Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Newest First  |  Oldest First  |  Threaded View
SchemaCzar
50%
50%
SchemaCzar,
User Rank: Strategist
12/18/2017 | 9:15:49 AM
One more thing: not enough professors
Working in academia, I can tell you it's hard to get top cybersecurity talent in teaching.  Many of the top people don't have the Master's-level degree that is required, and fewer the PhD that is preferred.  Everyone who's really great is tremendously busy.
SchemaCzar
50%
50%
SchemaCzar,
User Rank: Strategist
12/15/2017 | 9:23:04 AM
Companies don't want to change organizational behavior for security anyway
It's one thing to post a cybersecurity job req; it's another thing to follow through.  There's a major lack of organizational will do spend the money and time on it.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
12/12/2017 | 1:59:10 PM
Re: Reason 6
Definate a hard career.  A woman I work with who knows as much about cyber secrurity as anybody I know took the CIISP test after studying herself into an early grave and on THE FIRST QUESTION she knew she was doomed.  That hard!!!
NickB368
50%
50%
NickB368,
User Rank: Apprentice
12/12/2017 | 12:10:33 PM
Reason 6
Thank you for the well written and researched article. I was thinking about this recently and wonder if there wasn't one more to add to the list:

  • Other IT related jobs that might be easier, with similar pay


A career in cybersecurity can be really rewarding, but it's a difficult career path as well! The research and development side is mind boggling, involving understanding applications, operating systems, protocols and their inner workings. The practitioner side requires the soft skills AND the technical skills to troubleshoot, roll out a product, get awareness, etc. You could argue that cybersecurity careers pay more on average, but do they pay double what a more generalized IT career might? Are they twice as difficult? (I guess what I'm saying is that as far as jobs are concerned people DO follow the money)

As you mentioned, starting awareness and training earlier in the education/career path would help alleviate this problem to a certain extent... But more related to your reason #4, I'm not sure that a lot of people start out with the idea that they'd like a career in cybersecurity. So I feel like cross training could be the shortest path to fixing the problem. This would get people with experience and the proper background involved, thus making room for the more recent college grad's to backfill the more generalized spots.

Basically though, it ALL ties back to a pretty gross underinvestment in cybersecurity as a whole. I recently heard a comment in an interview with Tom Kellermann that only 6% of IT spend is on security. Fixing that issue might be the first step in fixing the labor shortfall. I certainly don't have all of the answers, but I wanted to pile on some more food for thought. Thanks again for the interesting read!
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
12/12/2017 | 9:48:34 AM
Re: Where are the jobs?!?!
The real bedrock issue is not Cybersecurity per se but generalized IT as a career.  Used to be a hot one indeed and I sitll have my old Novell Netware CNE on the wall.  But that was before American management discovered India and what was a well paying, career enhancing career became something of no value at all and liable to be outsourced to Bangalore in a heartbeat.  Abbott (a place I recently left) sent 140 qualified IT staffers out the door do be placed by a helpdesk at Wipro.  It wsa horrible and paid poor.  So why would anybody in college venture into a career path that slams the door on your ass on the way out.  IT has no respect these days.  Want proof?  Equifax.  Oh, NOW they know more but still it is always CHEAPER,FASTER,BETTER (one word) in Bangalore.  So nobody in IT is really moving to cyber security except a few.  No new people are coming INTO information tech for good reason.  
StephenM95002
100%
0%
StephenM95002,
User Rank: Apprentice
12/12/2017 | 9:45:58 AM
Re: Where are the jobs?!?!
@Jeff- Thanks for the reply. I'll take your advice. I picked up my cap and gown yesterday so we'll see how things go.
Jeff Stebelton
100%
0%
Jeff Stebelton,
User Rank: Strategist
12/12/2017 | 9:41:16 AM
Re: Where are the jobs?!?!
I just did a search on indeed.com for information security in Columbus, Ohio, not exactly a hotbed for Infosec jobs. 1,6556 hits. And no, I didn't look at every page to see if they were all relevant but lets; assume 1,000 of them are. The fact you have to work remotely would probably wipe out 80% of those but there are still a ton of jobs available. A degree in CyberSecurity will be a game changer, once you can add that to your resume. Post it on LinkedIn and get ready for alot of Inmails from recruiters. 
StephenM95002
100%
0%
StephenM95002,
User Rank: Apprentice
12/11/2017 | 2:01:54 PM
Where are the jobs?!?!
It seems to be a recurring theme these days," Cybersecurity labor shortfall" and "Not enough security professionals to fill open roles". Okay if that is the case then where are all these jobs posted at?!?! Is there some super secert job site that only the people writting these stories have access to? I'm not asking of a friend, I'm asking for myself. I've worked in the Information Technology field for the last 18 years and about to graduate with a degree in Cybersecurity. I'm just not seeing all the jobs everyone is talking about. Granted I'm a little picky. I need to work by remote and would like to make enough to live on. Other than that I'm pretty flexible. Can someone do an old man a solid and point me to all these jobs I keep reading about? I'm just ready to take the next step in my career.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.