Employers Continue to Struggle to Find Cybersecurity Talent

August 9, 2018

By Scott Bittle, Director of Communications | Burning Glass Technologies 

The nation’s persistent skills gap is all about the labor market failing to keep up with the demand for specialized talent—and nowhere is that more apparent than in the crucial field of cybersecurity.

There were 301,873 cybersecurity job openings in the United States between April 2017 and March 2018, according to research we’ve conducted at Burning Glass Technologies, a leading labor market analytics company.

By contrast, the total employed U.S. cybersecurity workforce in the relevant 12 months was 768,096. That works out to 2.5 currently employed cybersecurity workers for every opening. To put this in perspective, there are 6.5 current workers for every job opening overall, in the tightest labor market in years.

Only about four in 10 of those openings, however, are pure cybersecurity jobs. The remainder are for roles where cybersecurity is only part of the worker’s responsibility, a common situation in small- and medium-sized organizations.

Why is it hard to find cybersecurity talent? Burning Glass has identified three major reasons:

Demand is outstripping supply. Postings for cybersecurity jobs grew 70% over the past five years, compared to 13% for IT jobs in general. Training programs simply can’t keep up.

The bar is high. Employers aren’t looking for rookies. Roughly 85% of cybersecurity job postings require a bachelor’s degree, and about the same number require three years or more of experience. About six in 10 postings require at least one certification, compared to roughly one-quarter of IT jobs in general.

Like many other information technology fields, cybersecurity is heavily defined by certifications. There’s a clear career ladder for cybersecurity professionals, from the entry-level Security + certification to the Certified Information Security Professional (CISSP). In many certification categories, Burning Glass analysis has found there are more job openings than certified professionals.

Cybersecurity skills alone aren’t enough. Information security used to only be a concern for the government and defense contractors, but one of the most significant trends of the past few years has been the surge in cybersecurity hiring by businesses that formerly weren’t concerned with this, such as retail, health care, and other fields. A cybersecurity worker in those fields needs to understand the business they are protecting: a health care security expert needs to understand HIPPA, while someone in the financial field may need to grasp securities laws. That makes hiring more of a challenge.

What does this mean for employers looking for cybersecurity talent? For a start, it means employers have to develop a better talent pipeline for these roles. Posting a position and hoping for the best won’t be good enough. Employers need to act aggressively to find, recruit, and train talent if they are serious about solving this problem. Cybersecurity is a critical need—and it isn’t going away.



Posted By

FINN Partners


You May Also Like