Recent data has shown that around 225,200 cybersecurity professionals are needed to close the current talent gap. Only 85% of available cybersecurity positions are filled, accounting for 1.2 million workers currently employed. 

Security leaders weigh in 

Dave Gerry, CEO at Bugcrowd:

“By creating career growth opportunities and rallying behind the mission of helping customers, their customers and the broader digital community defend against cyberattacks, employees feel they have an opportunity to better themselves and the broader community.

“For years, we’ve been led to believe there is a significant gap between the number of open jobs and qualified candidates to fill cybersecurity jobs. While this is partially true, it doesn’t provide a true view into the current state of the market. Employers need to take a more active approach to recruiting from non-traditional backgrounds, which, in turn, significantly expands the candidate pool from just those with formal degrees to individuals, who, with the right training, have incredibly high potential. Additionally, this provides the opportunity for folks from diverse backgrounds, who otherwise wouldn’t be able to receive formal training, to break into the cybersecurity industry providing income, career and wealth-creation opportunities that they otherwise may not have access to. 

“Organizations need to continue to expand their recruiting pool, account for the bias that can currently exist in cyber-recruiting, and provide in-depth training via apprenticeships, internships and on-the-job training, to help create the next generation of cyber-talent.”

Gareth Lindahl-Wise, Chief Information Security Officer at Ontinue:

“Without question, there is a shortage of both skilled and experienced cyber professionals today. Moving forward, we need to bridge the skills gap and enhance the cybersecurity workforce. We must incentivize the hours people put into training, if it is worth it, it is worth rewarding (think small financial benefits, additional time off for study etc.). Encourage and enabling job shadowing and sharing.

“Internships, sabbaticals and job shares are all potential ways of accelerating real world experience. Unfortunately, there have been some fledgling attempts within the United Kingdom with NCSC (or CNPI at the time). Technical qualifications are not necessarily the issue — we are fishing in a pool for fish that haven’t had the time to grow to the size we want.”

Tim Callan, Chief Experience Officer at Sectigo:

“In addition to stagnating salaries and high stress, enterprises should consider the career path options they make available to their own employees. They can provide better environments by embracing modern architectures, implementing new tools like AI, and automating the routine work that takes up too much of IT professionals’ days. Platforms, such as ITSM and CLM, can take away mind-numbing repetitive tasks, reduce stress and give tech-savvy employees more reason to stick with their current careers.”

Dean Webb, Cybersecurity Solutions Engineer, Merlin Cyber:

“The rapid emergence of AI tools for both offensive and defensive cybersecurity over the past year demonstrates just how quickly things can change for the cyber workforce. While AI defensive tools will help to counterbalance most AI-driven attacks, the AI-enhanced generation of phishing and other social engineering attacks goes up directly against often-untrained humans. We will have to find better means of automating defenses on corporate as well as personal emails, texts and chatbots to help us hold the line when it comes to AI-enhanced social engineering.”

Omri Weinberg, Co-Founder and CRO at DoControl:

“The cybersecurity skills gap is representative in many industries and for companies of all sizes. While looking for individuals to train in specific skill areas, it’s also critical for individuals to be trained to see the wider landscape that makes up the security industry. Opening an individual’s eyes to the different paths that a cyber professional can take allows these resources to train in multiple skill areas and cover additional ground to reduce the skill shortage overall.

“The HR process still isn’t quite there yet when it comes to finding talent in the cybersecurity industry. There are plenty of available resources in the market that are not being given an opportunity to either tell their work story or be hired. Some of the hiring issues go back to needing a candidate that has every skill on the job requisition and this can be farther from reality. The gap can be minimized when hiring managers and HR representatives work closely together to understand when a candidate is qualified for a role and is also a fit for the companies’ culture.

“There are plenty of programs available that offer cybersecurity skills. Companies should continue to promote and offer training programs to increase their current talent pool and to better prepare their employees for the ever evolving landscape of cybersecurity.”

Sunil Muralidhar, Vice President at ColorTokens:

“While filling today’s cyber skills gap is extremely important, one area that we must look at is the mental health and stress levels of today’s cyber pros. Working with security professionals across varying roles reveals a common thread of high stress levels among them. For managers of security teams, there are actionable strategies to promote team members’ overall well-being:

• Foster personal connections: Encourage team members to share personal experiences without prying, and lead by example by sharing your own stories.
• Practice empathetic listening: Cultivate the skill of listening without judgment and ask questions to understand colleagues’ perspectives.
• Promote physical activity: Incorporate walks during one-on-one meetings or play games like foosball or ping pong to get the oxygen levels up and foster camaraderie.
• Advocate for time off: Ensure adequate coverage when team members take time off by staggering vacation schedules.
• Respect personal time: Discourage meetings during evenings or weekends that encroach on family or personal time and encourage everyone to block off their calendars for personal activities.
• Cultivate a growth mindset: Support individuals in setting and achieving their professional goals, whether it's pursuing a promotion or transitioning to a different role.
• Stay attentive: Be vigilant for behavioral changes like lack of focus or tardiness and offer supportive check-ins to address any underlying issues promptly.”