When it comes to the cybersecurity skills shortage, ESG research reveals the following:
- 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills. This represents an increase of 18% compared to 2015.
- A vast majority (87%) admit that it is “very difficult,” “difficult,” or “somewhat difficult” to recruit and hire cybersecurity professionals.
Yup, there is a definite shortage of cybersecurity professionals available so recruiters are tripping over each other as they try to poach talent from their existing employers. According to a recently published report by ESG and the Information Systems Security Association (ISSA), 46% of cybersecurity professionals are solicited to consider other cybersecurity jobs by various types of recruiters at least once per week! This situation has led to salary inflation and massive disruption.
It’s certainly true that if you need a highly experienced cybersecurity professional, you have no choice but to pull someone away from their current job but this is a zero sum game from a total employment perspective.
So what else can we do? Well there’s another disruptive force happening within IT called cloud computing. Simply stated, as organizations move workloads to public cloud providers like Amazon AWS, IBM SoftLayer, and Microsoft Azure, they no longer need as many infrastructure administrators to babysit Intel servers, storage arrays, or data center switches.
As it turns out, these uprooted IT folks are a natural fit for cybersecurity jobs. According to the ESG/ISSA research, more than three-quarters (78%) of cybersecurity professionals moved from IT jobs to cybersecurity jobs as part of their career progression. ESG/ISSA asked those that transitioned to cybersecurity what they learned as IT professionals that helped them with infosec. The responses were as follows:
- 46% said gaining experience with different types of technologies
- 44% said IT operations knowledge and skills
- 42% said networking knowledge and skills
- 28% said collaboration between IT and business units on business initiatives, processes, and strategic planning
- 26% said an understanding of how IT organizations work
So while the cybersecurity skills shortage will continue for the foreseeable future, there is also a pool of IT talent out there that will become available over the next few years as an increasing percentage of enterprise workloads migrate to public cloud infrastructure. Yes, these folks will need specific cybersecurity training, but ESG/ISSA research indicates that this group brings many of the business, organizational, and technical skills needed as a foundation for cybersecurity professionals.
Rather than rob Peter to pay Paul, smart CISOs (and cybersecurity product and services vendors) will invest in training and mentoring programs and recruit heavily from this growing population of IT professional outcasts. In my humble opinion, this is a sounder strategy than continually horse trading cybersecurity talent.