Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap

November 6, 2019

A new study from ISC² estimates the current cybersecurity workforce at 2.8 million professionals and estimates that 4.07 professionals will be needed to close the skills gap (4.07 million professionals).

The 2019 (ISC)² Cybersecurity Workforce Study indicates a necessary cybersecurity workforce increase of 145%. In the U.S. market, the current cybersecurity workforce estimate is 804,700 and the shortage of skilled professionals is 498,480, requiring an increase of just 62% to better defend U.S. organizations.

“We’ve been evolving our research approach for 15 years to get to this point today, where we can confidently estimate the current workforce and better understand what it will take as an industry to add enough professionals to protect our critical assets,” said Wesley Simpson, chief operating officer, (ISC)². “Perhaps more importantly, the study provides actionable insights and strategies for building and growing strong cybersecurity teams. Knowing where we stand and the delta that needs to be filled is a powerful step along the pathway to overcoming our industry’s staffing challenges.”

Along with providing the estimates, the study takes a closer look at who cybersecurity professionals are and what motivates them, reveals how organizational security teams are staffed, and outlines data-driven insights into immediate and longer-term methods for building qualified and resilient cybersecurity teams now and in the future.

Among the key findings from the study:

65% of organizations report a shortage of cybersecurity staff; a lack of skilled/experienced cybersecurity personnel is the top job concern among respondents (36%)
Two-thirds (66%) of respondents report that they are either somewhat satisfied (37%) or very satisfied (29%) in their jobs; and 65% intend to work in cybersecurity for their entire careers
30% of survey respondents are women; 23% of whom have security-specific job titles
37% are below the age of 35, and 5% are categorized as Generation Z, under 25 years old
62% of large organizations with more than 500 employees have a CISO; that number drops to 50% among smaller organizations
48% of organizations represented say their security training budgets will increase within the next year
The average North American salary for cybersecurity professionals is $90,000; those holding security certifications have an average salary of $93,000 while those without earn $76,500 on average
59% of cybersecurity professionals are currently pursuing a new security certification or plan to do so within the next year
Just 42% of respondents indicate that they started their careers in cybersecurity; meaning 58% moved into the field from other disciplines
Top recruiting sources outside of the core cybersecurity talent pool include new university graduates (28%), consultants/contractors (27%), other departments within an organization (26%), security/hardware vendors (25%) and career changers (24%)

Strategies for Building Up Cybersecurity Teams

In the face of the growing need to build the workforce and recruit new talent, there are four main strategies outlined in the report. These include (1) highlighting training and professional development opportunities that contribute to career advancement, (2) properly level setting on applicant qualifications to make sure the net is cast as wide as possible for undiscovered talent, (3) attracting new workers such as recent college graduates who have tangential degrees to cybersecurity, or seasoned pros such as consultants and contractors into full-time roles, and (4) strengthening from within by further developing and cross-training existing IT professionals with transferrable skills.

The study shows that cybersecurity and IT professionals are largely satisfied in their careers and optimistic about their futures. But the size of the current workforce still leaves a significant gap between the number of cybersecurity professionals working in the field and the number needed to keep organizations safe.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap

Related Articles

Related Events

Report Abusive Comment