The Cheapest Way to Fill the Cybersecurity Workforce Gap

For the last few years, a growing shortage of cybersecurity professionals has caused IT executives around the globe to become desperate for skilled IT workers in this field.

The 2014 Cisco Annual Security Report estimated the need for 500,000 to 1 million qualified security workers internationally, projecting this number to rise to 1.5 million by 2019.


Experts cite a few different reasons for this shortage, the most notable of those being a severe lack of experienced workers in a relatively “young” industry.

In the past, IT departments relied on contract workers to solve security issues, but only during a crisis. However, due to an influx of cyber-attacks made on myriad industries, companies are looking to invest in permanent security workers who will focus not only on the prevention of data hacking, but also on early detection and response.

But will employers be able to fill this workforce shortage?

It’s difficult to say. With an increase in demand comes an inflation of salaries for currently skilled cybersecurity professionals. So much so, that it’s becoming difficult for most companies to afford them. James Arlen of Leviathan Security Group tells ZDNet, “The reality of this is that in order to acquire new talent, companies are forced to go hunting and must be ready to put down the biggest pile of compensation.”

Training Is the Answer

So how do companies cope with this?

Arlen reveals that “while we need to ensure a trained and ready replacement workforce is prepared to supplement and succeed the current generation of security professionals, we should invest heavily in training those who already occupy the positions that protect our companies today.”

It seems like the cheaper option for businesses to provide training to existing IT employees, who already have the technical background and who are familiar with company practices. By increasing their skill sets and taking on more responsibility, IT employees have the opportunity to benefit from the increased wage demand for cybersecurity professionals.

In addition, this cross-training of IT workers seems to have worked before. According to CSO, a Canada-based information security company called Herjavec Group has been successful in converting existing technical employees into cybersecurity professionals. After acquiring a few IT services companies, Herjavec trained those new employees to become “expert cybersecurity advisers, consultants, incident responders, engineers, and security operations center staff.”

Therefore, by following Herjavec’s lead, companies have the chance to solve their cybersecurity issues through the investment of training.

As cybersecurity breaches continue to devastate businesses, it’s important to be prepared.


AUTHOR:  Meredith Quinn is a marketing copywriter and content developer for, an online training provider of on-demand, multi-industry career training and certifications. Quinn composes weekly blogs that focus on the IT industry, with an emphasis on professional development. For more information, contact

Reprinted from TRAINING magazine


Is Your Cybersecurity Team Complete?

Cybersecurity is a growing concern for any organization. Thanks to the vast development of communication networks and technology that enables firms to track and store data more easily, every enterprise is vulnerable to the possibility that their data could be hacked — a risk that could come at a high cost.

The rise of such a threat has created a new market for jobs related to cybersecurity. According to a report from technology company Cisco Systems Inc. cited in Forbes earlier this year, global demand for jobs in the field is projected to grow by six million by 2019. Moreover, the U.S. Bureau of Labor Statistics shows that the annual median pay for an information security analyst, a common cybersecurity role, is $88,890. Earnings in the top 10 percent of the field surpass $140,460.

Most firms are unprepared for the cybersecurity threat. According to DHR International, an executive search firm based in Chicago, 75 percent of U.S. organizations are not ready to respond to a threat, even though there was a 64 percent increase in security incidents just in 2015. “The trends in this business are getting forever more technical and forever more important,” said Pete Metzger, DHR’s vice chairman. “No one is immune to this stuff.”

For companies interested in building out their cybersecurity teams, there are a few different roles that experts say they should consider:

•  Chief Information Security Officer: This high-level role is for someone who thinks broadly about risk and who has the technology acumen and communication skills to convey technical concepts in business language to an organization’s board or audit committee, according to Joyce Brocaglia, president and CEO of Alta Associates Inc., an executive search firm specializing in cybersecurity and IT risk.

•  Threat Intelligence and Security Operations Center, or SOC, Professionals: According to DHR International’s Metzger, these workers make sense of a cyberthreat. SOCs are centers for mitigating threats.

•  Product Development and Security Software Developers: These roles develop new products to defeat a cyberthreat, Metzger said.

•  Cybersecurity Policy Roles: These roles can be found in think tanks and research institutions, according to Jennifer McArdle, assistant professor of cybersecurity at Salve Regina University in Newport, Rhode Island, and nonresident fellow at the Potomac Institute for Policy Studies. People who work in cybersecurity policy aim to build awareness or provide guidance for the industry.

•  Digital Forensics Roles: When a breach occurs in a network, people in digital forensics roles identify how the access happened and gather additional evidence to mitigate against similar attacks in the future, McArdle said.

Despite the rise in demand for cybersecurity roles, supply remains tepid. This means executives looking to staff a team in the field should be prepared for a competitive recruiting process. “Those that can do [cybersecurity] well can kind of call their own shots in terms of executive roles and next assignments,” DHR International’s Metzger said.

Metzger offered executives three pieces of advice to remain competitive when hiring for cybersecurity roles:

  1. Identify the organization’s unique and most significant cybersecurity threats.
  2. Be prepared to define the specific qualities needed for cybersecurity jobs.
  3. Be prepared to offer generous compensation. The investment is likely to be at a lower cost than that of a cybersecurity breach.

For more on the background and history of cybersecurity, visit NATO’s website, which has a detailed timeline of the field.

Reprinted from Talent Economy


Pin It on Pinterest