The cybersecurity jobs market is white hot and is showing no signs of letting up. How hot is the cybersecurity jobs market? Most recently, enterprise technology publication Computerworld, in its 2016 IT Salary Survey, reported that Information Security Manager and Information Security Specialist are both among the top five in-demand jobs in IT.
Frost and Sullivan recently conducted the 2015 (ISC)2 Global Information Security Workforce Study which came to the unsettling conclusion: Within five years there will be a 1.5 million short fall in the cybersecurity workforce. If you are working in cybersecurity today and think you are busy and short-staffed: Buckle up because chances are the ride is going to get a lot rougher in the years ahead.
In my discussions with CSOs and CISOs in the past few years, down to a person, they cited the difficulty they had finding the security skills they needed. Another challenge is, increasingly, cybersecurity professionals require both the right technical and communication aptitude. Many in the field today have technical skills, but lack the ability to speak to all levels of business management in an effective way.
“I think that skillsets that are a combination of a broad technical foundation with some depth combined with strong business leadership and communications skills will be a must for CISOs to succeed. You can often find one or the other today. Finding both skillsets in a single person is the challenge,” Jay Leek, CISO at The Blackstone Group, told me for my story Five CISO skills critical to your success in the next five years.
That’s why it was no surprise to me to read in Burning Glass Technologies’ Cybersecurity Jobs, 2015 research that cybersecurity openings are expanding at a rate three times those of other IT positions, that cybersecurity workers earn 9% more than other IT employees, and that enterprises on average take much more time trying to fill cybersecurity positions.
According to Burning Glass there were nearly 50,000 postings for workers with a CISSP certification in 2014 – that figure represents 75% of all CISSP certification holders. Security professionals are not currently in want for work.
Some of the other trends Burning Glass Technologies’ found:
Cybersecurity jobs are in demand and growing across the economy
- The Professional Services, Finance, and Manufacturing/Defense sectors have the highest demand for cybersecurity jobs.
- The fastest increases in demand for cybersecurity workers are in industries managing increasing volumes of consumer data such as Finance (+137% over the last five years), Health Care (+121%), and Retail Trade (+89%).
Positions calling for financial skills or a security clearance are even harder to fill than other cybersecurity jobs
- The hardest-to-fill cybersecurity jobs call for financial skills, such as Accounting or knowledge of regulations associated with the Sarbanes-Oxley Act, alongside traditional networking and IT security skills. Because finance and IT skills are rarely trained for together, there is a skills gap for workers who meet the requirements of the “hybrid jobs.”
- More than 10% of cybersecurity job postings advertise a security clearance requirement. These jobs, on average, take 10% longer to fill than cybersecurity jobs without a security clearance.
Cybersecurity positions are more likely to require certifications than other IT jobs
- One third (35%) of cybersecurity jobs call for an industry certification, compared to 23% of IT jobs overall.
Cybersecurity employers demand a highly educated, highly experienced workforce
- Some 84% of cybersecurity postings specify at least a bachelor’s degree, and 83% require at least three years of experience. Because of the high education and experience requirements for these roles, skills gaps cannot easily be resolved though short-term solutions. Employers and training providers must work together to cultivate a talent pipeline for these critical roles.
Geographically, cybersecurity jobs are concentrated in government and defense hubs, but are growing most quickly in secondary markets
- On a per capita basis, the leading states are Washington D.C., Virginia, Maryland, and Colorado; all have high concentrations of jobs in the federal government and related contractors.
As we wrote in Five keys to hire and cultivate the right cybersecurity talent the lack of cybersecurity talent relative to enterprise demand is strangling many enterprises’ ability to secure their organizations. Have a look at that blog for some short and long term ways enterprises can better get the security talent they need.