The Lightcast Quarterly Cybersecurity Talent Report
Q3 2024
83%
Of Cybersecurity Jobs
7%
Of Cybersecurity Workers
10%
Talent Surplus
76%
Of Cybersecurity Jobs Requesting 2+ Years of Experience
A decade of employment growth in the cybersecurity workforce has not been enough to narrow the talent gap, signaling that more urgent action is needed.
In the Q3 2024 release of the Lightcast Quarterly Cybersecurity Talent Report, we find there is a national talent shortage of nearly 265,000 skilled cybersecurity workers across the United States.
The shortage is most pronounced among experienced cybersecurity professionals, with the greatest talent gaps observed for cybersecurity jobs requesting multiple years of experience. Cybersecurity jobs requesting 2+ years of experience have only 76% of the supply needed to meet employer demand, while entry-level cybersecurity jobs have a worker surplus of 10% relative to employer demand.
To build the existing cybersecurity workforce, employers have largely emphasized hiring experienced workers from cybersecurity as well as adjacent fields. Around 55% of existing cybersecurity workers were sourced from other cybersecurity or IT roles, while another 38% were experienced workers sourced from non-IT fields. Only 7% of existing cybersecurity workers were hired directly after completing their education, with the majority of those workers being hired out of programs at the bachelor’s level or above.
These findings suggest that employers find it difficult to fill cybersecurity roles requiring multiple years of experience, while new entrants to cybersecurity find it difficult to land their first role. As a result, there is a need to expand the cybersecurity talent pipeline to bring new workers into the field, while there is also a need to expand opportunities for entry-level workers.
In particular, revising hiring requirements and attracting talent from non-traditional career or educational backgrounds – such as community colleges and non-cybersecurity career areas – may hold the most promise for simultaneously closing the cybersecurity talent gap while diversifying the cybersecurity workforce.
About This Report
Lightcast developed the Quarterly Cybersecurity Talent Report as a commitment to support the National Cyber Workforce and Education Strategy from the White House’s Office of the National Cyber Director. It leverages and expands upon data Lightcast provides to CyberSeek.org, the definitive source for cybersecurity workforce information that Lightcast developed and maintains in partnership with CompTIA and NICE.
The National Cyber Workforce and Education Strategy was created to strengthen the cyber workforce in the US and connect people to well-paying, quality jobs. This strategy seeks to transform cyber education, advocating for a skills-based approach to build more robust cyber career pathways. It aims to foster extensive collaboration between employers, educators, government, and other key stakeholders to meet both urgent and long-term workforce needs.
Lightcast is proud to be part of this collaboration. Every quarter, our team—led by Will Markow, VP of Applied Research—will supply the White House with the latest updates on the national cybersecurity talent landscape in order to help shape policy to meet present and future needs in the cybersecurity workforce.
The Cybersecurity Talent Gap
In Q3 of 2024, there were 1,583,880 cybersecurity jobs demanded in the United States with only 1,319,117 skilled cybersecurity workers available to fill them. This equates to only 83% of the cybersecurity workers employers demand and leaves a talent gap of nearly 265,000 skilled cybersecurity workers across the country.
Cybersecurity Talent Gap by Experience Level
The cybersecurity talent gap presents unique challenges across different experience levels. Despite an overall cybersecurity talent shortage, entry-level cybersecurity jobs requiring zero to two years of experience have a worker surplus, with demand outpacing supply by 10%. Meanwhile, there is a shortage of skilled cybersecurity workers for all higher experience levels, with the share of supply relative to demand progressively decreasing as experience levels increase. This trend continues until positions requiring ten or more years of experience, where supply and demand begin to reach equilibrium.
The strongest demand for cybersecurity jobs is found in mid-level roles requiring 2 to 10 years of experience, and these jobs also have the lowest supply relative to demand. Therefore, these mid-level roles face the largest absolute talent gaps
Cybersecurity Talent Pipeline
The current cybersecurity talent pipeline largely emphasizes hiring experienced workers from cybersecurity as well as adjacent fields. Currently, 29% of existing cybersecurity workers were sourced directly from another cybersecurity role, while 26% were sourced from other non-cybersecurity IT roles. Of the remaining cybersecurity workers, 38% were sourced from non-IT fields, while 7% of existing cybersecurity workers were hired directly after completing their education. The majority of these entry-level cybersecurity workers came from a bachelor’s program or higher, with only 1% of current cybersecurity workers having been hired directly from a degree program below a bachelor’s degree.
Additionally, the growing integration of AI in cybersecurity has impacted talent demand. Over the past year, the share of cybersecurity job postings requesting AI skills has increased from 6.3% to 9.6%, highlighting a rising need for professionals who can leverage AI-related skills. As the cybersecurity landscape evolves, expanding the talent pipeline and incorporating new skills like AI will be essential to meeting cybersecurity workforce demands.
"After the pandemic-fueled IT hiring spree, cybersecurity job demand has stabilized close to pre-pandemic levels. However, the industry faces a perfect storm of AI-driven technological change, rising geopolitical tensions around the world, and an ever-evolving regulatory landscape. Taken together, skill requirements are shifting faster than many practitioners can keep up, which is causing the cybersecurity talent gap to widen once again."