The need for cybersecurity professionals has been growing rapidly, even faster than companies can hire—and that demand is expected to continue. The number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million, according to Cybersecurity Ventures. The industry researcher also predicts that in five years, the same number of jobs will still be open.
Companies are desperate for cybersecurity workers—more than 700K positions need to be filledBY Sydney LakeJune 30, 2022, 2:36 PM
In the U.S., there are about 1 million cybersecurity workers, but there were around 715,000 jobs yet to be filled as of November 2021, according to a report by Emsi Burning Glass (now Lightcast), a market research company. If so many bodies are needed to fill seats in cybersecurity roles, then what’s the holdup on companies and universities preparing future professionals to take these jobs?
There’s no one answer to that question, Will Markow, vice president of applied research–talent at Emsi Burning Glass, tells Fortune. Rather, a number of dynamics are making it difficult to build a talent pipeline for cybersecurity jobs. One contributing factor to the talent shortage is that there aren’t enough professionals who have the credentials necessary (whether it’s a master’s degree in cybersecurity or other certificate program) to get hired.
“Cybersecurity jobs see the skill requirements evolve far more rapidly than many other fields,” Markow, who specializes in cybersecurity job market research, explains. “Cybersecurity jobs are, by nature, more likely to fuse together skill sets from disparate domains. If you think about it, every new technology now has a digital component, and every technology with a digital component needs to have a digital security component.”
Why it’s difficult to fill cybersecurity roles
While companies are looking to hire cybersecurity professionals in droves, the industry often requires that workers have certain credentials or certifications on top of education requirements, Markow explains. An example is a CISSP certification, which is required for many top-level cybersecurity roles that are in high demand—and have high-paying salaries, to the tune of about $120,000.
Bottom line: Even if you have an undergrad or graduate degree in cybersecurity, computer science, or an adjacent field, that may not be enough to land certain jobs in the industry.
“Employers have been very slow to reduce either credential requirements or education requirements for cybersecurity jobs, despite the hiring difficulty that they have,” Markow says. “We really haven’t seen any noticeable shift in the share of cybersecurity openings that are available to workers who don’t have either a bachelor’s degree or at least three to five years of prior work experience.”
The talent companies need
Some employers, however, are developing talent pipelines for cybersecurity roles. One employer in particular that hires swaths of cybersecurity professionals is Deloitte; as of May 2021, the company employed more than 22,000 cybersecurity workers around the world under its Deloitte Cyber business line. In fact, Deloitte was named as the top company for hiring cybersecurity talent by Datamation.
Other top cybersecurity employers include PwC, EY, Booz Allen Hamilton, and KPMG. Research from Emsi Burning Glass also shows that in recent months, financial services requested more cybersecurity workers than professional services companies.
In step with global trends, the demand for cybersecurity talent at Deloitte continues to grow, Deborah Golden, Deloitte U.S. cyber and strategic risk leader, tells Fortune.
“The cybersecurity landscape used to be contained within four walls. Obviously where we are today, that’s truly not the case,” she says. “The pandemic pushed change into a bit of hyper-speed, but we were already headed into digital transformation. Because of that, we are becoming overly diverse in terms of the types skills we’re looking for, from everything from deep cyber to domain expertise.”
To help fill these high-demand roles, Deloitte Cyber developed a train-to-hire program that trains candidates in cybersecurity topics to fill jobs they wouldn’t traditionally be qualified for.
Candidates engage in boot camps and other job training to prepare them to take on cybersecurity jobs that otherwise would have needed to be filled by a traditionally trained professional—someone who studied cybersecurity or an adjacent field in undergrad or graduate school. The trainings focus on topics including software engineering, data science, and UI/UX development.
“Don’t be concerned if you don’t have all the certifications or the degrees or the capabilities that you think were historically needed for cyber,” Golden advises. “Given where the market is today, there’s a need to have greater diversity of thought, and, just candidly, more and different types of skill sets and backgrounds coming to solve.”
Breaking into cybersecurity
Undergraduate and graduate degree programs focused on cybersecurity continue to be a popular route for entering the industry. But like Deloitte, other companies are also providing in-house training for current employees who are looking to enter the cybersecurity workforce.
If you’re already in a technical role—but not specifically cybersecurity—Markow suggests finding ways to “bake” cybersecurity into your current role. This could involve learning a new skill set through shorter-term training opportunities or boot camps.
Another way to get your feet wet is to prepare to take one of the entry-level cybersecurity certification tests, such as Security Plus.
“You’ll learn a lot about the field just in preparing for the exam,” he says. “And then if, and when, you obtain the credential, you already have a credential that’s in demand and requested by many employers, which is just going to make it all that much easier for you to find your first job and enter in advance your career in cybersecurity.”