Cybersecurity jobs are on the rise, but demand outgrows supply. A series of major cyberattacks and data breaches over the past year, and a global pandemic uncovering weak supply chains, are serving as a wake-up call on the need to invest in cybersecurity.
Many cyber initiatives require hiring talented IT Security professionals with specific sets of skills, but how to do so in a competitive market with shortage of talent and skyrocketing salaries?
As organizations emerge from the covid19 pandemic, hiring is on the rebound. The work-from-home standardization was a palliative for a while, as organizations started finding talent beyond borders. Often, at lower costs with candidates based on low-paying regions.
However, the recruitment pool has saturated again and many organizations continue to struggle to find these needed workers. This, in turn, puts additional pressure on salary and benefit offerings.
What the numbers are saying
The latest Cybersecurity Workforce study by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs, sheds some light on this issue. In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers.
Globally, the gap is even larger at nearly 3.12 million unfilled positions. In fact, it may actually be higher, given that some companies paused hiring during the pandemic.
The US Bureau of Labor Statistics projects “information security analyst” will be the 10th fastest growing occupation over the next decade, with an employment growth rate of 31% compared to the 4% average growth rate for all occupations.
Cybersecurity jobs up for grabs
As reported by CNN, the most wanted positions range from entry-level security analysts, who monitor network traffic to identify potential threat actors in a system, to executive-level leaders who can communicate to CEOs and board directors the potential financial and reputational risks from cyberattacks.
According to salary review data from Glassdor, these are some of the highest paying cybersecurity jobs:
Information Security Analyst
- Average salary: $99,101
- Salary range: $61k – $160k
Security consultant
- Average salary: $97,488
- Salary range: $60k – $158k
Information security engineer
- Average salary: $105,927
- Salary range: $74K – $152K
IT security architect
- Average salary: $106,078
- Salary range: $70K – $160K
CISO
- Average salary: $188,260
- Salary range: $105K – $264K
Expert shortage, a persistent problem
The cybersecurity skills gap has been an issue for years. In fact, around 2016, a certain headline resonated around the community: “Donald Trump advised to train 100,000 hackers to protect the US”.
It’s 2021 and we’re still getting reminders of the risk and consequences of cyberattacks. Think of SolarWinds, Kaseya, or Colonial Pipeline —the latter had to shut down supply temporarily due to a ransomware attack, resulting in gas shortages and price spikes in multiple states over several days. The incident cost Colonial at least $4.4 million, the amount its CEO admitted to paying the attackers.
Another eloquent headline of the time indicated that, in the weeks before the attack, the company had posted a job listing for a cybersecurity manager. We have now seen how cybersecurity incidents can have a measurable economic impact on the population, and it’s far from being a surprise. Back in 2016, ESET researchers found malware targeting Ukrainian energy distribution companies that was theoretically capable of being the cause of a massive power outage experienced by hundreds of thousands Ukrainian citizens.
Looking for a long-term solution
To address the shortage, there’s a variety of education, training and up-skilling programs for nearly everyone —veterans, children, women, junior IT analysts, etc. Still, the global cybersecurity jobs gap is expected to grow by 20% to 30% annually over the next few years, according to the (ISC)2.
So what else can be done? Should schools and businesses do more to combat the shortfall of cybersecurity professionals? Should we rethink the education system to include more cybersecurity training? And ultimately, how to forge the next generation of qualified security talent that will be entering the workforce over the next 10, 50 or 100 years?
The stakes are only growing, as the risk surface expands and cybercriminals become more advanced. No matter when you read this, it’s high time to start investing in robust security controls and, in particular, adding cybersecurity professionals to your organization.
