As 2023 draws to a close, tech professionals interested in a cybersecurity career or looking to move up the management ladder have numerous opportunities open for them.
The recently published 2023 (ISC)2 Cybersecurity Workforce Study, which includes responses from nearly 15,000 security professionals and decision-makers in the U.S. and around the world, pictures a robust market for skilled cybersecurity experts. The topline numbers show the global cybersecurity workforce currently stands at 5.5 million, a 9 percent year-over-year increase.
The global cybersecurity workforce gap also grew about 13 percent between 2022 and 2023, meaning the private and public sectors still need about 4 million cybersecurity pros to fill open positions. “The profession needs to almost double to be at full capacity,” the (ISC)2 concludes.
Despite millions of job openings inside and outside the U.S., as well as an ever-increasing number of threats to networks and data, the (ISC)2 report points to some market trouble. Economic uncertainty means that 47 percent of those surveyed have witnessed cutbacks to their teams, including layoffs, budget cuts, and hiring or promotion freezes.
Another 22 percent have personally experienced a layoff, while 31 percent are concerned about additional cuts next year, according to the report.
Newer and much more advanced technologies, such as artificial intelligence, are also changing how tech and security professionals approach their jobs, shifting the types of skill-sets that organizations need. The (ISC)2 report found that nearly nine in 10 respondents report a skills gap within their organization, with the greatest shortfalls coming in cloud computing security, A.I. and machine learning, and zero trust implementation.
“Cybersecurity has evolved quickly, especially with A.I. being a massive focus, causing it to rise on government and commercial agendas,” observed Tony Goulding, cybersecurity evangelist at Delinea. “Attracting and retaining such skills will come down to an investment in cybersecurity talent, competitive compensation and long-term growth and career opportunities. Demand, good pay and solid career opportunities in a discipline that’s highly visible will always attract.”
A.I., Cloud Skills Remain Critical to Cyber Career Prospects
Since the introduction of OpenAI’s ChatGPT in November 2022, the cybersecurity world has worked to understand how generative A.I. technologies are changing the landscape. These tools can potentially automate many routine and manual tasks within security. At the same time, threat actors are incorporating the same techniques to improve their attacks.
As the (ISC)2 report notes, the need for a cybersecurity workforce that understands these tools only increases as organizations become more familiar with generative A.I., including what the technology can and cannot do. It also means machine learning and other skills will remain in high demand.
“While artificial intelligence in the form of large learning models is currently most popular—more specifically, machine learning practitioner skills are coveted. With a machine learning skill-set, people can incorporate their knowledge into a multitude of solutions, from penetration testing practices to cybersecurity solutions,” Sunil Muralidhar, vice president for growth and strategic initiatives at ColorTokens, told Dice.
“While a difficult concept to grasp, efficiency in this realm is a skill many employers are paying a premium for,” Muralidhar added. “Many industries, like healthcare, are failing to understand these complex machine learning models. Thus, personnel with a deep understanding of machine learning can simplify their explanations to consumers and raise revenue for their companies.”
A possible solution for many organizations is to incentivize their workforce to upskill their current IT and security staff to help fill these growing gaps. “Training initiatives can mitigate staff shortages by distributing skills and preventing significant skills gaps,” according to (ICS)2.
For tech professionals wanting to get into cybersecurity or who are seeking management roles, taking advantage of upskilling can help. Organizations that need more workers in key positions benefit, as well.
“A.I., ransomware, complex hybrid IT infrastructures and geopolitical threats are examples of areas that require the kinds of skills organizations are struggling to obtain,” Goulding told Dice. “Organizations must revisit their cybersecurity programs to ensure they’re as strong as they can be, and set up for future requirements. This involves regular risk assessment reviews to ensure they’re accounting for all these emerging threats, updating controls accordingly, tools and feeds that keep them abreast of the threat landscape, and frequent testing to ensure those controls are doing their jobs.”
As large portions of the workforce remain remote or in hybrid mode, cloud skills also remain critical to many organizations even as many enterprises focus on A.I.
“We view the move to the cloud as an opportunity to build scalable security solutions, but there is heavy reliance on skilled internal resources or third parties to do so,” Claude Mandy, chief evangelist for data security at Symmetry Systems, told Dice. “With cloud expertise and skills, particularly in security, in high demand, one of the most important specialist roles that organizations need is a cloud security architect to help maximize the opportunities the cloud has to offer and avoid a ‘lift and shift’ approach from the design phase.”
Tech Pros Need to Follow Budget Dollars
As ransomware and other types of attacks proliferated over the years, more budget dollars flowed to cybersecurity, which helped boost security awareness. This also allowed CISOs and other leaders to hire more talent.
Thanks to higher inflation and mixed economic signals, the (ISC)2 report found, budget cuts have come for cybersecurity, which creates additional concerns for security teams. “In general, 62 [percent] of cybersecurity professionals say that corporate cutbacks like layoffs, budget cuts and hiring freezes reduce their ability to prepare for future threats,” the report stated.
Cybersecurity experts also noted that organizations are rethinking what types of cybersecurity tools and technology they are investing in during uncertain economic times. For tech pros, thinking about which technologies, tools and platforms that management wants to invest in for the coming years can help them focus on where the organization is headed. In turn, they can adjust their skill sets accordingly.
“Because budgets are tighter with current economic conditions and layoffs abound across many sectors—offset against an escalating cyber threat environment brought on by international tensions—budgets need to be allocated in a more targeted fashion. In other words, they need to be spending their dollars smarter, and that applies to companies of all sizes,” John A. Smith, CEO at Conversant Group, told Dice. “Instead of buying new tools and slapping them on the pile hoping they work together, [enterprises] must understand where their true gaps lie and allocate spend to fixing those weaknesses.”
As companies streamline their budgets and tech purchases, continuing to seek out upskilling opportunities can help tech pros. “Investing in training and development for current employees can help organizations get current employees more experience and knowledge. As this field changes constantly, remaining stagnant can be detrimental when attempting to protect data; but consistently developing and promoting knowledge sharing can help,” Andi Ursry, cyber threat intelligence analyst at Optiv, told Dice.
Diversity and Nontraditional Paths
As the need for more cybersecurity workers continues to grow—even with budget cutbacks—organizations are trying new efforts to diversify the workforce and also bring in employees from other areas and industries who can fill these roles.
The Biden administration published its National Cyber Workforce and Education Strategy earlier this year which looks to bring more workers from diverse backgrounds into the cybersecurity workforce. The (ISC)2 data also finds that 68 percent of respondents report their organizations are investing in diversity, equity and inclusion efforts to retain and attract talent.
Through these efforts, talented individuals outside of tech can find their way into cybersecurity jobs and careers.
“Getting more women—of any age—involved in cyber competitions and mentored by women leaders in the industry helps build a professional network and proof of skill that I can personally say had a direct impact on my career,” Melissa Bischoping, director of endpoint security research at Tanium, told Dice. “The training programs are great, but the professional networking opportunities and collaborative spirit of team cyber events is something no training can replace. Creating paths for nontraditional entrances into tech will help us close the skills gap and staff the millions of unfilled cybersecurity positions today.”