This post was originally published on this site.
The shortfall between the number of working security professionals and the number of security job openings has reached 4.8 million – a new high, according to cyber security non-profit ISC2.
That’s a 19 percent year-on-year increase in positions that ought to be filled. What’s the theoretical infosec workforce if all staffing needs were fulfilled at once? According to ISC2, it can be rounded up to 10.3 million workers. Yet security hiring has remained flat, with a global security workforce estimated to be 5.5 million, representing a year-on-year increase of only 0.1 percent.
“After two years of declining investment in hiring and professional development opportunities, organizations are now facing significant skills and staffing shortages – an issue that professionals warn is heightening overall risk,” said Andy Woolnough, ISC2 EVP of corporate affairs, in a statement.
What’s different, according to the security organization, is that for the first time, those participating in the 2024 ISC2 Cybersecurity Workforce Study – 15,852 cyber security practitioners from around the globe – cited “lack of budget” rather than “lack of qualified talent” as the top cause of the staffing shortage.
ISC2 provided The Register with a preview of its study, which is scheduled to be released next month.
Survey respondents cited budget cuts (37 percent – up seven points from 2023), layoffs (25 percent – up three points from 2023), hiring freezes (38 percent – up six), and fewer promotions (32 percent – up six percentage points from last year).
ISC2’s study also noted there’s a mismatch between the cyber security skills being sought and those practitioners believe are in demand.
According to ISC2, security professionals want to develop the following skills: communications (31 percent); cloud computing (30 percent); AI (23 percent); and government and regulatory compliance (19 percent). But hiring managers want other skills more.
“Overall, the data revealed that 90 percent of organizations have skills gaps within their security teams,” the report states. “In particular, and despite it not being a high priority for hiring managers, over one-third of respondents still cited AI as the biggest skills shortfall in the teams. This was followed by cloud computing (30 percent), zero trust (27 percent), incident response (25 percent), application security and penetration testing (both 24 percent).”
Woolnough argues these findings show that investments in security education and training new cybersecurity professionals are more critical than ever.
Tech hiring has been more or less flat in other sectors. Citing data from the US Bureau of Labor Statistics, tech interest group CompTIA last week observed, “Companies in the tech services and custom software development sector continue to be a pocket of growth, adding 3,400 new workers for the month. This was offset by the tech manufacturing sector shedding 2,500 workers.”
The CompTIA Tech Jobs Report for September also noted modest gains for the following sectors: Telecommunications (+700); Cloud Infrastructure/Data Processing/Hosting (+500); and Other Info Services/Search/Platforms (+600).
Overall, tech occupation employment declined by 28,000 positions in August, said CompTIA. But job postings for tech positions grew by 211,000 in August. The leading sectors for tech job postings include Software Developers and Engineers (+3,320) and Data Scientists (+2,036).
Seth Robinson, VP of industry research at CompTIA, told The Register that despite a growing number of tech job postings and interest in hiring cyber security talent, companies are currently cautious about spending.
“Companies are starting to take a closer look at their technology investments, adding a degree of caution to both new expenditures and new hiring,” said Robinson. “Hiring is definitely still on the table for most organizations, with 211,000 new tech job postings in August and 53 percent of companies in CompTIA’s recent cyber security research considering new hiring to close cyber security skill gaps.
“However, budgets are getting more scrutiny, with 36 percent of individuals citing difficulty in procuring cyber security budget. And for skill gaps, training is another option many companies are exploring, with 56 percent of firms planning to pursue training offerings for their current workforce.” ®