The Cybersecurity Talent Shortage

An Urgent Threat

Published on Mar 8, 2022

Updated on Nov 29, 2023

Written by Lightcast

Over the past week, cyberattacks have been reported all over the globe, an urgent reminder of cybersecurity’s importance in the workplace and government. But one of the greatest threats to the field isn’t external, but internal: the cybersecurity job market is experiencing a critical shortage of talent.

February saw the largest spike in cybersecurity job postings that Emsi Burning Glass has seen since we began tracking such postings 10 years ago. There were 77,523 cybersecurity postings in February across the nation, up 31% from December and 74% from this time last year.

“February had the largest number of cybersecurity postings we’ve ever tracked in a single month,” said Will Markow, cybersecurity talent expert and our Vice President of Applied Research. “It beat the next closest month by 28%, even with February being the shortest month of the year.”

That spike reflects a continuing trend but also reflecting the global tension of the past several weeks. The most prominent recent cyberattacks have been focused on Ukraine as part of the Russian invasion, but countless other threats have been leveled at targets around the world. For example, a cyberattack on a supplier shut down Toyota’s entire Japanese production line last week.

“Russia has one of the world’s most sophisticated cyberattack capabilities,” Markow said. “The recent events are a stark reminder that developing more cybersecurity experts in the private and government sector workforces is a global necessity.”

According to CyberSeek, a portal powered by Emsi Burning Glass data, only 68 qualified workers are available for every 100 cybersecurity jobs, and over 600,000 jobs open up for cybersecurity workers every year in the US.

One way to close the gap between open positions and qualified workers is by using “skills adjacency,” which focuses on the abilities workers already have. From there, employers can add just a little more training to qualify their existing talent for the roles the company needs filled. 

“Most of those jobs go unfilled because there aren’t enough people with the right skills,” Markow said in our “Beer With Emsi Burning Glass” video series last December. “Cybersecurity jobs remain open 20% longer than the average for all IT jobs, which are already notoriously difficult jobs for employers to fill.”

CyberSeek’s “Career Pathway” tool shows how entry-level and “feeder” roles can lead to more advanced jobs in the security space—jobs employers desperately want to fill.

For example, most job postings for IT support workers don’t require bachelor’s degrees, just technical skills like repair and hardware troubleshooting. But by adding just a few key skills like information systems or computer forensics, those workers can qualify for a job as a cybersecurity specialist or a cyber crime analyst. 

From there, they can grow further: perhaps into the role of cybersecurity engineer, a job with over 62,000 open positions needing to be filled. Hiring a new engineer is one way to solve that problem, but in such a tight market, they’re hard to find. Promoting and training your existing workforce can meet that need just as well—an innovative way to meet an urgent need.

In Ukraine and beyond, it’s difficult to know what global conflict will look like now and in the future, but cyberattacks are sure to be a major part, and that means cybersecurity jobs will be more important than ever.

“In a cybersecurity war,” Markow said, “everyone with a computer is on the front lines.”

On March 8, Markow will be joined by James Stanger, Chief Technology Evangelist at the technology trade association CompTIA, to explore these ideas further on LinkedIn Live. You can watch or catch up here.