The Internet Wants You: Consider a Career in Cybersecurity

In observance of National Cybersecurity Awareness Month, Bitdefender offers a series of articles on hot topics such as best practices in online safety and protecting your company’s assets and integrity. We also suggest prerequisites to consider before seeking a career in cybersecurity. We encourage you to bookmark this blog or connect with Bitdefender on LinkedIn or Twitter to receive follow-on articles (filled with security tips) as they are published.

In a global landscape where cyberattacks grab headlines and 250,000 new malicious programs wreak havoc every day, the need for qualified information security personnel is higher than ever.

According to recent research, there is a shortage of security professionals for the years to come, and the amount of skilled cybersecurity workforce is insufficient to fight even today’s threats. Companies will face a shortage of 1.8 million qualified information security personnel by 2022. The study, which includes feedback from more than 19,000 information security professionals worldwide, indicates employers must look to millennials to fill the information security workforce gap which represents a 20 percent increase from the 1.5 million worker shortfall forecast by the 2015 study.

The Global Information Security Workforce Study finds that 68% of workers in North America think the workforce gap is due to a lack of qualified personnel. Two-thirds of information security professionals reported having too few workers to address current threats. “We're going to have to figure out how we communicate with each other, and the industry will have to learn what to do to attract, enable and retain the cybersecurity talent needed to combat today's risks," according to David Shearer, CEO at (ISC)2, an international non-profit membership association that provides security certifications.

To help combat the growing gap, one third of hiring managers globally are planning to increase the size of their departments by 15% or more. The report recommends that employers look for new recruitment channels and unconventional strategies and techniques to fill the gap. While survey respondents think the top reason for the shortage is difficulty in finding qualified personnel, they also state job requirements are not understood by leadership.

The study shows that 70% of employers globally are looking to increase the size of their cybersecurity staff this year. Currently 90% of the workforce is male, with the majority of security professionals having technical backgrounds. The report highlights the issue that recruitment channels and tactics need to change.

Most cybersecurity specialists globally (87%) did not start out in cybersecurity, yet 94% of hiring managers indicate that existing experience in the field is an important consideration. One third of executives and C-suite professionals began in non-technical careers, the study notes.

Cybersecurity Ventures, a research firm covering the global cyber economy, predicts there will be 3.5 million cybersecurity job openings worldwide by 2021. All of this points to a key conclusion: the number of people with cybersecurity skills available in the market today is not nearly enough to meet demand. And this comes at a time when organizations are facing growing threats.

The average CIO earned $277,700 in 2016, according to the State of the CIO Survey. IT executives at enterprises with 1,000 or more employees earned $401,500, on average, compared to $189,420 at companies with fewer than 1,000 employees. Regardless of company size, strategic CIOs are likely to earn significantly more – an average of $167,000 more – than functional CIOs and an average of $127,000 more than transformational CIOs. Strategic CIOs are also significantly more likely to report to the CEO, according to the study’s authors.

As Business Insights previously noted, a third of Fortune 100 boards include a director who is a CIO, while the number of CIOs serving on Fortune 100 boards has increased 74% in the past two years – mainly because they can address threats and risks associated with information security. Gartner also confirms the increased importance of this position, as 71% of managers say IT risk management data influences decisions at the board level.