Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
12/11/2017 | 2:01:54 PM
Where are the jobs?!?!
It seems to be a recurring theme these days," Cybersecurity labor shortfall" and "Not enough security professionals to fill open roles". Okay if that is the case then where are all these jobs posted at?!?! Is there some super secert job site that only the people writting these stories have access to? I'm not asking of a friend, I'm asking for myself. I've worked in the Information Technology field for the last 18 years and about to graduate with a degree in Cybersecurity. I'm just not seeing all the jobs everyone is talking about. Granted I'm a little picky. I need to work by remote and would like to make enough to live on. Other than that I'm pretty flexible. Can someone do an old man a solid and point me to all these jobs I keep reading about? I'm just ready to take the next step in my career.
Jeff Stebelton
Jeff Stebelton,
User Rank: Strategist
12/12/2017 | 9:41:16 AM
Re: Where are the jobs?!?!
I just did a search on indeed.com for information security in Columbus, Ohio, not exactly a hotbed for Infosec jobs. 1,6556 hits. And no, I didn't look at every page to see if they were all relevant but lets; assume 1,000 of them are. The fact you have to work remotely would probably wipe out 80% of those but there are still a ton of jobs available. A degree in CyberSecurity will be a game changer, once you can add that to your resume. Post it on LinkedIn and get ready for alot of Inmails from recruiters. 
User Rank: Apprentice
12/12/2017 | 9:45:58 AM
Re: Where are the jobs?!?!
@Jeff- Thanks for the reply. I'll take your advice. I picked up my cap and gown yesterday so we'll see how things go.
User Rank: Ninja
12/12/2017 | 9:48:34 AM
Re: Where are the jobs?!?!
The real bedrock issue is not Cybersecurity per se but generalized IT as a career.  Used to be a hot one indeed and I sitll have my old Novell Netware CNE on the wall.  But that was before American management discovered India and what was a well paying, career enhancing career became something of no value at all and liable to be outsourced to Bangalore in a heartbeat.  Abbott (a place I recently left) sent 140 qualified IT staffers out the door do be placed by a helpdesk at Wipro.  It wsa horrible and paid poor.  So why would anybody in college venture into a career path that slams the door on your ass on the way out.  IT has no respect these days.  Want proof?  Equifax.  Oh, NOW they know more but still it is always CHEAPER,FASTER,BETTER (one word) in Bangalore.  So nobody in IT is really moving to cyber security except a few.  No new people are coming INTO information tech for good reason.  
User Rank: Apprentice
12/12/2017 | 12:10:33 PM
Reason 6
Thank you for the well written and researched article. I was thinking about this recently and wonder if there wasn't one more to add to the list:

  • Other IT related jobs that might be easier, with similar pay

A career in cybersecurity can be really rewarding, but it's a difficult career path as well! The research and development side is mind boggling, involving understanding applications, operating systems, protocols and their inner workings. The practitioner side requires the soft skills AND the technical skills to troubleshoot, roll out a product, get awareness, etc. You could argue that cybersecurity careers pay more on average, but do they pay double what a more generalized IT career might? Are they twice as difficult? (I guess what I'm saying is that as far as jobs are concerned people DO follow the money)

As you mentioned, starting awareness and training earlier in the education/career path would help alleviate this problem to a certain extent... But more related to your reason #4, I'm not sure that a lot of people start out with the idea that they'd like a career in cybersecurity. So I feel like cross training could be the shortest path to fixing the problem. This would get people with experience and the proper background involved, thus making room for the more recent college grad's to backfill the more generalized spots.

Basically though, it ALL ties back to a pretty gross underinvestment in cybersecurity as a whole. I recently heard a comment in an interview with Tom Kellermann that only 6% of IT spend is on security. Fixing that issue might be the first step in fixing the labor shortfall. I certainly don't have all of the answers, but I wanted to pile on some more food for thought. Thanks again for the interesting read!
User Rank: Ninja
12/12/2017 | 1:59:10 PM
Re: Reason 6
Definate a hard career.  A woman I work with who knows as much about cyber secrurity as anybody I know took the CIISP test after studying herself into an early grave and on THE FIRST QUESTION she knew she was doomed.  That hard!!!
User Rank: Strategist
12/15/2017 | 9:23:04 AM
Companies don't want to change organizational behavior for security anyway
It's one thing to post a cybersecurity job req; it's another thing to follow through.  There's a major lack of organizational will do spend the money and time on it.
User Rank: Strategist
12/18/2017 | 9:15:49 AM
One more thing: not enough professors
Working in academia, I can tell you it's hard to get top cybersecurity talent in teaching.  Many of the top people don't have the Master's-level degree that is required, and fewer the PhD that is preferred.  Everyone who's really great is tremendously busy.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...