Press "Enter" to skip to content

The cybersecurity hiring landscape is bleak, and what that means for the market

Today, let’s talk about staffing and hiring, and sentiment because there’s a lot of data.  

In data from Cobalt, of the 602 security and development professionals surveyed, 54% said they currently want to quit their jobs due to overwhelming responsibilities and workforce shortages within their departments.

As part of its study, Cobalt has found that the lack of workers plagues those in the security field for several reasons. For one, within the cybersecurity division, the numbers are pretty bleak regarding the lack of employees. Of those surveyed, 45% said their department is currently experiencing a shortage of employees. In addition, nearly all (90%) of those who have suffered from this talent deficiency said they are struggling with the amount of work currently being assigned to them, leading to a large swath of employees feeling burnt out. Teams in this sector are reportedly unable to fix or prevent the same vulnerabilities for at least the past five years due to this dearth of talent.

ISACA found similar news – in State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources, and Cyberoperations, which finds that 60% of respondents said they’d experienced difficulties retaining qualified cybersecurity professionals, up to seven percentage points from 2021.

Why do we care?

I wanted to highlight this: with all the talk of cyber security as the significant offering, are there enough employees to deliver?    Cyber security isn’t about buying a product, it’s about providing a comprehensive service, and this data is grim.  

There aren’t enough cyber teams, and the ones there are overworked and under intense stress.  Yeah, sign me up for that!

I wish I had some quip to solve this problem for small providers.  I don’t.   I believe in outsourced services to augment businesses and think the approach is ideal for small and midsized companies.  But what I ponder is… the stakes are a lot higher in cyber security than network or desktop support, and the skill set is more advanced.   Can this scale-out?