Back in 2018, the New York Times estimated that there would be around 3.5 million unfilled cybersecurity jobs by the end of 2021. Despite our best efforts to curb the talent gap, that prediction came true. There are many reasons behind this, some relating to wages, others related to certifications – but the fact of the matter is that not only has this prediction come true: it is bound to happen again.
Reasons, Reasons
In the US, there are 90,000 CISSPs – that is, certified information systems security professionals – but more than 106,000 jobs in the US alone require the CISSP certification. Issues regarding certification and seniority have plagued the tech industry for years, as more and more jobs demand higher caliber standards to develop the best product. But, at the same time, we risk biting off more than we can chew.
Credentials for similar positions, be it Information Security Managers or Senior Engineers, continue to abound, surpassing the number of actually qualified personnel. Only entry-level job openings discard the necessary qualifications, but this shortage is still putting a chokehold on the market as a whole.
In addition to the above, one needs to consider the other perspectives. Ever since the advent of the pandemic, we slowly but surely entered a software era. Every company became a software company in one form or another. Just like fintech companies fostered app development to create payment options galore, other sets of industries implemented the same – be it restaurant apps, healthcare monitoring, to pet care technology. Every company opened its gates to the technological revolution, along with the risk of cybersecurity breaches.
But the one defining factor that affected the worker shortages wasn’t the proliferation of technology per se. Qualification preferences aside, we must also consider the workers’ priorities. Amid an economic recession brought about by numerous factors – tightening of loan policies, lousy investment in dominant markets – common people came to realize that a lot of jobs weren’t willing to offer a living wage in times of crisis. Their need for a job that offered enough security was incentivized by the economy, sure, but it’s the corporate policies that have sowed the penalty.
If we then add those three factors, we can find an entire population of developers that:
- Find themselves in need of finding a well-paying job – not to gain more money, but to make rent.
- Are located in a market that has an overabundance of numerous positions across dozens of industries and hundreds of sub-industries, letting them put their talents in previously unthinkable positions.
- Can’t apply to their traditional jobs due to a tightened qualification policy.
If we combine all three, we get a perfect storm for a widened talent gap in the cybersecurity sector. This not only leads to loss of revenue and expertise but extreme security risks for high-profile companies. From bank hacks in Europe to company secrets, this year has had no shortage of those, ironically.
The Educational Side
It’s important to realize that, despite the fact, bigger companies bring about these underlying problems, these issues affect every stratum of the tech world. As such, tech giants have taken some necessary steps to address the situation, with moderate success thus far.
From a qualitative perspective, big companies like Google, Microsoft, and Apple have launched their campaigns to help curb the lack of education. From training programs advertised in the Wall Street Journal, to alliances with Black Colleges to foster inclusivity records, the estimated numbers for these programs reach the hundreds of thousands for each of these companies.
This is not to say that only Big Tech is behind these kinds of programs, though. Colleges are investing heavily in expanding their resumés. Cybersecurity, previously a niche subsector, is now a priority for many institutions, particularly for Master’s Degree programs. Community Colleges represent a great asset as well since they offer public education, including partnerships with Microsoft programs. These educational initiatives offer the opportunity to gain the necessary qualifications that are so in demand these days, at a reduced cost compared to what was the reality five years ago.
The bottom line regarding these types of programs and alliances is that cybersecurity no longer needs to be seen as a “Whiz Kids” group, only reserved for the best of the best. It’s a highly approachable position: Nitin Natarajan, deputy director at CISA, was a flight paramedic for 13 years before even approaching the private sector. It’s important to focus on these types of stories if we want to expand the scope.
The Other Side of The Cybersecurity Coin
But what do we do about the rising costs and the slump in salaries?
Thousands of cybersecurity jobs still go advertised on LinkedIn and Job Search engines, even though a grand portion of those positions are duplicated. This is a common strategy to breed competition in jobs with a high turnover rate. Along with the lack of a reasonable salary, corporate policies continue to breed instability in an industry that desperately needs it.
The statistics do not lie: Unfilled positions will continue to grow – and cybercrime is estimated to grow as well. Illegal security breaches are predicted to cost around $105 trillion by 2025. This, according to CybersecurityVentures. This industry is vital for the rest of the tech world, and it also offers a long-lasting source of income: tech will always need people involved with monitoring and ensuring that safety protocols are in place.
If we aim to shorten this talent gap, we must aim for more ambitious policies, not just bolstering the educational side. Diversifying our workforce, opting for outside job forces, and listening to the needs of those involved are some tentative first steps. But if we don’t start soon, the problem will persist.
As a company, we have gladly helped the software world grow and prosper. We believe in trying out new strategies, and this includes cybersecurity. If you feel in need of discussing new paths for your company or project, contact us – let us help you make your vision a reality.
