In a time when innovation and cybersecurity go hand in hand, the expansion of artificial intelligence (AI) development poses a persistent challenge: the escalating battle against cyberthreats. Despite cybersecurity professionals standing at the forefront, the industry grapples with a significant disparity between demand and available talent. There are about 3.5 million vacant cybersecurity positions globally. Over 750,000 are in the U.S. Bridging this gap has never been more critical.
Source: Cybersecurity Ventures
This shortage is part of a broader issue in the tech industry. As Deloitte Insights found in their survey, the biggest issue tech companies face is hiring the right talent, with almost 90% of respondents calling it at least a “moderate challenge.” IT professionals with skills in cybersecurity, cloud services, data analytics, and machine learning continue to be in high demand, highlighting the selective impact of last year’s layoffs based on the evolving needs of the tech sector.
To paraphrase one of the leaders surveyed in the Deloitte study, there is a lack of “system and security architects. People who can sit down and think about how everything fits together.” In fact, for this leader, they are so rare that they call them unicorns.
It would seem we are gravitating toward talent with a more robust skillset. So, how can we bridge this gap while still focusing on industry growth?
The Scale of the Problem
In the past five years, the cybersecurity talent gap has remained alarmingly stable, with an estimated 3.5 million positions unfilled globally — a figure that has not wavered since 2021. This stubborn persistence of unfilled roles underscores the severity and complexity of the cybersecurity challenge facing industries worldwide.
The cybersecurity talent shortage can be attributed to a combination of factors that have been evolving over the years. The biggest factors are:
- Rapid Industry Growth Versus Educational Output: The cybersecurity industry has experienced a meteoric rise in demand, growing 350% in job vacancies from 2013 to 2021. This growth outpaces the current educational and training output, leading to a significant talent gap that is expected to persist until 2025.
- Pandemic-Induced Shifts: The COVID-19 pandemic accelerated digital transformation and increased reliance on technology, further widening the demand for cybersecurity professionals. Simultaneously, the pandemic’s economic repercussions and the shift to remote work have influenced recruitment, retention, and the way cybersecurity work is conducted.
- Lack of Entry-Level Opportunities and High Certification Expectations: Entry-level positions in cybersecurity are scarce, with companies often requiring certifications or experience levels that new entrants find challenging to meet. For example, certifications like Certified Information Systems Security Professional (CISSP) is a five-year driven cert, yet still listed as a requirement for entry-level roles.
4. Technological Advancements and the Evolving Threat Landscape: A constantly evolving landscape requires professionals to acquire a highly specialized skill set. Specialized knowledge places additional pressure on the talent pool, having to reskill every 6 to 12 months to keep up with evolving threats.
5. Retention Challenges and Workplace Stress: The intense and often stressful nature of cybersecurity work, combined with the industry’s competitive environment, contributes to high turnover rates. Organizations face challenges in retaining talent due to burnout, workplace stress, and the allure of more lucrative or less demanding roles in other tech sectors.
6. Diversity and Inclusion Efforts: While there are efforts to promote diversity within the cybersecurity workforce, there remains a significant gap in attracting women, minorities, and neurodiverse individuals into the field.
The cybersecurity talent gap persists not only because of the sheer number of roles to fill but also because of the need for deeper integration of cybersecurity within organizations. This situation calls for a shift in perception toward seeing cybersecurity as a priority at every level of a company’s structure rather than merely focusing on training and hiring professionals.
We conduct annual company-wide cybersecurity training that all professionals must complete. This ensures that the entire company possesses a baseline understanding of cybersecurity, including knowledge of current threats and responsible practices for protecting company assets. As digital threats evolve rapidly, cultivating a knowledgeable workforce is crucial, from the boardroom down to the breakroom.
Nearshoring in Bridging the Cybersecurity Talent Shortage
Nearshoring emerges as a compelling alternative to address the cybersecurity talent shortage. It leverages proximity, cultural affinity, and time zone alignment. This mitigates the challenges of finding skilled cybersecurity professionals locally. At the same time, it enhances collaboration and communication in real time, critical factors in the cybersecurity domain.
A key advantage of nearshoring is providing access to cybersecurity specialists who can address global threats and develop defense mechanisms. Our collaborations with clients across different projects highlight the effectiveness of nearshoring in enhancing cybersecurity measures.
For example, we provided Forcepoint with senior professionals through a staff augmentation engagement. Our engineers employed both manual and automated QA testing strategies to identify vulnerabilities in cybersecurity software. This approach achieved comprehensive test coverage and ensured compliance with the highest industry standards.
Similarly, our software development outsourcing service model proved instrumental for Rolls-Royce. Our software development team worked on granting secure remote access to real-time data monitoring for their power plants. This involved implementing advanced cybersecurity controls to ensure system security.
Our engagement with Azlo through staff augmentation services highlighted the role of nearshoring in bolstering cybersecurity for compliance in digital banking. Over the course of 18 months, our collaboration contributed to a significant increase in customer count, demonstrating the impact of nearshoring on enhancing security measures and supporting business growth.
Nearshore outsourcing is ideal for time-sensitive and specialized talent needs. On the other hand, you want to know what’s happening in the sector’s talent landscape. What makes cybersecurity professionals stand out? Is it academic credentials, their proximity to the industry, or competitive environments?
Academic Programs and Their Limitations
Academic programs are the starting point for most learners. However, they sometimes emphasize theoretical knowledge over practical skills, leaving a gap between what students learn and what the industry requires. Recognizing this, there’s a shift toward making academic programs more dynamic and closely aligned with industry demands. This evolution has seen curricula incorporating more frequent updates, real-world case studies, and hands-on training to bridge the knowledge-practice gap.
Partnerships between academia and the cybersecurity industry have emerged as a key strategy in addressing this challenge, facilitating a smoother transition for students into the workforce. Initiatives like internships, co-op programs, and industry-led workshops enhance students’ practical experience and understanding of current trends.
Moreover, the rise of short remote courses, such as Stanford’s Advanced Cybersecurity Program, and learning platforms, like edX, offer tailored education paths. These options enable learners to acquire specific skills for targeted roles in cybersecurity. This approach diversifies the talent pool and ensures that emerging professionals are equipped to tackle modern cyberthreats.
The Value of Industry-Led Education
Beyond the borders of academia, industry-led programs, and training initiatives are designed to create a more direct pathway from learning to employment. BrainStation, for instance, collaborates with industry experts to ensure its cybersecurity courses remain relevant and up to date. Learners engage with real-life case studies and receive hands-on training from professionals working at companies like Google Cloud and IBM. This approach equips students with the latest skills and offers insights into industry challenges.
Various companies and organizations provide scholarship funds and free training to support cybersecurity education. Notably, Cisco, Raytheon, Google, and Microsoft offer scholarships, with Cisco providing $10 million for cybersecurity career paths. This financial support helps students access education and training opportunities that might otherwise be out of reach. Programs like the Information Assurance Scholarship Program (IASP) by the U.S. Navy further extend educational support to develop infrastructure for information assurance education.
In Jamaica, the HEART/NSTA Trust launched a Cisco Certified Cybersecurity Training Programme, aiming to train 500 individuals in collaboration with the Global Services Sector (GSS) Project. The goal is to democratize cybersecurity skills and attract talents from other regions.
Cybersecurity Competitions: School of Hard Knocks
The significance of practical experience in cybersecurity education is paramount, directly addressing the limitations of traditional classroom learning. Methods like cybersecurity competitions offer a dynamic platform for learners to engage in cybersecurity tasks, from ethical hacking to network defense, within a controlled yet competitive environment. This enhances their ability to apply theoretical concepts and cultivates critical thinking and problem-solving skills.
There are several popular competitions offering a unique focus. For example, Google Capture The Flag features challenges around web security, reverse engineering, and cryptography. In contrast, Pwn2Own focuses on software and operating system vulnerabilities. At a more specialized level, the President’s Cup Cybersecurity Competition was established in response to an executive order, aimed to reward the best cybersecurity talent within the federal workforce.
The Impact of AI on Cybersecurity in the Near Term
As AI-powered tools are increasingly integrated into business operations, prioritizing cybersecurity has never been more relevant. The adoption of AI opens new frontiers for efficiency and innovation, but it also introduces unique vulnerabilities that can only be mitigated through a robust cybersecurity framework. The cybersecurity talent gap is posed to become an even bigger pressure across industries.
The UK’s National Cyber Security Centre recently revealed alarming predictions surrounding AI’s use in malicious activity. They found that “AI lowers the barriers for novice cybercriminals, hackers-for-hire and hacktivists to carry out effective access and information gathering operations.” This will likely contribute to ransomware threats over the next couple of years. Their report also suggested that “all types of cyber threat actors — state and non-state, skilled and less-skilled — are already using AI, to varying degrees.”
Strategically, companies must view cybersecurity as a core component of their value proposition to customers, stakeholders, and partners. This involves developing cybersecurity strategies that are proactive, predictive, and adaptive to the evolving threat landscape that AI technologies might be exposed to. This stresses the importance of looking at talent cybersecurity strategies from a talent and technology perspective.
In Conclusion: Securing Trust and a Competitive Edge
In essence, integrating cybersecurity into the fabric of business strategies is essential for building trust, ensuring compliance, and securing a competitive edge in the digital economy. While specialized talent is challenging to find and retain, it should remain a top priority for companies, given the evolving threat landscape.
Companies can address this challenge by assisting in cybersecurity competitions, reaching out to schools for partnerships, or opting to engage with nearshoring partners. By doing so, they not only protect themselves from potential threats but also position themselves as forward-thinking, reliable, and secure partners in the eyes of their customers and the broader market.
If you’re a cybersecurity specialist looking to collaborate with top-tier clients across 100+ industries, take a look at our job openings. We’re constantly on the lookout for the top talent who will transform opportunities into results.
