Security

Cybersecurity world faces 'chronic shortage' of qualified staff

It's the number one problem, according to analyst

47 Got Tips?

The number one issue facing cybersecurity firms is a "chronic shortage" of qualified staff.

That's according to the founder of market analyst Cybersecurity Ventures, Steve Morgan. "The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It's an absolute epidemic," Morgan told supply-chain blog Channelnomics.

Morgan's company in 2016 gathered feedback from executives listed highest on the company's list of 500 top cybersecurity firms, many of whom pointed to the same problem.

"We are one of the few industries globally experiencing zero-percent unemployment," said Robert Herjavec, CEO of cybersecurity outfit Herjavec Group. "Unfortunately the pipeline of security talent isn't where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyberexperts receive, we will continue to be outpaced by the Black Hats."

John McAfee has also weighed in on the issue, saying that cybersecurity is "the least populated of any field of technology," and noting that there are two job openings for every qualified applicant.

On Sunday, Cybersecurity Ventures predicted that by 2021 there will be 3.5 million vacant cybersecurity jobs due to the lack of a "pipeline of security talent" combined with ever-expanding cybercrime.

For some time

The problem is not new. Two years ago, another widely cited report from consulting firm Frost & Sullivan warned that there would be a 1.5-million worker shortfall by 2020, and then increased it soon after to 1.8 million.

Despite record spending on security – and healthy salaries – nearly half of hiring managers say they are struggling to find cybersecurity staff for open positions, and 62 per cent of them have reported a shortage of information security professionals.

So what is the solution?

There are a number of organizations, including the Cybersecurity Workforce Alliance (CWA), that are actively trying to recruit more people into the field. The CWA was set up by the financial industry, based around New York, to close the skills gap given the importance of cybersecurity to money flows.

The new head of the Securities and Exchange Commission, Jay Clayton, is also using his platform to encourage coordination between companies and regulators to share threats as a way of limiting their impact.

Morgan argues that the limited degree of specialized education in information technology and computer science around the world is a major factor in the shortage. He highlighted Kevin Mitnick's KnowBe4 company as an example of training up IT staff to understand cyber threats.

It trains existing staff to recognize early warning signs on a network. "This lack of basic knowledge is plaguing the industry," Morgan argues. "For instance, some software developers don't understand IT security, and vice versa. Every corporation must be providing their staff with that kind of training." ®

Sign up to our NewsletterGet IT in your inbox daily

47 Comments

Keep Reading

Ugh, of course Germany trounces Blighty for cyber security salaries

Britons never, never, never shall be wage slaves. Oh wait

Soft eng salaries soar by 25 per cent – and, oh yes, devops is best paid for non-boss techies

Stack Overflow's worldwide dev survey spills pay figures

IT security pro salaries: Silicon Valley? You'd be better off in Minneapolis

How far would you go for a better salary?

UK Cybersecurity: Permanent job salaries growing faster than contractor pay rises

Tie me up, tie me down

Quick, better lock down that CISO role. Salaries have apparently hit €1m

Thanks WannaCrypt... Hey, about our new security budget. Oh, you've cut it

Same job, different place: US salaries top DevOps pay packet poll

California demand closes the pay gap

Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent

'A secure dev lifecycle has a much higher ROI than letting the public do the bug detection work for you'

IT bod who does a bit of everything: You might want to specialise if that pay rise proves elusive

Tech salaries up almost 2 per cent in 2018

HPE shifts further out onto the edge, plans to weld $925m Silver Peak buy to Aruba Networks

To SD or not SD-WAN is the question?

Trump bans Feds from contracting H-1B workers and makes telehealth the new normal

Also touts scheme to have USA to pocket finder’s fee for allowing TikTok sale

Tech Resources

Has Recent Rapid Cloud Adoption Increased Your Threat Risk?

It’s time to embrace cloud capabilities that can help businesses address speed to market through agility, lower TCO and an increased security posture.

Simplifying Hybrid Cloud Flash Storage

According to industry analysts, a critical element for secure hybrid multicloud environments is the storage infrastructure.

Navigating the New Era of Cloud Computing

Hear from Steve Sibley, VP of Offering Management for IBM Power Systems about how IBM Power Systems can enable hybrid cloud environments that support “build once, deploy anywhere” options.

Migration Isn't Archiving

Make sure your solutions have the right capabilities to save you the most costs and headaches.