September 20, 2016 By Douglas Bonderud 2 min read

Zero percent. As noted by a recent Cybersecurity Ventures report, that’s the new number for cybersecurity unemployment. In fact, there are two available jobs for every qualified candidate, and with 1 million positions still open, companies are getting desperate.

Gary Hayslip, CISO for the city of San Diego, told CSO Online that they’re “trying to hire a unicorn” by writing job descriptions with huge skill lists that most security professionals simply don’t have. But what’s the real-world impact of this cybersecurity talent shortage? More importantly, how can companies reverse the trend?

Volume, Velocity and Variety

Cybersecurity is impacted by the three V’s: volume, variety and velocity. The volume of cyberattacks is rapidly increasing as more zero-day vulnerabilities are discovered, exploit kits become online commodities and cybercriminals broaden their targets.

Threats are also ramping up in terms of speed and type. Cloud resources and the wealth of data shared online make it easier than ever for malicious actors to discover security weak spots and create new attack vectors.

As noted by Marc van Zadelhoff, general manager of IBM Security, this translates to a “skills crisis in security,” even if the industry is able to fill every open job in the next few years. This isn’t good news, but it’s not entirely hopeless, either.

Addressing the Cybersecurity Talent Shortage

So how do companies address the cybersecurity talent shortage when traditional candidate pools are effectively dried up? One option is better training.

Schools such as the University of Warwick now offer a business-focused postgraduate module in enterprise cybersecurity that students — most likely security pros already working in the industry — can take part time to help close the skills gap. However, this is a downstream solution that only starts paying off after a few years and doesn’t address the issue of sheer numbers.

Another way to help bridge the gap, according to Computerworld, is by ramping up the number of women in IT security. This means abandoning notions of the ideal unicorn — often a seasoned male IT professional with a host of credentials — and instead choosing to innovate by encouraging both men and women to pursue cybersecurity careers even if their primary tech specialty lies somewhere else.

SC Magazine pointed out that it’s possible to make better use of existing IT professionals to help solve the skills gap. For example, many teams spend much of their time reporting or manually entering data rather than dealing with security issues.

What’s more, when basic cybersecurity hygiene isn’t up to par, even security specialists are put to work solving basic problems. Meanwhile, security teams are often forced to fight fires rather than move forward due to the overwhelming number of security alerts they deal with on a daily basis.

No Quick Fix

Changing the paradigm means opting for automation where possible, leveraging data analytics to help clean up the IT environment, and finding a balance between reactive and proactive security to let security pros improve overall cybersecurity health.

The cybersecurity talent shortage has arrived, and it poses real problems for IT. While there’s no quick fix, efforts like improved education, innovative hiring and investment in existing IT teams can help limit the impact of zero unemployment and absent unicorns.

More from

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today