There has never been a greater demand for cybersecurity professionals nor a greater shortage in the job market. Every cybersecurity professional and, these days, anyone who can handle a basic operating system is being recruited into IT positions across the board. This is connected to “The Great Resignation” is a period of significantly greater than normal turnover rates and far greater competition for workers. According to Anthony Klotz, the man behind the term ‘The Great Resignation’ and an associate professor of management at Texas A&M University, rampant resignations didn’t quite start with the pandemic. Over the last ten years, particularly as the American economy strengthened, resignations have been going up. The pandemic stalled these resignations in 2020 as people feared the uncertainty it brought. The introduction of the COVID-19 vaccines caused people who were seriously considering quitting to act. In the financial industry, 24% of employees have already resigned or plan to do so by 2022. Without a remedy, the high employee turnover and difficulties in hiring may cause significant losses with escalating effects throughout the nation.
This is affecting both the private and public sectors.
DHS planned to hire 109 cybersecurity professionals in 2020 and did not actually hire a single one. Their new plans are to hire 150 in 2021 and another 150 in 2022, with onboarding by the end of the year. But these professionals are in extremely short supply. As reported by The New York Times, Cybersecurity Ventures projects a staggering 3.5 million unfilled cybersecurity jobs globally by 2021, increasing from one million such positions in 2014. Late in August, the Cybersecurity Talent Management System (CTMS) was put into effect, allowing “excepted service” and exceptional pay for cybersecurity talent, a significant change in traditional federal HR practices. In contrast, cybersecurity threats are on the rise. The population of hackers and the tools at their disposal are ever-expanding. Anyone with a malicious program can become a “hacker” and malware is commonly available to copy for free on the darknet. Bad actors target everything from giant hospitals to the smallest businesses. In a time when every business needs cybersecurity experts, it’s no surprise that demand is high, and the security expert continues to grow.
The Cybersecurity Threat to Modern Business
- Open-Source Malware
- Today’s hackers are numerous and malicious. Worse, they are benefitting from shared and accessible resources. There are open-source malware and ransomware programs that can be implemented with basic skills. There are bad actors who open a security gap in a piece of enterprise software then spread the word and encourage a wave of exploitation hacks. The clever and skilled hackers are fueling hordes of less skilled implementers who do as much harm or more.
- Criminal Organization and Foreign State Interference
- The other primary source of the cybersecurity threat comes from true organized criminal and Nation State activity. Named teams of hackers are working together to target “big fish”, usually for cryptocurrency. In addition, foreign states often use cyber-terrorism as part of their international espionage and efforts to inflict damage on enemy states. Both target large service providers like Kesaya while the end customers of their targets, often small businesses, are also hurt by their success.
- The Many Targeted Data Attacks
- In addition to malware, ransomware, and software exploits, hackers can also target your data in-transit, they can steal logins and accounts, and they can insert code into your web services. Some steal domains, some seek to steal specific information from your servers or archives. The threat is growing and every business needs cybersecurity professionals to help defend, detect and/or respond. Meeting that need, however, is also a growing challenge.
Why the Shortage of Cybersecurity Professionals?
The shortage of security professionals comes from several sources. First, there’s been an explosion in cybersecurity and managed-IT demand, more than the current pool of professionals can address. Additionally, there is an extremely tight job market, increasing the difficulty in finding specialized competent cybersecurity professionals to hire and, if you find them, affording them. Finally, many hiring managers do not have the experience needed to hire cybersecurity specialists. It’s often difficult to make the right decision without an IT professional already on staff to assess the applicable technical skills and knowledge of a candidate. Between the staff shortage and expertise required to hire appropriately, outsourcing and contracting cybersecurity teams is often more effective, especially for small teams.
Filling the Cybersecurity Demand
So how do we resolve this ever-increasing demand for cybersecurity professionals and the shortage of available candidates in the workforce? The answer is to both find talent in untapped pools and optimize available expertise by outsourcing to meet your cybersecurity and managed-cybersecurity needs.
Train New IT Professionals
One solution is to develop new cybersecurity professionals. Create a pipeline from entry-level technicians (often a help desk or entry level security role) to admins and security specialists. Offer opportunities for training, career development, and promotion inside the position. If your company isn’t big enough for a robust pipeline, partner with others in your network to create the cybersecurity professionals you need and offer them continuous growth opportunities to fill out the much-needed ranks. But recognize that there will be others vying to compete for the cybersecurity talent in your firm.
Outsource with a Trusted Advisor
One of the better emerging industry solutions is outsourced cybersecurity teams. One talented team can provide the cybersecurity services needed for a variety of small to medium businesses. This shares the supply of cybersecurity professionals between several companies and provides the benefit of a full team, not just one or two IT professionals onboard. The advent of virtual specialized resources to supplement internal staff is becoming more and more an avenue for Banks, Healthcare Providers, and other sectors to meet the new demand with trusted service providers.
Cybersecurity is a specialization of IT. Many teams already have an IT administrator who keeps their systems updated and computers online, but they don’t have specific cybersecurity expertise. In addition, the pressures on the IT professional to perform can often conflict widely with the pressure on the cybersecurity professional to secure. The two do not often peacefully co-exist in one person. In this case, you can absolutely combine outsourced cybersecurity and advanced IT services in-house. Let your IT professional do what they do best: take care of the team’s IT production needs while your outsourced team takes care of your firm’s cybersecurity defense. Your in-house IT stays in charge of office technology and can act as the bridge between your outsourced team and the rest of the company. Resources are scarce in cybersecurity hiring. Find your solution to the workforce IT shortage today.