalated in recent years because of the acute skills shortage in the field, the skills gap remains, according to a report released in July by the analytics firm Burning Glass Technologies. Citing statistics from the National Center for Education Studies, the company said that the number of cybersecurity graduates and postsecondary training rose by 40% and 33%, respectively, between 2013 and 2017. The report attributed the massive skills shortage to, among other things, cybersecurity's growth into a critical multi-industries function, which takes it beyond a cyber-risk concern of solely the defense and government sectors.
Even as hiring in the tech and engineering arenas continues, the talent gap in these professions remains critical. In fact, while 80% of decision-makers in a Modis and General Assembly survey agreed that the skills gap exists in tech and engineering, most (67%) said they intended to step up hiring in 2019. And 41% said that finding candidates with the right skills was more difficult than before.
Employers are recognizing that upskilling is one way to close the skills gap, and, according to a report from consulting firm West Monroe Partners, employees agree. Both employers and workers in the report said that an increasingly digital workplace will require updated skills. But studies show that training and upskilling are often infrequent or lacking entirely.
(ISC)² said organizations can build up cybersecurity teams by:
- Providing training and professional development opportunities;
- Vetting applicants’ qualifications and casting the talent pool net as wide as possible to find undiscovered talent;
- Attracting fresh candidates, such as recent college grads with skills that are transferable to cybersecurity, or seasoned professionals, such as consultants and contractors for in-house roles; and
- Developing staff internally and cross-training current IT professionals with transferrable skills.