If you’re currently having difficulty finding a job, I’d be willing to bet $100 that you aren’t in the cybersecurity field.
Why? The unemployment rate in cybersecurity globally is near 0.
In fact, according to the Cybersecurity Jobs Report conducted by the Herjavec Group, a leading security advisory firm and MSSP, there will be an estimated 3.5 million unfilled cybersecurity positions globally by 2021. This research is further corroborated by a poll of 1,500 cybersecurity and IT professionals conducted by (ISC)2, which finds that approximately 63% of participating organizations are suffering a shortage of IT staff dedicated to cybersecurity.
Furthermore, nearly 60% of respondents said their companies are at moderate or extreme risk of cybersecurity attacks as a result of the shortage.
A general breakdown of where the cybersecurity talent is needed can be seen below:
Why the Shortage?
The need for cybersecurity experts is rapidly growing, especially considering that cybercrime damages are expected to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Despite this dire need, the industry has proven unable to sustainably produce the talent required to meet existing demand.
Part of the issue is a genuine pipeline problem – many schools lack trained teachers or course materials in cybersecurity, making it difficult for interested students to pick up critical skills used by professionals today. For years, cybersecurity was not a common area of study and there weren’t many programs focused on it – a 2016 survey from Raytheon found that 62% of students from 12 countries said that a career in cybersecurity had never been mentioned to them by their career advisor or teacher.
Although cybersecurity automation tools have become mainstream, the digital transformation age and a surge in cybercrime spurred by the rapidly expanding attack surface has caused an increasing supply shortage of cybersecurity professionals that the industry must address.
Further complicating things, smaller enterprises are finding themselves more frequently targeted, sometimes as a path to their larger partners and customers.
From automation to artificial intelligence (AI) and machine learning (ML), new technologies are generating new methods for mitigating this growing talent gap. Yet, to date, no machine-driven algorithm or automation engine can replace the decision-making processes employed by a human cybersecurity expert, who is able to assess the complexities of a situation holistically and account for business requirements, environmental factors, risks and other implications.
“I always say that cybersecurity professionals are like physicians, in that they have to spend ample time studying the latest research and threat intelligence”, according to Jon Oltsik, senior principal analyst at IT research firm Enterprise Strategy Group.
Shrinking the Shortage
From what I’ve seen in the market, various startups are tackling the cybersecurity talent shortage in three different ways:
Expand the talent pool
Make better use of the existing talent pool
Reduce the need for more people
Expand the Talent Pool
While schools are struggling to train the volume of students needed to make a dent in the talent shortage, startups have emerged with online solutions to bridge the gap. Immersive Labs, a cybersecurity skills platform founded by former GCHQ researcher James Hadley, helps enterprise IT and other individuals learn the latest security skills by combining up to date threat data with “gamified” learning.
This approach has a few advantages over a traditional education when it comes to cybersecurity.
First, classroom-based learning cannot keep up with the pace of cybersecurity – with new threats emerging almost daily, content can become out of date quickly.
Second, it’s difficult to master cybersecurity concepts without self-exploration and hands-on training. Solutions like Immersive Labs can help expand the talent pool by allowing IT and other personnel to quickly learn and test their cybersecurity skills.
Make Better Use of the Existing Pool
A stealth-mode cybersecurity startup is launching a technology platform to provide organizations with access to both highly talented and vetted cybersecurity experts and easily digestible insights on the industry’s best security practices. Using the company’s 80/20 approach (80 percent existing knowledge and 20 percent customization), customers can reduce time to value and ensure coherence across multiple interactions.
Somewhat akin to Uber, this startup is leveraging an under-utilized resource, namely cybersecurity experts, and creating a gig economy around them. Furthermore, the platform incorporates project management, secure collaboration and automation capabilities, thus providing a continuous management and a single pane of glass for any cybersecurity project.
Do More with Less
If organizations can’t hire more FTEs (full-time equivalents), they can supercharge the cybersecurity professionals they do have by making use of automation tools. Over the past few years, a whole market has emerged around this need, termed SOAR (security orchestration, automation, and response) by Gartner.
The companies in this space, including Cyberbit, leverage tools to reduce mean time to respond, automate manual tasks and reduce escalations, and investigate large volumes of data more efficiently.
While the cybersecurity talent shortage is massive, I expect that the aforementioned solutions will certainly alleviate the strains on the industry over the next few years.
At Plug and Play's Cybersecurity accelerator we are in touch with corporations and startups that are changing the world as we know it. Join our platform today.