Security

Cybersecurity world faces 'chronic shortage' of qualified staff

It's the number one problem, according to analyst


The number one issue facing cybersecurity firms is a "chronic shortage" of qualified staff.

That's according to the founder of market analyst Cybersecurity Ventures, Steve Morgan. "The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It's an absolute epidemic," Morgan told supply-chain blog Channelnomics.

Morgan's company in 2016 gathered feedback from executives listed highest on the company's list of 500 top cybersecurity firms, many of whom pointed to the same problem.

"We are one of the few industries globally experiencing zero-percent unemployment," said Robert Herjavec, CEO of cybersecurity outfit Herjavec Group. "Unfortunately the pipeline of security talent isn't where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyberexperts receive, we will continue to be outpaced by the Black Hats."

John McAfee has also weighed in on the issue, saying that cybersecurity is "the least populated of any field of technology," and noting that there are two job openings for every qualified applicant.

On Sunday, Cybersecurity Ventures predicted that by 2021 there will be 3.5 million vacant cybersecurity jobs due to the lack of a "pipeline of security talent" combined with ever-expanding cybercrime.

For some time

The problem is not new. Two years ago, another widely cited report from consulting firm Frost & Sullivan warned that there would be a 1.5-million worker shortfall by 2020, and then increased it soon after to 1.8 million.

Despite record spending on security – and healthy salaries – nearly half of hiring managers say they are struggling to find cybersecurity staff for open positions, and 62 per cent of them have reported a shortage of information security professionals.

So what is the solution?

There are a number of organizations, including the Cybersecurity Workforce Alliance (CWA), that are actively trying to recruit more people into the field. The CWA was set up by the financial industry, based around New York, to close the skills gap given the importance of cybersecurity to money flows.

The new head of the Securities and Exchange Commission, Jay Clayton, is also using his platform to encourage coordination between companies and regulators to share threats as a way of limiting their impact.

Morgan argues that the limited degree of specialized education in information technology and computer science around the world is a major factor in the shortage. He highlighted Kevin Mitnick's KnowBe4 company as an example of training up IT staff to understand cyber threats.

It trains existing staff to recognize early warning signs on a network. "This lack of basic knowledge is plaguing the industry," Morgan argues. "For instance, some software developers don't understand IT security, and vice versa. Every corporation must be providing their staff with that kind of training." ®

Send us news
47 Comments

US task force aims to plug security leaks in water sector

From a trickle to a flood, threats now seen as too great to ignore

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Software slackers urged to up their game

Tech trade union confirms cyberattack behind IT, email outage

Systems have been pulled offline as a precaution

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability

PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities

NVD slowdown leaves thousands of vulnerabilities without analysis data

Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work

Apple fans deluged with phony password reset requests

Beware support calls offering a fix

Street newspaper appears to have Big Issue with Qilin ransomware gang

The days of cybercriminals having something of a moral compass are over

UK elections are unaffected by China's cyber-interference, says deputy PM

Sanctions galore for APT31, which has been blamed for two major attacks on democracy

New Zealand to world: China attacked us, too!

Reveals 2021 incident that saw parliamentary agencies briefly probed

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

Users may have to upgrade twice to protect their browsers

Microsoft confirms memory leak in March Windows Server security update

ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns

Some 300,000 IPs vulnerable to this Loop DoS attack

Easy to exploit, not yet exploited, not widely patched – pick three