The demand for cybersecurity professionals is high despite recent high-profile layoffs in the tech industry. Why aren’t these workers recruited when so many displaced tech workers search for a new jobs?
It may be possible to find the answer by better matching candidates who are less likely to retrain in cybersecurity. The demand for cyber workers is expected to grow by 25% by 2022. Many commentators, like bartenders and school teachers, have emphasized hiring cybersecurity talent with non-traditional backgrounds.
Data released by the National Initiative for Cybersecurity Education, NIST, CompTIA, and Lightcast in late January showed that the number of cybersecurity workers employed in 2022 was stable at 1.1 million. The number of job postings online decreased from 769.736 to 755.743 over the 12 months ending December 2022.
Despite concerns over a slowing economic climate, the demand for cybersecurity professionals remains high. Cybercrime will not stop because of a slowing economy, so employers cannot afford to stop hiring for cybersecurity.
Lightcast data shows that the demand for cybersecurity workers in 2022 has been at its highest since 2012. However, the trend slowed down between November and December. The ratio of cybersecurity workers currently employed to the number of new openings is a key indicator showing the severity and urgency of the shortage.
The ratio of 68 workers to 100 job openings is now higher than the 65 workers per hundred openings in the previous period. According to these figures, the U.S. needs nearly 530,000 additional cybersecurity workers to fill current gaps.
Industry researchers suggest hiring people with non-traditional backgrounds, like bartenders and schoolteachers, is a great way to think outside the box.
The tech barriers make this idea unrealistic
Some cyber professionals argue that this solution is not in line with the realities of the industry. The barriers to entry are still too high. Many organizations use antiquated hiring methods, requiring certifications that are impossible to obtain without experience.
Lenny ZeltserĀ is CISO of cybersecurity asset management firm Axonius and a cybersecurity instructor, researcher, and certifications at SANS Institute. He finds it interesting that no one has mentioned how difficult it can be to advance in a cyber role.
Finding guidance on how to go from cyber specialist to chief information officer (CISO) is difficult. He said that many organizations do not have a standard or structure for how they pay cyber professionals, and employees know that moving to another company is the only way to get promoted.
Zeltser suggested that people are starting conversations in the wrong places. Before the cyber industry can close the skills gap, companies must address the “cybersecurity career gap,” as Zeltser calls it.
He said that learning computer security skills was not the main issue. Motivated people have many options to acquire the skills they need. It’s the expectation of what skills people need that is a problem.
I believe there are many opportunities for people who want to learn security skills. Zeltser told TechNewsWorld that this led him to think there might be more to it.
We may have unrealistic expectations about the person we’re looking for.
You can forget about ideal candidates
He noted that the unicorn job, where companies seek a security expert who can do it all, will likely be the cause. Cybersecurity is a highly specialized field with many subsets. It’s hard to be an expert in everything.
Zeltser said, “We’re not open enough to people who come into the field from non-technical backgrounds.”
He gave an example of his past roles in the industry. Hiring managers who are not very flexible want their new hires to be able to do XYZ. The skills gap results from not seeing these capabilities in a resume.
What is the solution to this problem? Cyber applicants who have some skills can be trained for the rest.
Zeltser remembered looking for a few security specialists who could provide customer service. The company needed entry-level security personnel but couldn’t find any.
The company found that it was very successful in recruiting bartenders with a tech-savvy attitude who could install their own Wi-Fi. He explained that they did it only at home.
We found that teaching them the correct security skills in the office was possible. Zeltser said we didn’t need to train the employees in multitasking, thinking on their feet, or interacting with people. Bartenders have a knack for this.
Need a Positive End-Result
Zeltser discovered numerous ways to be more open. This became a necessity. “Being more open is about changing your mind to accept people with non-technical and non-conventional backgrounds,” Zeltser said.
“I would like us to stop telling people in the industry that if you enter the field of cybersecurity as a professional, the goal is to reach the pinnacle, which is a CISO. He said that there were not enough of them.
According to Zeltser, the industry doesn’t need as many security executive professionals as other types, leading people to fail.
“We tell them to work towards that, and that’s how we define success.” We can discuss other ways to achieve success because not everyone should be an executive or a people manager.