January 14, 2022 By George Platsis 4 min read

If you’ve been following reports and whispering with industry colleagues, you know what’s going on: the cybersecurity skills gap is difficult to close, and the Great Resignation is here. The 2021 (ISC)2 workforce study gives us a mixed picture of what to expect:

  • The Cybersecurity Workforce Estimate states there are 4.19 million cybersecurity workers worldwide, an increase of more than 700,000 from 2020. So far, good news.
  • The Cybersecurity Workforce Gap dropped from 3.12 million to 2.72 million. More good news.
  • Together, the industry requires a 65% increase in the global workforce to close the gap. Not good news.

A few more tidbits of interest:

  • Some regions are outpacing others at closing the gap. For example, Germany saw a 165% increase in its workforce compared to 30% in the United States.
  • Many cybersecurity workers, about 50%, started in IT and transitioned to security.
  • Job satisfaction trends (satisfied or extremely satisfied): 72% in 2018, 66% in 2019, 76% in 2020, and 77% in 2021.

The excellent visuals in this report allow you to breeze through findings if you are short on time. But take these findings with a grain of salt. As we’ll see below, gains can be wiped out easily and quickly.

How 2021 Added to the Great Resignation

Before 2021, the skills gap could be generally said to stem from growing threats, workforce/talent availability and worker burnout. But 2021 has turned the world a bit topsy-turvy. There are new factors that go beyond industry-specific challenges, including:

  • Remote work becoming a permanent state
  • Talent pool availability, based on geographic region, increasing
  • Job requisitions drawn up out of desperation and becoming a checkbox exercise or worse, drawing the wrong talent
  • Work-life and future in the industry
  • Socio-economic trends impacting salaries, morale and participation.

There is much more psychology to consider now than before, also. For example, are people more satisfied than in 2019 because they are happier with the industry or happy to have a job through the pandemic? The (ISC)2 study shares some great pandemic-specific facts, but the answer to this question still remains unclear.

But something certain is the Great Resignation is real. It is being led by Millennials and Generation Z, who are highly mobile in their professional lives and followed by Generation X, who have the tendency to be self-sufficient and work long hours but are less committed to specific employers.

This trend should worry employers, because not only do they face a retention problem, they face a current and future workforce problem. Flexibility and trust are going to be essential, even more so with so many jobs available. Generational attitudes do matter.

Let’s expand a little on these issues.

Remote Work and Talent Pool Availability

You should not view the COVID-19 pandemic as an activation of a business continuity plan. Employers should consider themselves lucky that they did not lose most of their workforce for any sustained amount of time. Also, be thankful for reliable internet connections and resilient infrastructure. Business processes transferred mostly seamlessly for the ‘laptop class’ of workers – the luckiest bunch over the last 20+ months. Remote connections have proven reliable, even if they come with new security concerns.

A side effect of this shift is proof that you don’t need to be spending time in an office and commuting. As a result, businesses could also start hiring outside of an office’s region.

Because of this proof, getting people back into an office will be hard. Demand too much and you may push out the limited talent on hand. Also, keep in mind, the Great Resignation is giving people second thoughts about their entire careers. Industry-wide demands could result in industry-wide losses.

How to Hire During the Great Resignation

HR departments need to work more closely with hiring managers to align expectations and retain staff.  Three-step guidance is useful here.

  • Step one: stop the checkbox exercise. There may be a passionate and capable worker out there, but if they are kept out because of certification, you could be missing out on a major asset. Listen to Dee Hock. As the founder of Visa, things worked out all right for him.
  • Step two: no bait and switches on job descriptions. With a lot of jobs out there, people can pick and choose. They won’t tolerate deception. If you hire a security developer but have them working incident response, you run the risk of stressing them out, setting them up for failure and turning them into a disgruntled employee. Play to their strengths before you end up with a bad return on investment.
  • Step three: build the farm team and give them a shot at the majors. If upper roles are being filled from external postings too often, employees will see the writing on the wall: no way to move upward.

It comes down to being flexible and gaining workers’ trust.

While this is not a cybersecurity industry-specific issue, it’s no secret that one of the best ways to get a salary and job title bump is to jump to another company. It’s on employers to do what they can to minimize that damage. Even the U.S. government is raising pay and cutting red tape to get more cybersecurity talent.

Managing External Forces

It would not be honest to discuss the Great Resignation and not bring up inflation and vaccine mandates. Inflation is real. The cost of living is shooting up, which will drive remote work demands.

Also, perception matters. If the organization is performing well, but employees are not getting a taste, they’ll walk. Emotions are in full play here. The ‘just happy to have a job’ feeling appears to be waning.

Vaccine mandates impact workforces: organizations could lose anywhere between 5% to 40% of their workforces. People walking out is real. Go back to the (ISC)2 Cybersecurity Workforce Estimate: there was about a 20% increase in talent from 2020 to 2021. Mandates could wipe out those gains in one shot and for good.

How Badly Do You Want Talent?

In closing, talent is available. However, a lot of forces are driving people to different places or may be shutting them entirely out of a market desperately in need. How organizations address these last drivers, especially the external ones, is entirely up to them. That makes 2021 the pivot year. The challenge employers face in 2022 demands that they ask themselves: how badly do they want that talent?

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today