The war for talent has been well-telegraphed throughout the country, but it’s particularly acute in cybersecurity. And it’s only worsened as competition in the broader labor market has heated up, heightening both companies’ potential vulnerability to hackers and the urgency to boost the workforce.
About one million people work in cybersecurity in the U.S., but there are nearly 600,000 unfilled positions. Of those, 560,000 are in the private sector. In the last 12 months, job openings have increased 29%, more than double the rate of growth between 2018 and 2019.
Workers with the technical skills required to respond to cyber threats were already hard to come by before the Covid-19 pandemic forced employees to work from home. But a confluence of events ratcheted up demand even more for positions such as software developers, vulnerability testers, network engineers and cybersecurity analysts.
With so many employees using their home networks and computers, phishing attempts soared, as did ransomware attacks on businesses, schools, hospitals and other organizations.
The cyber worker shortage is a particular problem with smaller organizations, everything from municipalities and law firms to hospitals and businesses, that can’t offer high enough pay to attract high-skilled workers.
The Department of Homeland Security rolled out a new system for hiring cybersecurity personnel in November that would allow federal cybersecurity workers to make as much as $255,800, equivalent to the salary of Vice President Kamala Harris. The new pay scale system was created to help the DHS compete for talent, according to the DHS.
The cybersecurity industry also isn’t immune to the broader macroeconomic trends that are upending the labor market, including a desire for remote work, flexible hours and higher pay. Trellix, for instance, will adopt a hybrid model in which employees balance remote work and work from offices.
Other efforts to increase the talent pool include implementing cybersecurity courses in high schools, offering workshops to lower-level IT professionals, running training in rural regions and dropping degree requirements in favor of aptitude tests. Automating some security-related tasks could also be a solution to the hiring problem.