Stop me if you’ve heard this one: “we’re finding it really difficult to fill cyber roles.”
In recent years, cyber-attacks have transcended industries and demographics — as has the need for strong, proactive cybersecurity. In the modern cyber landscape, everyone is a target, and every business needs to defend themselves against cyber threats. That means more organizations are on the lookout for security professionals.
There are over 700,000 unfilled jobs in the US cybersecurity space alone. Driven by an explosion in the number of cyber roles in the market and a scarcity of qualified security professionals, this market of low supply and high demand is complicating both the acquisition of new talent and the retention of existing expert security professionals.
Here’s what’s fueling the cyber talent shortage.
We All Want an “Expert”
For a security professional to obtain and achieve the level of experience modern cybersecurity requires is difficult. Contemporary security challenges are so complex that an extraordinary effort is needed to understand them.
Early in my own career, I was driven by technology and the desire to understand it. I’d play around with tech (often with disastrous consequences, which is a story for another day) until I felt I had gained a solid understanding. This bled into my work in security — understanding how the technology worked helped me understand both how it can fail and how we can defend it. As I branched out into managerial and leadership roles, my focus shifted to understanding how security supports the commercial mission of a business.
This all took time. But take a look at the cyber roles on offer today: most of them are looking for the seasoned, experienced professional it took me years to become. Entry-level jobs are few and far between because it’s difficult for businesses to invest the time in growing cyber careers in-house. Those who are recruiting junior talent and taking the time to upskill them to the senior level are at risk of losing their freshly minted talent to high-demand job market and the high salaries that come with it.
Large Organizations Have an Advantage
If you’re a small- or medium-sized business or mid-market enterprise, it can be painful trying to attract and retain talent. You likely don’t have the training capabilities to target junior talent and grow them within your ranks, so you’re forced to swim to the higher end of the talent pool and compete with large organizations.
Larger organizations have the budget to pay high salaries, which affords them first crack at the senior security professionals that can operate in multiple domains with good efficacy. But larger organizations also have larger environments to secure, which means staffing a full security team at a large organization can mean hundreds of personnel, depending upon the size and complexity of the organization and the business they’re in. And that’s a tall order given the available talent pool.
Also, large organizations still struggle to retain junior talent as career trajectories in the cyber security industry aren’t always in-sync with what today’s workforce expects. Some junior roles aren’t progressive enough, and some candidates aren’t patient enough. Attrition of junior staff is a price that all companies are paying in the modern cybersecurity world.
Outsourcing: The Solution to the Shortage
Smart organizations live by the philosophy of concentrating on their core business and outsourcing everything else. This neatly helps sidestep the problem of talent acquisition and growth in non-core roles, leaving that to a service provider for whom it is their core business.
That outsourcing doesn’t need to be absolute. Many in-house security teams are augmented by managed service providers who help round out their team and provide the capabilities that they desire. Increasingly we see organizations leaning into their managed security providers. In turn, those MSSPs are moving up the value chain to provide more strategic support.
Today, many businesses can rely almost entirely on an outsourced security operations capability. Even large enterprises for whom the ‘not invented here’ thinking can be strong, can embrace service-based security operations as an antidote to the skills shortage.
Fully managed security operations solutions like those provided by Arctic Wolf can shore up your team and solve the cyber talent shortage for your organization, providing 24×7 eyes-on-glass coverage from a named team of security experts.