High pay, job satisfaction and strong demand are still not enough reason to entice people to enter the cybersecurity workforce as a new study shows the workforce gap increasing to almost three million globally.
The 2018 study, conducted by (ISC)2, stated there are 2.9 million open positions which up from the 1.8 million noted in the 2017 report. The increase is due, in part, to (ISC)2 changing its tracking methodology to includes the openings that are currently available, along with an estimation of future staffing needs, estimates for academic and non-academic entrants into the field, along with estimates of existing pros who are pivoting to cybersecurity specialties.
The Asia/Pacific region is suffering from the largest shortfall of about 2.14 million with North America having the next biggest need with 498,000 workers needed, then EMEA at 142,000 and Latin America at 136,000.
“Building tomorrow’s security workforce is essential to address this challenge and deliver robust and long-term security for organizations in the digital age. Filling the skill shortage will require organizations to change their attitude and approach to hiring, training, and participating in collaborative pipeline development efforts,” said Steve Durbin, managing director of the Information Security Forum.
The shortfall is having a real impact with 59 percent of the 1,500 respondents said their organization is at extreme or moderate risk due to cybersecurity staff shortage. Twenty-three percent reported a significant shortage of dedicated cybersecurity staffers on their payroll, although only 37 percent said the lack of skilled or experienced people was one of their top job concerns.
Forty percent calling their worker shortfall slight. Twenty-eight percent stated they were properly staffed and three percent registered to have too many cybersecurity workers.
One of the reasons why senior cybersecurity executives are having a hard time filling empty positions is what they require in a new hire.
Almost half, 49 percent, require relevant cybersecurity work experience, 47 percent knowledge of advanced cybersecurity concepts, 43 percent cybersecurity certifications, 40 Extensive cybersecurity work experience and 39 percent want strong non-technical/soft skills.
Another issue not addressed by the survey, but still an important point raised by a few cybersecurity execs was retention. Keeping those who are finally fully trained on board is becoming increasingly difficult as cyberattacks increase in number and intensity.
“On an average day in 2017, the Equifax Cyber Threat Center captured 2.5 billion logs and monitored more than 50,000 cybersecurity events per second. No matter how many cybersecurity professionals you hire, human beings aren’t good are drudging through a mountain of manual work, yet our industry keeps asking them to,” said Mike Banic, Vectra’s vice president.
In order to fend off, or at least limit, the inevitable brain drain that will take place in such a high-pressure field a company must have a plan in place.
“Organizations need to build sustainable recruiting practices as well as develop and retain the talent they already have to boost the organization’s cyber resilience,” said Bret Fund, founder and CEO at SecureSet. “Businesses must prepare to build information security capabilities across the organization and position the executive team to recognize and retain talent, both those who have come up through the ranks and newer employees who have worked in a digital environment and business roles.”
Despite the stress and burden of having to do more with fewer people the (ISC)2 study found most workers are satisfied with their jobs with 68 percent responding as being either somewhat or very satisfied.