In a world where cybersecurity threats are constantly evolving, the need for skilled professionals to protect businesses from cyberattacks is more crucial than ever. Despite the increasing number of graduates from colleges and trade schools in the cybersecurity field, there are still hundreds of thousands of unfilled positions in the industry.
According to ISACA’s ninth annual State of Cybersecurity survey, about 60% of cybersecurity executives admit that their companies are understaffed. In the United States alone, there are over 450,000 unfilled cybersecurity positions, as reported by CyberSeek. This shortage comes at a time when cyberattacks are on the rise, with 40% of respondents experiencing more attacks compared to the previous year.
Jonathan Brandt, the director of professional practices and innovation at ISACA, characterized the abundance of openings as a “self-inflicted wound” by companies. Despite the increase in cybersecurity graduates, many positions remain unfilled for months. It is baffling that companies are struggling to fill entry-level positions, with some taking three to six months to find suitable candidates.
One of the key challenges in cybersecurity hiring is the mismatch between entry-level positions and the qualifications expected by hiring managers. Starting cybersecurity salaries are often higher, leading companies to have high expectations for entry-level candidates. This discrepancy may explain why only 26% of survey respondents believed that half of the applicants were well-qualified for the positions.
The difficulty in finding and retaining experienced cybersecurity professionals is further compounded by the reduction in employee benefits. Companies are cutting back on benefits such as tuition reimbursement and recruitment bonuses, making it harder to attract and retain top talent in the industry. This trend is not unique to cybersecurity, as many industries are facing uncertainty about economic conditions.
To address the staffing shortages, companies are increasingly turning to training non-security staff to transition into security roles. This approach is seen as a cost-effective way to fill the talent gaps, as fewer companies are hiring contractors and consultants compared to previous years.
A potential solution to improve hiring and retention in cybersecurity is to enhance the digital employee experience (DEX) within organizations. By optimizing how employees interact with digital tools and technology in the workplace, companies can create a more efficient and satisfying work environment. Companies that prioritize DEX may have a competitive edge in attracting top talent and retaining existing staff.
Looking ahead, the focus will be on filling the many open entry-level positions in cybersecurity. Companies in regions with lower living costs may be able to attract candidates with lower starting salaries, in exchange for less stringent qualifications. As the cybersecurity landscape continues to evolve, organizations must adapt their hiring practices to meet the growing demand for skilled professionals in the field.
In conclusion, the cybersecurity talent shortage is a pressing issue that requires a multi-faceted approach to address. By reevaluating hiring practices, offering competitive benefits, and prioritizing employee experience, companies can better navigate the challenges of recruiting and retaining cybersecurity professionals in an increasingly digital world.