In 2016 Cisco estimated there were a million unfilled cybersecurity jobs worldwide. Last November, (ISC)2, the International Information System Security Certification Consortium, said the world was short 4 million cybersecurity professionals.
Why has the gap widened?
- “Many cybersecurity workers feel constrained by a lack of career development and training offered to them.”
- “Enterprises that need highly-skilled and motivated employees to ensure the business is secure are not taking the right steps to nurture the talent needed to make that happen.”
To explain that, Dice cited a survey by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), which revealed that 68% of the cybersecurity professionals feel they have no well-defined career path. Most moved into security because of a personal interest after first working in different IT areas.
Steve Durbin, managing director of the Information Security Forum, told Dice there’s a disconnect between human resources and security teams. HR doesn’t understand what skills are important, nor does it recognize the mental and physical toll cybersecurity takes.
“This hinders the organization’s ability to identify relevant talent and provide adequate support for the professional development of the security workforce,” Durbin said.
It’s easy to get “pigeonholed,” Morgan Mango, a cybersecurity researcher, says. As an example, she says someone working in PKI early in their career might get tagged as a specialist, limiting their options.
“I would always suggest people to find a job in cybersecurity that’s very flexible and very broad in terms of job description and tasks,” Mango told Dice.
Organizations have a responsibility to encourage development of their security professionals.
“To build a sustainable security workforce,” Durbin said, “Organizations should adapt to market demands by seeking candidates with diverse competencies and skill sets coupled with providing competitive benefits and structured career development. For some these changes are already underway but for the majority, the approach is still new and untried.”