The cybersecurity industry is in a state of disrepair. Growing human resource problems put the efforts to secure technology at risk, due to insufficient staffing, skills, and diversity.
The need for talent is skyrocketing, but there are not enough qualified workers to meet current or future demands. By 2017 prospective hiring organizations may have upwards of two million unfilled security-related positions. With supply low and demand high, prices rise quickly.
Security roles benefit on average from a US$12,000 pay premium compared with other computer-related jobs. Job growth in the digital security field outpaced IT positions by a factor of two, and at 12 times the rate of the overall job market. As a consequence, hiring companies have become very creative in their attempts to attract talent. Industry headhunting practices are more aggressive and frequent to meet the demand. Companies must not only deal with the challenges of hiring, they must also maneuver carefully to retain the professionals they currently have.
Adding to the problem is a lack of diversity. The industry needs greater inclusion of more diverse people who produce new ideas and practices. Without an expanding range of perspectives, the industry remains encumbered by traditional thinking. It becomes limited by the boundaries imposed by homogeneous experiences, while the threats evolve and blossom in both size and depth of imagination.
Finally, graduates lack consistency and applicability of skills. Cybersecurity is a rapidly changing field, requiring students’ growth and knowledge to keep pace with relevant methods and technologies. The education system faces tremendous challenges to reliably prepare the next generation of cybersecurity professionals to protect the digital world we want to live in.
To correct the problem, the industry needs to attract a broader pool of students, including women and underrepresented minorities, to sufficiently meet demand and provide their varied perspectives to the workforce. Academia must align education practices to deliver greater consistency and timeliness of skills in high demand to suit a rapidly evolving employment landscape. Only then will we achieve a sustainable position to create the future generations of cybersecurity professionals necessary to protect our technologies.
I recently spoke at the ICT Educator Conference and highlighted the workforce challenges, the need for more diversity, and how McAfee is working to improve the academic pipeline. One of the highlights I discussed was McAfee’s $300 million investment in diversity. This investment is a great example of how a corporation can make a difference in the hiring, progression, and retention of a diverse workforce; contribute to building a sustainable flow of talent; and directly support other organizations doing the same. Finally, I discussed how academia is shifting to build a formal degree program for cyber science–related fields. These steps will ease the frustrations of hiring organizations by improving the consistency of skills that applicants bring to the table.
There is much work to be done, but efforts to fix the workforce and its talent will benefit everyone. Teamwork among educators, government, and the business community is the only way we will overcome the human resource challenges impeding cybersecurity.