Cybersecurity Workforce Shortage Continues

For years, we’ve known about the impending shortage of the information security workforce, as evidenced by our study year over year,” said David Shearer, CEO, (ISC)². “For the first time, we’re taking a deep dive into the millennial respondents, and we’re finding that they want different things in terms of job satisfaction and career paths. They truly are the future of cybersecurity, and I believe they hold the key to filling the well-publicized information security workforce gap.”     

This year the survey was fielded in late April 2020 through mid-June. The findings are unique in that they capture the mood and environment of the cybersecurity workforce in the midst of the COVID-19 pandemic. Our study reveals the significant impact COVID-19 has had on cybersecurity professionals and the challenges many of them had to overcome. Beyond how cybersecurity professionals have fared during COVID-19, this year’s study also provides an update to two very critical components of defining the industry’s skills shortage—the Cybersecurity Workforce Gap and Cybersecurity Workforce Estimate. Each metric has a critical role to play in informing best practices and policies to encourage growth of the workforce and define success metrics. This is the second consecutive year we have produced a Cybersecurity Workforce Estimate, and our data suggests that the global cybersecurity workforce needs to grow 89% to effectively defend organizations’ critical assets. This report also examines the makeup of the workforce, with an eye to the challenges they face, skills they need to develop, job satisfaction, salary benchmarks, team composition, views on the value of certifications for staff and leadership, hiring trends and future organizational needs.

The COVID-19 pandemic has forced rapid changes in the world of cybersecurity, as it has in all facets of operations. While remote work is not new for some job roles, especially in technical fields, the workplace-wide shift to remote work has been sudden and wide[1]ranging, leaving security professionals with little time to respond. Similarly, while cloud services have been making inroads for well over a decade, the cloud has quickly moved from luxury cost saver to absolutely critical in today’s economic environment.

Worldwide, 30% of respondents reported that their organizations made the move to a remote workforce in a single day, while 47% were given several days to a week. Just 16% said that they had more than a week to make this shift. The physical logistics of moving to online work are accompanied by the parallel need to secure the newly remote workforce. Cybersecurity professionals reported facing largely similar timelines as they did for the move to remote: 22% had less than one day to ensure that remote systems were secured, while again 47% were allowed several days to a week, and only 16% had more than a week.

Growing signs of a more diverse cybersecurity workforce

One optimistic finding from the (ISC)2 report on the cybersecurity workforce shortage is that the overall workforce is becoming younger and more diverse, possibly a result of organizations widening their search to fill cybersecurity roles. According to the 2019 survey results, 30% of those surveyed are women. And more than one-third (37%) are below the age of 35. A small but growing percentage (5%) is now comprised of cybersecurity professionals under the age of 25. If this trend continues, it means that organizations will be well prepared for the eventual retirement of older IT workers with more formal backgrounds in cybersecurity.