The Cybersecurity Talent Shortage Is Here, and It’s a Big Threat to Companies

Qualified candidates are choosing to build dating apps and mobile games instead

12 April 2017

Is your company in need of savvy cybersecurity professionals? Well, get in line. As threats to data security increase and become more sophisticated, there are not enough qualified candidates to go around.

Cisco estimates that as many as 1 million cybersecurity openings worldwide are going unfilled. And the 2016 Corporate IT Security Risks report by global cybersecurity company Kaspersky Lab found that nearly half the 4,000 businesses surveyed about their demand for specialists in the field said they were finding it difficult to fill openings.

The shortage could be due to workers who are either unqualified or are qualified but not interested in this career path. Part of the problem, according to IEEE Member Jonathan Katz, is that the field as a whole is still young. Katz is director of the Maryland Cybersecurity Center, in College Park, and a member of the IEEE Cybersecurity Initiative.

It’s a classic pipeline problem.

“The increased demand for cybersecurity professionals is relatively new, and universities are still unable to respond to this demand by incorporating it in their curricula,” Katz says. “There is a shortage of students graduating with the necessary cybersecurity expertise.”

Moreover, graduates who are qualified seem to take a different route—one in which there’s more potential to be on the ground floor of the “next big thing.” That includes developing mobile games and dating apps instead of helping to build and maintain online defense systems, cybersecurity analyst Bruce Schneier told Inverse.

“Young engineers might not see cybersecurity as sexy,” Schneier says. “Which is weird to me because I think it’s the coolest [job] ever. It’s spy versus spy.”

THE SHORTAGE STRUGGLE

The talent drought is being felt across the board. Hundreds of thousands of malware intrusions alone are attempted every day, and they’re not only impacting tech companies. Institutions with data—whether it’s their own, customers’ or patients’—need to be concerned about protecting their systems. Nearly 70 percent of the companies surveyed by Kaspersky Lab said they planned to hire full-time cybersecurity professionals in the coming years.

Competition for qualified cybersecurity professionals is driving up salaries and better benefit offerings, like more vacation time, access to training programs, and telecommuting options. The demand for the jobs, though, might be backfiring on employers, Katz says, because workers can take advantage of the competition.

That is especially true for younger employees. The Center for Cyber Safety and Education found that millennial workers, who might not yet own homes or have children, are the most likely to jump ship for a better deal elsewhere. These younger employees are twice as likely to depart for a new job that pays better or offers more benefits than their Boomer colleagues.

“Companies are devoting a lot of effort to hiring and retaining cybersecurity professionals,” Katz says. “The catch is the time and money spent is an investment that is not being spent on actually improving cybersecurity.”

SKIP THE HYPE

Katz warns, however, to not necessarily believe all the stats out there on how desperate employers are for cybersecurity professionals, because that number could be inflated by a broader definition of what a cybersecurity job actually is. There are many kinds of roles in the field, he says, including database architect, intelligence analyst, and network engineer, but not all of the positions are difficult to fill.

There is another group that should have skills in cybersecurity: those who are developing technologies, such as software engineers. They need to be aware of threats, Katz says, so their programs don’t suffer from basic vulnerabilities in the first place.

Learn More