The Future of Cybersecurity Recruiting: Lessons on What Employers Want and What Students Need

The cybersecurity industry is facing a challenge to find qualified candidates. Here’s what recruiters, educators, and employers can do to fill the talent gap.

November 16, 2022

4 Min Read
Dark Reading logo in a gray background | Dark Reading

In today's cybersecurity space, there is a knowledge gap, with numerous cybersecurity positions going unfilled. As demand increases and talent lags, cybersecurity educators, recruiters, and employers alike are looking for more actionable solutions to collaborate and link talent to jobs. While the worker shortage continues to grow amid new demands, here is what organizations and educators alike need to understand to adapt and bridge the gap in the future.

Challenges in the Current Cybersecurity Job Landscape

Currently, there is an industrywide challenge to find qualified employees, as recognized by the Bureau of Labor and Statistics, which states a 37% projected growth rate of cybersecurity positions by 2030. Potential new hires are taking notice, as positions listed on job-posting sites, such as LinkedIn and Monster.com, continue to climb.

At the federal level, the government is treading water, at best, as they meet talent needs. Notably, the United States Army plans to double its active-duty cyber forces in size, to employ 6,000 active-duty military personnel by the end of this decade, drawing from all branches. At the state and local level, many parts of government are struggling to attract enough cybersecurity professionals. Meanwhile, bad actors continue to target organizations such as hospitals, government offices, public schools, law offices, and other entities to go after low-hanging fruit with ransomware attacks. Such attacks have recently spiked, and, as of last year, almost 60% of these organizations were attacked. In the private sector, geographic areas with relatively new tech hubs are struggling to find on-site talent, as many graduates are drawn to more established cities for the industry.

Recruiters Aim for Higher Compensation and Better Incentives to Attract Talent

Across the field, employers and recruiters are trying a variety of techniques to recruit cybersecurity professionals. In the private sector, many are luring new talent with the promise of bonus sign-on compensation and salary growth potential. Recruiters in the public sector, on the other hand, emphasize job security that comes with a government role.

Recently, however, the public sector has allocated more funding with plans to expand the US Cyber Command, creating more competitive salaries. In June, the Pentagon received $11.2 billion in funding for cyber for 2023 — jumping nearly $1 billion from the year prior. Increased funding will translate into increased compensation, making beginner federal positions very competitive compared with the private sector.

While public sector salaries climb at entry level, recruiters are still challenged to find candidates who can pass the extensive background checks and adhere to rigorous work and behavior standards required by the government and military. Private sector recruiters, by contrast, emphasize flexibility in the workplace to sway potential candidates — as many tech workplaces are celebrated for disrupting corporate social norms. To this end, the private sector is becoming more amenable to options such as remote work and flex scheduling, which is particularly important in geographic regions where there is a dearth of cybersecurity candidates.

Cybersecurity Educators' Role in Educating New Talent for Recruiters

Cybersecurity educators have a unique challenge to prepare students for challenges on platforms that are constantly evolving. Students need to see real-world applications of knowledge and skills to be set up for success. At American Public University System, where I instruct, we aim to equip tomorrow's cyber leaders with valuable knowledge that is relevant by offering a strong cyber-defense focused online curriculum at both the undergraduate and graduate levels.

As scholar-practitioners, we know what educational resources can best equip our students. Well-rounded curriculum for students should cover intrusion, incident handling, IT security, and digital forensics, and should integrate multiple disciplines to gain the critical skills and management practices needed to effectively lead missions in real time.

Given the national shortage in talent, it is also important educators provide accessible opportunities to welcome non-traditional learners into the fold — no matter their geographic location, age, or career history. There are always opportunities for real-world application. At the K-12 level, this may look like attending field trips or creating mock drills. At the undergraduate and graduate level, it may be partnerships and collaboration with employers — from career fairs to supervised internship programs — so students have a successful path in mind as soon as they begin meeting with recruiters.

Educators and recruiters alike recognize that the knowledge gap is not going away — and we are working to help address it with high-quality, accessible education for future cybersecurity professionals.

About the Author

Dr. Kenneth Williams

Dr. Kenneth Williams is the Executive Director of the Center for Cyber Defense at American Public University System. He is a retired US Army IT officer with 24 years of active service and seven years of federal service as a civilian for the US Army. Dr. Williams has a graduate and a PhD degree in Cybersecurity from Capella University and has focused intently on various aspects of cybersecurity to include compliance, governance, and other related aspects of cybersecurity mitigation.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights