Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Newest First  |  Oldest First  |  Threaded View
SchemaCzar
50%
50%
SchemaCzar,
User Rank: Strategist
12/18/2017 | 9:15:49 AM
One more thing: not enough professors
Working in academia, I can tell you it's hard to get top cybersecurity talent in teaching.  Many of the top people don't have the Master's-level degree that is required, and fewer the PhD that is preferred.  Everyone who's really great is tremendously busy.
SchemaCzar
50%
50%
SchemaCzar,
User Rank: Strategist
12/15/2017 | 9:23:04 AM
Companies don't want to change organizational behavior for security anyway
It's one thing to post a cybersecurity job req; it's another thing to follow through.  There's a major lack of organizational will do spend the money and time on it.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
12/12/2017 | 1:59:10 PM
Re: Reason 6
Definate a hard career.  A woman I work with who knows as much about cyber secrurity as anybody I know took the CIISP test after studying herself into an early grave and on THE FIRST QUESTION she knew she was doomed.  That hard!!!
NickB368
50%
50%
NickB368,
User Rank: Apprentice
12/12/2017 | 12:10:33 PM
Reason 6
Thank you for the well written and researched article. I was thinking about this recently and wonder if there wasn't one more to add to the list:

  • Other IT related jobs that might be easier, with similar pay


A career in cybersecurity can be really rewarding, but it's a difficult career path as well! The research and development side is mind boggling, involving understanding applications, operating systems, protocols and their inner workings. The practitioner side requires the soft skills AND the technical skills to troubleshoot, roll out a product, get awareness, etc. You could argue that cybersecurity careers pay more on average, but do they pay double what a more generalized IT career might? Are they twice as difficult? (I guess what I'm saying is that as far as jobs are concerned people DO follow the money)

As you mentioned, starting awareness and training earlier in the education/career path would help alleviate this problem to a certain extent... But more related to your reason #4, I'm not sure that a lot of people start out with the idea that they'd like a career in cybersecurity. So I feel like cross training could be the shortest path to fixing the problem. This would get people with experience and the proper background involved, thus making room for the more recent college grad's to backfill the more generalized spots.

Basically though, it ALL ties back to a pretty gross underinvestment in cybersecurity as a whole. I recently heard a comment in an interview with Tom Kellermann that only 6% of IT spend is on security. Fixing that issue might be the first step in fixing the labor shortfall. I certainly don't have all of the answers, but I wanted to pile on some more food for thought. Thanks again for the interesting read!
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
12/12/2017 | 9:48:34 AM
Re: Where are the jobs?!?!
The real bedrock issue is not Cybersecurity per se but generalized IT as a career.  Used to be a hot one indeed and I sitll have my old Novell Netware CNE on the wall.  But that was before American management discovered India and what was a well paying, career enhancing career became something of no value at all and liable to be outsourced to Bangalore in a heartbeat.  Abbott (a place I recently left) sent 140 qualified IT staffers out the door do be placed by a helpdesk at Wipro.  It wsa horrible and paid poor.  So why would anybody in college venture into a career path that slams the door on your ass on the way out.  IT has no respect these days.  Want proof?  Equifax.  Oh, NOW they know more but still it is always CHEAPER,FASTER,BETTER (one word) in Bangalore.  So nobody in IT is really moving to cyber security except a few.  No new people are coming INTO information tech for good reason.  
StephenM95002
100%
0%
StephenM95002,
User Rank: Apprentice
12/12/2017 | 9:45:58 AM
Re: Where are the jobs?!?!
@Jeff- Thanks for the reply. I'll take your advice. I picked up my cap and gown yesterday so we'll see how things go.
Jeff Stebelton
100%
0%
Jeff Stebelton,
User Rank: Strategist
12/12/2017 | 9:41:16 AM
Re: Where are the jobs?!?!
I just did a search on indeed.com for information security in Columbus, Ohio, not exactly a hotbed for Infosec jobs. 1,6556 hits. And no, I didn't look at every page to see if they were all relevant but lets; assume 1,000 of them are. The fact you have to work remotely would probably wipe out 80% of those but there are still a ton of jobs available. A degree in CyberSecurity will be a game changer, once you can add that to your resume. Post it on LinkedIn and get ready for alot of Inmails from recruiters. 
StephenM95002
100%
0%
StephenM95002,
User Rank: Apprentice
12/11/2017 | 2:01:54 PM
Where are the jobs?!?!
It seems to be a recurring theme these days," Cybersecurity labor shortfall" and "Not enough security professionals to fill open roles". Okay if that is the case then where are all these jobs posted at?!?! Is there some super secert job site that only the people writting these stories have access to? I'm not asking of a friend, I'm asking for myself. I've worked in the Information Technology field for the last 18 years and about to graduate with a degree in Cybersecurity. I'm just not seeing all the jobs everyone is talking about. Granted I'm a little picky. I need to work by remote and would like to make enough to live on. Other than that I'm pretty flexible. Can someone do an old man a solid and point me to all these jobs I keep reading about? I'm just ready to take the next step in my career.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3903
PUBLISHED: 2021-10-27
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-41191
PUBLISHED: 2021-10-27
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website....
CVE-2021-1115
PUBLISHED: 2021-10-27
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable co...
CVE-2021-1116
PUBLISHED: 2021-10-27
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
CVE-2021-1117
PUBLISHED: 2021-10-27
Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.