Cyberseek Says: Cybersecurity Hiring Gap Is Widening

The shortage of qualified cybersecurity professionals has been with us for more than a decade now. But the balance of demand keeps overtopping supply. CyberSeek is a joint project that unites contributors from the NIST NICE program, Lightcast, and CompTIA. As stated in this June 6 press release, what had been vexing has now gotten worse.

‍

Indeed, the latest CyberSeek Report (with heat map and career pathways to explore) indicates that there are only 69 workers for every 100 cybersecurity positions. That means for every three such jobs, one cannot presently be filled. That’s not good! In gross numbers, that translates into a gap of more 466,000 positions that have gone unfilled just in the United States across the last six months.

‍

What’s NICE About (It)?

‍

NICE is a framework from the National Institute of Standards and Technology (NIST) designed to describe cybersecurity work, and to specify what individuals and teams of professionals must understand and be able to do to fill related jobs. This is extensively described through the NICE Framework Resource Center, which includes a Framework Definition, and detailed definitions and descriptions of task, knowledge and skill statements (TKSs) for:

‍

Competency Areas: Related TKSs that describes the kinds of tasks security professionals should be able to perform in various competency domains
Work Roles: Groupings of work responsibilities and capabilities that cyber security professionals commonly fill
Teams: Groups of people who tackle various challenge by assembling individuals with complementary skills, knowledge and experience

‍

Mind the Gap, Please

‍

The current shortfall of nearly 500,000 qualified cybersecurity professionals is part of a larger global landscape with similar unmet needs. Whereas nearly 0.5 million such jobs are open in the United States, somewhere between 2 million and 2.5 million such jobs are likewise open elsewhere around the world.

‍

This creates enormous opportunity for those already in IT who want to upskill or reskill. It also offers a nearly blank check to workers from other industries or walks of life, and for those preparing to enter the work force, to find meaningful interesting jobs with higher-than-average paychecks.

‍

Median household income in the United States in 2021 was just over $70,000; in 2022, the average U.S. cybersecurity job paid $120,000 — that’s another big gap, all right, but one that works in favor of those willing to bridge the chasm.

‍

Exploring CyberSecurity Job Paths

‍

Three interesting interactive features of the latest CyberSeek Report include:

‍

A heat map that uses color-coding to show where cyber security jobs are available by state, with the ability to drill down into major metro areas in each state. For example, there are 19 such areas in my home state of Texas including all the big metro areas (Houston, Dallas, San Antonio, Austin, and El Paso, plus 14 other smaller conurbations).

A constellation of career pathways divided into two dimensions — namely, feeder role and skill level. Feeder roles are networking, software development, systems engineering, financial and risk analysis, security intelligence, and IT support (vertical dimension) and the skill levels are entry-level, mid-level, and advanced level.

Visual geographic access to cybersecurity education and training providers. Explorers can filter their work by program type (associate degree, cybersecurity career training, bachelor’s degree, industry-recognized certification, graduate degree, and remote access). They can also drill down by state and location to identify certification providers, higher education outlets, in-person and remote training outlets and a whole lot more.

‍

Using the various interactive tools provides some interesting insights and a fair amount of simple entertainment value. Highly recommended!

‍

Don’t Just Sit There, DO Something!

‍

It’s one thing to decry the shortage of qualified cybersecurity workers and to bemoan the potential costs and losses their lack might cause. It’s entirely another to report the shortfall and then provide multiple interactive tools to foster exploration of related opportunities, and the means to exercise them.

‍

I’m going to try to persuade some under- and unemployed members of my own inner circle to take the CyberSeek Report for spin and see where it leads them. If it works out the way I hope it does, we’ll all be better off as a result. If you know someone who might benefit from this information please do likewise.

‍

Maybe even spend a little time spelunking yourself. I’m sure you’ll discover how interesting and absorbing this information can be.