Light Dark
September 20, 2016 By Douglas Bonderud 2 min read

Zero percent. As noted by a recent Cybersecurity Ventures report, that’s the new number for cybersecurity unemployment. In fact, there are two available jobs for every qualified candidate, and with 1 million positions still open, companies are getting desperate.

Gary Hayslip, CISO for the city of San Diego, told CSO Online that they’re “trying to hire a unicorn” by writing job descriptions with huge skill lists that most security professionals simply don’t have. But what’s the real-world impact of this cybersecurity talent shortage? More importantly, how can companies reverse the trend?

Volume, Velocity and Variety

Cybersecurity is impacted by the three V’s: volume, variety and velocity. The volume of cyberattacks is rapidly increasing as more zero-day vulnerabilities are discovered, exploit kits become online commodities and cybercriminals broaden their targets.

Threats are also ramping up in terms of speed and type. Cloud resources and the wealth of data shared online make it easier than ever for malicious actors to discover security weak spots and create new attack vectors.

As noted by Marc van Zadelhoff, general manager of IBM Security, this translates to a “skills crisis in security,” even if the industry is able to fill every open job in the next few years. This isn’t good news, but it’s not entirely hopeless, either.

Addressing the Cybersecurity Talent Shortage

So how do companies address the cybersecurity talent shortage when traditional candidate pools are effectively dried up? One option is better training.

Schools such as the University of Warwick now offer a business-focused postgraduate module in enterprise cybersecurity that students — most likely security pros already working in the industry — can take part time to help close the skills gap. However, this is a downstream solution that only starts paying off after a few years and doesn’t address the issue of sheer numbers.

Another way to help bridge the gap, according to Computerworld, is by ramping up the number of women in IT security. This means abandoning notions of the ideal unicorn — often a seasoned male IT professional with a host of credentials — and instead choosing to innovate by encouraging both men and women to pursue cybersecurity careers even if their primary tech specialty lies somewhere else.

SC Magazine pointed out that it’s possible to make better use of existing IT professionals to help solve the skills gap. For example, many teams spend much of their time reporting or manually entering data rather than dealing with security issues.

What’s more, when basic cybersecurity hygiene isn’t up to par, even security specialists are put to work solving basic problems. Meanwhile, security teams are often forced to fight fires rather than move forward due to the overwhelming number of security alerts they deal with on a daily basis.

No Quick Fix

Changing the paradigm means opting for automation where possible, leveraging data analytics to help clean up the IT environment, and finding a balance between reactive and proactive security to let security pros improve overall cybersecurity health.

The cybersecurity talent shortage has arrived, and it poses real problems for IT. While there’s no quick fix, efforts like improved education, innovative hiring and investment in existing IT teams can help limit the impact of zero unemployment and absent unicorns.

 |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature