Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //


09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds

A report from CyberSeek finds that there are currently over 300,000 open positions for cybersecurity professionals in the US, which includes more than 13,000 positions in the public sector.

Looking for work? There are over 300,000 cybersecurity jobs open within the US, which includes more than 13,000 positions within state and federal agencies, according to an industry study released earlier this month.

Overall, there were 768,096 cybersecurity workers employed in the US between April 2017 and March of this year, according to CyberSeek, a resource for security professionals developed by IT jobs and career firm CompTIA.

The study comes at a time when the Trump Administration has been calling for greater resources in cybersecurity to protect the nations' critical industries, while investing in technology, such as cloud computing, to help the federal government standardize its IT infrastructure. (See Unknown Document 739028.)

The CyberSeek report found that for every 6.5 employed workers in the US, there was one opening. However, that number drops to 2.5 employed workers for every opening in the cybersecurity market, which equals out to 301,873 open jobs in the US in private business and the public sector.

This shortage of workers has not gone unnoticed.

At the Gartner Symposium and ITXpo in October, analysts warned of the need for more security professionals, and they urged their audience to invest more in artificial intelligence and machine learning to help close the gap since there were no enough qualified candidates to fill all these open positions. (See Unknown Document 734998.)

"For all the focus on new and emerging technologies, cybersecurity remains the constant, led by a trained and certified cybersecurity workforce," Todd Thibodeaux, the president and CEO of CompTIA, wrote in a June 6 statement. "CyberSeek demonstrates that the cybersecurity field is rich with opportunities for current and prospective technology professionals."

Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

Mike Banic, vice president of Vectra, a San Jose-based provider of automated threat management tools, noted that overwhelming amount of data that security professionals have to monitor each day -- numbers from Equifax show that the company Cyber Threat Center captures 2.5 billion logs each day and monitors about 50,000 cybersecurity events every second -- burns security employees out and these positions need to be supplemented, which is one reason why there are so many job openings.

"No matter how many cybersecurity professionals you hire, human beings aren't good are drudging through a mountain of manual work, yet our industry keeps asking them to," Banic wrote in an email to Security Now. "This is tantamount to building a million cars by hands."

Not surprisingly, the largest number of open cybersecurity jobs is in the Washington, DC metro area, with 43,200 positions listed, according to the CyberSeek report. That's followed by New York City with 19,993 and Chicago with 11,464.

The CyberSeek data also shows that largest number of security job openings -- over 194,000 -- are in the category of Operate and Maintain, which is mainly a support role that involves the administration and maintenance of various IT systems.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting