This blog is part of a 10-part series that dives into the RSAC 2023 Submissions Trends pulled from our record number of Call for Speakers submissions in 2023. In this blog, we focus on talent gap and shortage.
Ask anyone who has tried to hire an engineer, data scientist, or product manager in cybersecurity in the last few years, and they will tell you it’s a nearly impossible task. According to the recent (ISC)2 Cybersecurity Workforce Study, there is a global shortage of 3.4 million workers in the field. The top cited reason for the workforce shortage is a lack of qualifications. Then, there is basic economics – when there is a shortage of something, the price goes up. And today, the median salary for a cybersecurity professional is $135,000 a year, according to (ISC)2.
A popular theme at RSAC 2023 was the future of the cybersecurity workforce and what can be done to close the skills gap and build a pipeline of talent. In The Future of Cyber Workforce: An Ecosystem View and Global Perspectives, an esteemed panel came together to discuss opportunities for growing the global cybersecurity workforce. One idea the panelists all agreed on was the importance of building an ecosystem approach between industry, government and community colleges and universities.
Ann Cleveland, Executive Director of the UC Berkeley Center for Long-Term Cybersecurity (CLTC), shared how UC Berkeley and other universities, such as MIT and the University of Alabama, have pioneered cybersecurity clinics where students work pro-bono with a real organization. Cleveland noted these initiatives have attracted a talent pool of students that are in disciplines outside of what would be expected.
In the U.S., Seeyew Mo, Assistant National Cyber Director for Cyber Workforce, Training and Education at the Office of National Cyber Director (ONCD), contends long-term investment is critical to address the existing shortage, a point of focus in the current National Cybersecurity Strategy. “Oftentimes, you hear about a workforce problem, and we are focused on trying to fill the current jobs. We try all different strategies, yet here we are. We still need even more people. We have not invested long-term to create a pipeline for us to have an adaptable and dynamic workforce that we need for the future.”
In What Workforce Shortage? Create Your Own Talent Pipeline, Ginger Spitzer, Executive Director of One in Tech, a foundation of theInformation Systems Audit and Control Association (ISACA), outlined some of the approaches they have taken to attract new talent into the field, including funding more than 100 academic and professional scholarships each year and providing internships and apprenticeships.
Encouraging gender diversity is another important approach to attract new talent. Today, representation of women in cybersecurity jobs is quite low, with only one in four positions in the field held by women. ISACA is just one of many organizations paving the way for more women to enter the cybersecurity workforce through initiatives such as the SheLeadsTech Academy which seeks to increase the representation of women in technology through professional networking and development and leadership training.
But sometimes, the right person is waiting at the door and simply needs someone to open it up and give them a chance. A candidate might not have a decade of relevant work experience, but they could have a unique skillset that is just right for the job. According to the ISACA State of Cybersecurity 2022 Report, 73% of respondents cited prior cybersecurity experience remains the number one factor in determining whether a candidate is qualified. However, potential candidates will not be able to ever get that experience unless given the chance. Shushila Nair, VP, Cybersecurity Services at Capgemini notes, “We have to give people opportunities working in the field.”