Cybersecurity hiring is facing a skilled labor shortage as companies undergo digital transformation and need more cybersecurity professionals than the current labor market can provide.
Over the past two years, companies’ accelerated digital transformation and the urgency to address cyber crimes and data breaches has outpaced the availability of skilled workers. The Great Resignation and the US government’s issuance of fewer work visas to foreigners since March 2020 has only exacerbated the labor gap.
Insufficient compensation, combined with stress and burnout, has pushed more cybersecurity professionals to leave or switch jobs. In fact, 38% of cybersecurity professionals surveyed partially attribute the cybersecurity talent shortage to relatively low salary offerings that make it difficult to attract, recruit, and retain qualified candidates.
Table of Contents
Cybersecurity Hiring Crunch
The number of unfilled cybersecurity positions has grown tremendously from 1 million in 2013 to 3.5 million in 2021, with Texas and California leading the way with the most cybersecurity openings. According to a LinkedIn report, cybersecurity jobs account for 13% of all IT jobs, and the LinkedIn platform itself currently has more than 59,000 cybersecurity job postings in the US.
The most sought-after cybersecurity professionals include:
- Cybersecurity analyst
- Cybersecurity consultant
- Cybersecurity manager
- Cybersecurity specialist
- Network engineer
- Penetration & vulnerability tester
- Software developer
- Systems administrator
- Systems engineer
Effective Cybersecurity Hiring Tactics
Here are some concrete actions that your company can take or invest in to start attracting more qualified cybersecurity professionals.
Compensate fairly, even generously
Cybersecurity is worth the investment, so a company must compensate its cybersecurity professionals accordingly. The average annual US salary for cybersecurity professionals is $100,000 with Lakes, AK, San Francisco, CA, and Santa Clara, CA, as top paying cities. To attract top talent, conduct research on industry compensation statistics for your region. This will give you an idea of what competitors are offering and whether you can meet or exceed their numbers.
Align with HR on recruiting
Just under one-third of professionals surveyed said that cybersecurity has a fair or poor relationship with human resources (HR). This would explain why nearly one-third of professionals surveyed think that HR is misguided and ill-informed in its search for qualified cybersecurity candidates. HR and cybersecurity teams don’t seem to be an intuitive pairing, but they must work together to establish hiring practices that meet cybersecurity needs as well as business goals.
Re-think your current job postings
A quarter of survey respondents found their employer’s cybersecurity job postings to be unrealistic, demanding too many certifications, years of experience, and other specific technical skills. To broaden your search for talent, carefully craft job postings rather than using outdated templates that you may have used in the past.
The current state of the job market requires re-assessment of must-haves versus nice-to-haves, with several criteria falling to the latter. Be open to a variety of experience levels and qualifications, and make certifications or specific technical skills bonuses rather than requirements. NIST’s NICE Framework is a helpful resource to consult when determining the appropriate skills, tasks, and knowledge needed to perform certain types of cybersecurity work.
If your company’s needs nevertheless require a specialized set of competencies, ensure that the salary is enticing.
Invest in ongoing employee training
Being supported in one’s role is arguably a main factor in determining employee retention. Of 489 cybersecurity professionals surveyed, 21% did not complete the typical 40 hours of training annually because their companies did not pay for it. Hiring a cybersecurity professional is not a one-and-done task. It’s the company’s responsibility to subsidize ongoing professional training and development to enable cybersecurity professionals to do their jobs properly.
Deploy unconventional recruiting tactics
To develop the next generation of cybersecurity professionals, reach out to institutions of higher education near your company’s location to establish a mutually beneficial relationship. Microsoft, for example, launched a national campaign to help place a quarter million of community college graduates into cybersecurity roles by 2025 in an effort to close the talent gap. Setting up a similar placement or internship program creates a sustainable uptake of talent into your company.
Diversify the talent pool
Systemic inequities propagate repetitive hiring patterns that lead to a fairly homogenous and limited talent pool. According to demographic statistics, cybersecurity analysts, for example, are:
- Predominantly male (71%)
- College educated (61% have a Bachelor’s degree)
- 42 years old on average
- Mostly white (73%)
Plugging in any of the other job titles listed in the earlier section generates similar demographics across the board. HR and cybersecurity teams can and should come together on creative recruiting strategies to diversify and expand the talent pool. IBM, for instance, is partnering with historically black colleges and universities (HBCUs) to train students and prepare them for in-demand tech jobs.
Other demographics that remain largely untapped but who are looking for work include women returning to the workforce and the older populace, but major companies are spearheading initiatives to empower these groups that remain largely excluded from recruiters’ attention.
Within the past year, Google, for instance, has announced at least two initiatives to train older, low-income adults as well as formerly incarcerated adults on digital skills. Cloudflare has been offering a returnship program for women re-entering the workforce since 2017.
Read next: Best Cybersecurity Certifications 2022