While the cybersecurity workforce continues to expand, there are only enough workers to fill 83% of available cybersecurity jobs, reports job market source CyberSeek.
Despite some recent positive news for tech hiring, a growing cybersecurity talent shortage threatens to hamstring businesses.
Data from CyberSeek shows that in the U.S., some 265,000 more cybersecurity workers are needed to solve current staffing needs. CyberSeek is a data analysis and aggregation tool powered by a collaboration among Lightcast, a provider of global labor market data and analytics; NICE, a program of the National Institute of Standards and Technology focused on advancing cybersecurity education and workforce development; and IT certification and training group CompTIA.
There are just enough workers to address 83% of the available cybersecurity jobs in the U.S., according to CyberSeek. While cybersecurity job demand has stabilized to pre-pandemic levels, AI-driven technology changes are altering the professional landscape for security professionals.
“Skill requirements are shifting faster than many practitioners can keep up, which is causing the cybersecurity talent gap to widen once again,” said Will Markow, vice president of applied research at Lightcast, in a statement.
There are an estimated 1.25 million professionals who are working in cybersecurity in the U.S. now, and job postings for cybersecurity positions totaled more than 457,000 between September 2023 and August 2024, Cyberseek reports.
“Narrowing the supply-and-demand gap for cybersecurity talent is a significant challenge and a promising opportunity,” said Amy Kardel, vice president, strategy and market development, academic, CompTIA, in a statement. “It requires changes in mindset and approach; understanding that there are many pathways to employment; seeking out job candidates who come to the workforce via alternate routes; and a stronger focus on retraining and upskilling of current employees.”
The security skill shortage isn’t unique to the U.S. According to data in the 2024 Cybersecurity Workforce Study from ISC2 Research, the cybersecurity skills gap is continuing to widen globally. ISC2 Research surveyed some 15,852 cybersecurity practitioners and decision-makers globally, receiving responses from Africa, Asia-Pacific, Europe, Latin America, the Middle East, and North America and found that the size of the cybersecurity workforce remains mostly static.
That means existing roles might not have been lost amid cost-cutting efforts, but economic and other concerns have “canceled out any net new job growth.” The decrease in new cybersecurity job postings shows there have likely been reduced opportunities for hiring and promoting security talent in the past year.
“It also highlights a concerning shortage of entry points for new talent and a lack of opportunities to address skills and personnel shortages with new talent and on-the-job learning,” the report states.
The ISC2 survey found that 90% of organizations reported having skills gaps within their security teams. Among the skills noted in the 2024 ISC2 Cybersecurity Workforce Study as lacking are:
- Artificial intelligence/machine learning: 34%
- Cloud computing security: 30%
- Zero Trust implementation: 27%
- Digital forensics and incident response: 25%
- Application security: 24%
- Penetration testing: 24%
- Threat intelligence analysis: 20%
- Security engineering: 20%
- Malware research/analysis: 20%
- GRC: 20%
- SecOps: 20%
- Risk assessment, analysis, and management: 19%
- Security analysis: 18%
ISC2 Research recommends employers find ways to attract new people to cybersecurity with realistic expectations and in-role professional development. It is critical with the skills shortage to embrace a hiring strategy based on a diverse array of people and skills, and not only look to pre-qualified individuals, according to the ISC2 Research report.
“The onus is on employers to address the disparity through better communication of needs and rationalization of expectations (not expecting professionals to already have unachievable years of experience and industry certifications in a recently relevant discipline like AI, for instance),” the report states.
Read more career news
- 71% of women in IT work long hours to climb ladder: Women in IT say they struggle to further their careers and that workplaces could do more to achieve gender equality.
- AIOps certifications to elevate your IT career: Cisco, IBM, Microsoft, AWS, and others are offering training and certifications that can help IT pros demonstrate expertise in using artificial intelligence for IT operations, or AIOps.
- Can NaaS mitigate network skills gaps? Network as a service (NaaS) promises to give enterprise organizations quick access to new technologies and improved performance while also filling critical skills gaps, according to EMA Research.
- Businesses struggle to balance AI tools and employee skills: When it comes to AI, tech leaders at large enterprises struggle with security concerns, infrastructure investments, and determining how best to apply AI tools alongside human talent, according to research from CompTIA.
- Talent gap threatens US semiconductor industry: Shortage of skilled workers could affect the deployment of AI, which depends on chip innovation and semiconductor availability to thrive.
- Tech hiring slows, more IT jobs lost: U.S. employment data shows fewer new high-tech positions added and more IT jobs lost as employers remain cautious.