There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.

Shelley Westman, Principal, Cybersecurity, at EY

May 25, 2018

4 Min Read

Three and a half million. That's how many unfilled cybersecurity jobs there are expected to be by 2021 —  more than the entire population of Iowa — according to Cybersecurity Ventures. It's also up from 1 million in 2016, a 250% increase in five years, at a time when cybersecurity is becoming even more vital to protecting our way of life.

The industry has been talking about this talent gap for some time, but the speed at which the problem is growing is startling. And unless we do something to address the issue, things will keep getting worse, putting not only the future of the cybersecurity industry at risk but jeopardizing the safety of millions of individuals, businesses, and institutions worldwide.

To cure the problem, we must first understand the root cause. Visibility isn't the issue — from data protection at Facebook to growing concerns about a new cyber Cold War with Russia, the cybersecurity field has never had a higher profile. And salary can't be the issue, either — after all, this is an industry where the average annual paycheck is $116,000, roughly three times the national median income for full-time workers and around double what a high school teacher might expect to take home each year.

So, now is the time for us to think outside the box and inspire a new, unprecedented generation of cybersecurity professionals to step forward. And while there is no one sure way of doing so, the good news is that there are plenty of options.

A great place to start is with educating teachers and career guidance counselors about careers in cybersecurity. After all, for many of them, the field simply didn't exist when they were in school. And if they don't know what the job entails, how can they inspire young people to consider it? Government initiatives like the Department of Homeland Security's free cybersecurity lesson plans for teachers can make a big difference, especially if replicated and scaled up with the help of private sector partners.

There's also some work to do on our industry's image problem. Far from its reputation as a geeky, siloed, and solely quantitative field, cybersecurity is an interesting, diverse, and — dare I say — sexy career. Highlighting the excitement that comes with a cybersecurity career can help attract people to the industry and reinvent the archetypal image of someone who is a "fit" for it. Cybersecurity requires creativity and collaboration skills as much as coding capabilities. Highlighting the wide range of skills needed could spark a new wave of college graduates from multiple degree disciplines to get into the field. And not just graduates but people currently working in different fields — including sales, client services, and marketing — all of whom possess valuable, transferable skills.

But if a major part of the solution to the talent gap lies with looking beyond traditional recruitment demographics, there is one group deserving particular attention: women. Right now, women represent more than 50% of college graduates in the US but only 10% of cybersecurity professionals. I have lost count of the number of industry conferences and events I've attended as an almost-lone female face.

As an industry, we could undoubtedly be doing a lot more to encourage women to join us. From challenging unconscious bias in recruitment to sponsoring cybersecurity-related events for girls in middle school, we need a system that educates and encourages women to consider careers in cybersecurity from an early age and supports them in pursuing it during adulthood.

Of course, I recognize my own role in this, too. Like my female peers across the industry, it's my duty to be a vocal and active role model in inspiring young women and their parents about the opportunities and benefits of the job I love. I'd like to see more companies follow the example of the place where I work, EY, which sponsors the US Entrepreneur of the Year Awards. Like 2017's technology category winner, Phyllis Newhouse, CEO of cybersecurity firm Xtreme Solutions, programs like this one can help unlock the talent we need to steer our industry — and others —into the future.

Closing the talent gap is, after all, about the future. As this transformative age continues to digitize the world and move life more online, we need an increasingly eclectic mix of the brightest and best minds, like Newhouse, to stay one step ahead of hackers and cybercriminals who are getting smarter, more determined, and more diverse all the time. 

The current — and growing — talent gap in cybersecurity puts all of us, along with our information, at risk. Unless we act now to close it, the gap itself may well be the least of our worries.

Related Content:

About the Author(s)

Shelley Westman

Principal, Cybersecurity, at EY

Shelley Westman is currently a Principal/Partner at EY in its Cybersecurity practice, where she has been since joining EY in September 2017. Prior to EY, Shelley served as Senior Vice President, Alliances & Field Operations at Protegrity, where she stayed for about a year. Most notably, Shelley spent 18 years with IBM, ending her time with them as Vice President, Operations & Strategic Initiatives, IBM Security. As part of this role, Shelley led the University Programs for IBM Security and was involved in several IBM boards and committees on hiring and skills. She was the founder of "WISE" — Women in Security Excelling, an IBM group devoted to advancing women in security. Prior to joining IBM, she practiced law in Raleigh for five years, concentrating her practice in the area of civil litigation.

In 2016, Shelley was appointed to a three-year term on the Board on Higher Education & Workforce for the National Academies of Sciences, Engineering & Medicine. She is a 2016 Honoree of "40 over 40" and received a 2016 Executive Women's Forum Women of Influence Award in the category of Security Corporate Practitioner.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights