In the past
few weeks, I have written a lot about Generative AI, so today, I am going to
break from it and talk about something else that is also equal, if not more
important in Cybersecurity. To start off
with, we all know that the United States economy is starting to slow down.
A lot of this
can be attributed to the massive number of layoffs that have occurred within the
Federal Government, and because of the uncertainty of the tariffs, which have
wreaked havoc on our own financial markets.
To make matters
even worse, the overall job growth is also starting to slow down, something that
we have not seen in quite some time.
But despite
all of this, there is still a silver lining:
The demand and creation for jobs in Cybersecurity still remains strong,
however, there are more jobs available than what people can fill. Consider some of these key statistics:
*According to
the ISC2 in their report entitled the “2024 Cybersecurity Workforce Study”, there
will be need to 3.4 million Cyber professionals to keep up with the demand.
*According to
Cyber Seek, there were 457,433
cybersecurity job openings from August 2023 to September 2024, but barely any
of them were filled.
Yes, this gap
is very alarming. Here are some reasons
cited for this trend:
*The Cyber
Threat Landscape is constantly changing, in fact even by the minute. Thus, trying to find the right workers with the
exact skillset that is needed is very difficult to do. In fact, according to a recent report from
IBM, over 60% of businesses have failed to find the candidate that they were
looking for, simply because they did not have the skills needed.
*A lot of the
focus on Cyber jobs has been on offensive roles, such as being a Penetration
Tester. But the way that technology is
evolving today, many companies are now resorting to automated Penetration Testing, versus
doing it the traditional ways. So the
demand now are for those candidates that have defensive oriented skills sets,
such as being a part of the IT Security team.
But many of the people that have had these roles tend to burn out very
quickly, because they are completely inundated with tasks, or the simply are
suffering from what is known as “Alert Fatigue”.
*The dawn of
the data privacy laws has now created a new demand for Cyber professionals that
also have a legal background. Unfortunately,
there are very few people who have this precise skillet. But, there is a new trend that is also
emerging, and that is the need . what is
known as a “Chief Data Privacy Officer”.
Personally, I do not know of anybody who has filled this kind of role,
but they seem to be out there.
Compounding the
last one even more, is that many companies hiring for that skillset also require
an in-depth knowledge of the GDPR, CCPA, the NIST frameworks, and even the ISO
standards. Anybody who can do this will
truly be a specialist in the core.
But it is not
the hiring managers that are too solely to blame in this regard. Evern the recruiters have played their fair
share of misleading candidates to apply, and they never hear back from them
again. These are technically referred to
as “Ghost Jobs”, as these are used to only create a pool of candidates for the recruiting
agencies.
Another complaint
that candidates have about the recruiters is that the job postings that they
apply to have extremely broad requirements.
But if they have the interview, they are completely shocked when the
hiring manager lays out extremely specific requirements for the job.
My
Thoughts on This:
So now, you may
very well be asking yourselves: How can this
situation be turned around? It comes down
to both the job candidate and the hiring manager. Let’s start first with the former. Assuming that this person will be getting
some kind of degree, they should be encouraged to network with their instructors
to find an internship of some sort.
This is what
I did when I was in college. I met with
a professor, and he connected me with The Andersons, a large grain company based
in the Midwest.
Further, the students
should also be asking their instructors about what kinds of specific courses they
should be taking. For example, if they want to become a Malware
Analyst, then they will have to take more quantitative oriented courses to
build an analytical mindset.
Also, the instructors
need to take a more active role in encouraging their students to take entry level
certs, such as the Certified in Cybersecurity from ISC2 or the Security+ from
CompTIA.
Now, on the
side of the employer. In order to end this
cat and mouse game of finding the right candidate (which they most likely will
never find), they need to take the risk and try to hire somebody that has just
entry level skills and train them up for the job.
True, this could
cost a little bit of money in the beginning, but these kinds of candidates will
have a tendency to stay longer with the company, versus hiring somebody with
the right skill set (and of course at a much higher salary), who probably will
not stay around for very long, because they know that they are in demand.
In the end, there will always be
a need for Cyber workers, as threat variants will not fail to exist, and the
Cyberattackers will only keep getting stealthier and more deadly in their
attacks. If this jobs gap remains the way it is, there will be many more
victims because of security breaches occurring in the end.
Therefore, all three parties must make this happen:
Ø The student
wants a job in Cyber.
Ø The recruiter
in Cyber
Ø The hiring
manager that is trying to fill a Cyber position
Let us make this happen!!!
No comments:
Post a Comment