For years, security leaders have been talking about the cybersecurity skills shortage. In 2014, a RAND Corporation study found that the nationwide shortage of cybersecurity professionals – particularly for positions within the federal government – created risks for national and homeland security. “It's largely a supply-and-demand problem," said Martin Libicki, lead author of the study and senior management scientist at RAND. "As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time," said Libicki.
The demand for cybersecurity professionals began to overtake supply in 2007, largely due to increased reports of large-scale hacking and other advanced persistent threats, said Libicki. Since 2014, the demand has only grown and more organizations (74 percent) continue to be impacted by the skills shortage. To close the gap, (ISC)² estimates that 4.07 million cybersecurity professionals are needed, or an additional 145 percent. Currently, there are only 2.8 million professionals.