Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' skill sets.
On one hand, companies report facing difficulties in hiring knowledgeable cybersecurity professionals, with enough workers to satisfy only 72% of the demand, according to data provided by labor analyst firm Lightcast - a shortfall of nearly a half-million workers.
Job seekers say that companies have unreasonable education, experience, and salary expectations.
The vast majority of job postings - about 85% - call for at least a bachelor's degree in computer science, cybersecurity, or other technical discipline, when historically only about 60% to 70% of cybersecurity workers have a college degree.
In a series of articles on Medium, for example, Ben Rothke, a New York-based information security manager, took umbrage with claims that there are millions of open cybersecurity jobs in need of filling, with no workers to join the workforce.
One example: Many cybersecurity certifications require a minimum of five years of prior work experience - a CISSP certification, for example - but about 20% of cybersecurity job postings requiring such certifications are for entry-level, lower-paid jobs needing less than two years of experience, according to Lightcast's Markow.
For companies - the demand side of the equation - cybersecurity needs could be filled with a full-time employee, a third-party service, or potentially a product.
As discussed, the supply of available workers depends on worker skills and company requirements.
For those reasons, gauging the current cybersecurity workforce situation in the United States is difficult.
There are currently about 1.2 million cybersecurity workers in the United States and about 570,000 cybersecurity-related jobs posted in the last year, according to Cyberseek, a information site collaboration between Lightcast, certification organization CompTIA, and the National Institute of Standards and Technology's National Institute for Cybersecurity Education.
Cybersecurity certification providers ISC2 has similar numbers, estimating that there are 1.5 million cybersecurity workers in North America, with a shortfall of 522,000 workers, which results in 74% of demand being met.
With roughly 165 million workers in the US, according to the US Bureau of Labor Statistics, that means that about one in every 140 workers is responsible for cybersecurity as some part of their job description - a number that sounds high.
In reality, only about 20% to 40% of those 1.2 million workers is a core cybersecurity worker - one that would have a title related to cybersecurity, says Lightcast's Markow.
Looking for Diamonds in the Rough To expand their supply, companies should relax their requirements and look for workers who want to learn, rather than those who already have specific skills or credentials, says Lee Kushner, a former technical and cybersecurity recruiter of more than two decades.
A major issue is that training opportunities are in short supply, and companies do not want to necessarily invest in workers to give them the right skills.
In 2024, Expect Demand to Decline - Maybe Because the measure of cybersecurity job openings and demand are lagging behind the situation on the ground, recent tightening of budgets has meant that the job market is worse today than a year ago.
High interest and inflation have taken a bite out of budgets, and companies are now starting to think more about cutting into their cybersecurity departments, even though some threats - such as ransomware - appear to be on the rise.
A year ago, when fears of a recessions still dominated, only 10% of executives predicted cutting their cybersecurity workforce.
While cybersecurity often is something that companies attempt to do without, the world's reality will always remind them that they need it, Lightcast's Markow says.
Between the greater likelihood of a soft economic landing in 2024, and the ever-increasing threat landscape, demand for cybersecurity workers could continue to be strong in 2024, he adds.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 26 Dec 2023 14:00:28 +0000