September 20, 2016 By Douglas Bonderud 2 min read

Zero percent. As noted by a recent Cybersecurity Ventures report, that’s the new number for cybersecurity unemployment. In fact, there are two available jobs for every qualified candidate, and with 1 million positions still open, companies are getting desperate.

Gary Hayslip, CISO for the city of San Diego, told CSO Online that they’re “trying to hire a unicorn” by writing job descriptions with huge skill lists that most security professionals simply don’t have. But what’s the real-world impact of this cybersecurity talent shortage? More importantly, how can companies reverse the trend?

Volume, Velocity and Variety

Cybersecurity is impacted by the three V’s: volume, variety and velocity. The volume of cyberattacks is rapidly increasing as more zero-day vulnerabilities are discovered, exploit kits become online commodities and cybercriminals broaden their targets.

Threats are also ramping up in terms of speed and type. Cloud resources and the wealth of data shared online make it easier than ever for malicious actors to discover security weak spots and create new attack vectors.

As noted by Marc van Zadelhoff, general manager of IBM Security, this translates to a “skills crisis in security,” even if the industry is able to fill every open job in the next few years. This isn’t good news, but it’s not entirely hopeless, either.

Addressing the Cybersecurity Talent Shortage

So how do companies address the cybersecurity talent shortage when traditional candidate pools are effectively dried up? One option is better training.

Schools such as the University of Warwick now offer a business-focused postgraduate module in enterprise cybersecurity that students — most likely security pros already working in the industry — can take part time to help close the skills gap. However, this is a downstream solution that only starts paying off after a few years and doesn’t address the issue of sheer numbers.

Another way to help bridge the gap, according to Computerworld, is by ramping up the number of women in IT security. This means abandoning notions of the ideal unicorn — often a seasoned male IT professional with a host of credentials — and instead choosing to innovate by encouraging both men and women to pursue cybersecurity careers even if their primary tech specialty lies somewhere else.

SC Magazine pointed out that it’s possible to make better use of existing IT professionals to help solve the skills gap. For example, many teams spend much of their time reporting or manually entering data rather than dealing with security issues.

What’s more, when basic cybersecurity hygiene isn’t up to par, even security specialists are put to work solving basic problems. Meanwhile, security teams are often forced to fight fires rather than move forward due to the overwhelming number of security alerts they deal with on a daily basis.

No Quick Fix

Changing the paradigm means opting for automation where possible, leveraging data analytics to help clean up the IT environment, and finding a balance between reactive and proactive security to let security pros improve overall cybersecurity health.

The cybersecurity talent shortage has arrived, and it poses real problems for IT. While there’s no quick fix, efforts like improved education, innovative hiring and investment in existing IT teams can help limit the impact of zero unemployment and absent unicorns.

More from

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today