A continuous problem: Tackling the cybersecurity skills shortage
We have read the over abundance of apocalyptic articles covering the growing talent shortage in cybersecurity. But buried under the hyperbolic numbers, there is a larger and more interesting story.
But first, let’s level set. This talent shortage is a well recognized issue that grows year after year as qualified candidates become more scarce and demand grows. By 2022, an estimated 1.8 million cybersecurity jobs will go unfilled, according to ISC2. To compound that, the U.S. Bureau of Labor Statistics predicts the number of jobs in the security space to increase 18 percent from 2014 to 2024.
eSentire recently released a white paper that explores the skills shortage topic from a different angle. We looked at how organizations view the skills shortage and plan to address it and mirror that perspective with the cybersecurity professionals’ perspective on the same topic.
The research shows that both organizations and their cybersecurity employees know some of the significant steps they can take to alleviate the skills shortage. However, the actions of the organizations are not following suit, perpetuating the problem and potentially causing wanted employees to move on.
Thirty-two percent of organizations say it takes more than six months to fill cybersecurity positions at their organization, according to ISACA’s 2019 State of Cybersecurity survey. In 2018, 451 Research asked organizations facing a skills shortage what they could do to address the skills gap. Sixty-two percent responded that they could train existing staff with new skills. In June 2019, eSentire teamed up with 451 Research the same issue and found that fifty-eight percent were trying to hire additional staff. Only half were retraining existing staff. So no news here—not much has changed.
When we asked cybersecurity professionals what organizations could do to attract and retain talent, their answers surprisingly matched exactly what organizations know they need to do, but are failing to execute. Of the polled cybersecurity professionals, 63 percent believe that ongoing education and certification programs are the answer.
We also found a correlation between high job satisfaction and happiness with the ongoing education options offered by employers. The cybersecurity professionals surveyed demand continuing education. Over 48 percent agree that their skill set is falling behind due to the ever-changing demands in the industry and 34.2 percent of respondents believe job satisfaction is directly linked to learning new skills.
The whitepaper offers answers to a range of questions, including:
- Is the skills shortage as bad as it is being reported?
- What do cybersecurity professionals think about the widely reported skills gap?
- Is outsourcing cybersecurity functions the only answer for organizations?
- Do cybersecurity professionals feel that their skill set matches with their job position?
- What role can recruiters play in alleviating the skills shortage?
The reality is, it’s a sellers market. Employers need to do more with the finite resources available. The paper makes key recommendations that organizations can adopt to retain top performing cybersecurity professionals and avoid the revolving door of job-hopping security experts.
About the research
This report draws from a 451 Research study commissioned by eSentire in June 2019, a survey conducted in July 2019 by eSentire of 300 North America IT security professional and reputable independent research and industry sources including the U.S. Bureau of Labor Statistics and ISACA.