Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Newest First  |  Oldest First  |  Threaded View
SchemaCzar
SchemaCzar,
User Rank: Strategist
12/18/2017 | 9:15:49 AM
One more thing: not enough professors
Working in academia, I can tell you it's hard to get top cybersecurity talent in teaching.  Many of the top people don't have the Master's-level degree that is required, and fewer the PhD that is preferred.  Everyone who's really great is tremendously busy.
SchemaCzar
SchemaCzar,
User Rank: Strategist
12/15/2017 | 9:23:04 AM
Companies don't want to change organizational behavior for security anyway
It's one thing to post a cybersecurity job req; it's another thing to follow through.  There's a major lack of organizational will do spend the money and time on it.
REISEN1955
REISEN1955,
User Rank: Ninja
12/12/2017 | 1:59:10 PM
Re: Reason 6
Definate a hard career.  A woman I work with who knows as much about cyber secrurity as anybody I know took the CIISP test after studying herself into an early grave and on THE FIRST QUESTION she knew she was doomed.  That hard!!!
NickB368
NickB368,
User Rank: Apprentice
12/12/2017 | 12:10:33 PM
Reason 6
Thank you for the well written and researched article. I was thinking about this recently and wonder if there wasn't one more to add to the list:

  • Other IT related jobs that might be easier, with similar pay


A career in cybersecurity can be really rewarding, but it's a difficult career path as well! The research and development side is mind boggling, involving understanding applications, operating systems, protocols and their inner workings. The practitioner side requires the soft skills AND the technical skills to troubleshoot, roll out a product, get awareness, etc. You could argue that cybersecurity careers pay more on average, but do they pay double what a more generalized IT career might? Are they twice as difficult? (I guess what I'm saying is that as far as jobs are concerned people DO follow the money)

As you mentioned, starting awareness and training earlier in the education/career path would help alleviate this problem to a certain extent... But more related to your reason #4, I'm not sure that a lot of people start out with the idea that they'd like a career in cybersecurity. So I feel like cross training could be the shortest path to fixing the problem. This would get people with experience and the proper background involved, thus making room for the more recent college grad's to backfill the more generalized spots.

Basically though, it ALL ties back to a pretty gross underinvestment in cybersecurity as a whole. I recently heard a comment in an interview with Tom Kellermann that only 6% of IT spend is on security. Fixing that issue might be the first step in fixing the labor shortfall. I certainly don't have all of the answers, but I wanted to pile on some more food for thought. Thanks again for the interesting read!
REISEN1955
REISEN1955,
User Rank: Ninja
12/12/2017 | 9:48:34 AM
Re: Where are the jobs?!?!
The real bedrock issue is not Cybersecurity per se but generalized IT as a career.  Used to be a hot one indeed and I sitll have my old Novell Netware CNE on the wall.  But that was before American management discovered India and what was a well paying, career enhancing career became something of no value at all and liable to be outsourced to Bangalore in a heartbeat.  Abbott (a place I recently left) sent 140 qualified IT staffers out the door do be placed by a helpdesk at Wipro.  It wsa horrible and paid poor.  So why would anybody in college venture into a career path that slams the door on your ass on the way out.  IT has no respect these days.  Want proof?  Equifax.  Oh, NOW they know more but still it is always CHEAPER,FASTER,BETTER (one word) in Bangalore.  So nobody in IT is really moving to cyber security except a few.  No new people are coming INTO information tech for good reason.  
StephenM95002
StephenM95002,
User Rank: Apprentice
12/12/2017 | 9:45:58 AM
Re: Where are the jobs?!?!
@Jeff- Thanks for the reply. I'll take your advice. I picked up my cap and gown yesterday so we'll see how things go.
Jeff Stebelton
Jeff Stebelton,
User Rank: Strategist
12/12/2017 | 9:41:16 AM
Re: Where are the jobs?!?!
I just did a search on indeed.com for information security in Columbus, Ohio, not exactly a hotbed for Infosec jobs. 1,6556 hits. And no, I didn't look at every page to see if they were all relevant but lets; assume 1,000 of them are. The fact you have to work remotely would probably wipe out 80% of those but there are still a ton of jobs available. A degree in CyberSecurity will be a game changer, once you can add that to your resume. Post it on LinkedIn and get ready for alot of Inmails from recruiters. 
StephenM95002
StephenM95002,
User Rank: Apprentice
12/11/2017 | 2:01:54 PM
Where are the jobs?!?!
It seems to be a recurring theme these days," Cybersecurity labor shortfall" and "Not enough security professionals to fill open roles". Okay if that is the case then where are all these jobs posted at?!?! Is there some super secert job site that only the people writting these stories have access to? I'm not asking of a friend, I'm asking for myself. I've worked in the Information Technology field for the last 18 years and about to graduate with a degree in Cybersecurity. I'm just not seeing all the jobs everyone is talking about. Granted I'm a little picky. I need to work by remote and would like to make enough to live on. Other than that I'm pretty flexible. Can someone do an old man a solid and point me to all these jobs I keep reading about? I'm just ready to take the next step in my career.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.