Are we creating a cyber professional salary bubble that will eventually burst?
Are hiring managers contributing to the salary inflation of the cyber field? Are we doing a disservice to our future cyber workforce?
It is a great time to be in the cyber security field. But, have you noticed the growing challenges of recruiting and retaining good cyber talent? Six-figure salaries used to take years to achieve. Now, if you have a specialized cyber skill set, you can attain that figure with only a few years of experience. So, the question is: Are we growing cyber professionals who do not have the foundation needed to perform at a sustained level? Are we so desperate for these skill sets that we are willing to outbid each other?
The competition in markets is brisk, with organizations recruiting from each other and thus driving salaries and benefits through the roof. Recent graduates with one or two years of experience are receiving offers that are increasing in $35,000 increments. The competition for skilled talent results in bidding wars, consequently resulting in the companies willing to part with extra large signing bonuses, relocation packages and deep pockets attracting the most skilled talent with unintended results. Meanwhile, the smaller critical infrastructure organizations are not able to afford the skill sets needed to defend their infrastructures.
And, compared to other countries, the United States has a large complex infrastructure attack surface to secure. The escalating threat picture has pushed the need for top-caliber talent in organizations that had not, in the past, been continually targeted. This issue is also translating to the government cyber workforce. The majority of government cyber professionals have not received raises for years, whereas their private industry counterparts have earned salaries tens of thousands of dollars higher. In addition, the forecasted trend is tightening budgets. And, traditionally, cyber security careers were on-premise. Yet, now maintaining talent means flexibility, especially as some locations have exhausted the available pool of cyber talent.
This recent salary over-inflation is resulting in pros with specialized skill sets earning six-figure incomes, but lacking the experience in project management, maneuverability in delicate political situations, and implementation capabilities. They also lack the experience gained from working one's way up through the ranks.
What will be the case for these individuals in 10 years? Will the bubble burst and the salaries readjust down? Will supply equal demand, leading to a stagnation of the career track? Are we creating a future that will take years to equalize?