By: Josh Davis

A recent report on the health of the job market for cybersecurity professionals estimates the national cybersecurity unemployment rate to be 0% [1]. As rare as this number is for a measure of unemployment in any profession, in the case of cybersecurity, 0% unemployment does not even fully capture the extent of the cybersecurity talent gap. The same report indicates that 2016 ended with 1 million unfilled cybersecurity job openings and projected growth of that shortfall to 1.5 million by 2019. For those entering the field, this is welcome news. For corporations, however, this number reflects the magnitude of a growing challenge related to the day-to-day protection of data assets and assurance of IT-enabled business process integrity.

For many companies, the talent shortage is no trivial matter. In a recent report published by Intel Security, 71 percent of survey respondents believed the shortage in cybersecurity skills has resulted in direct and measurable damage to the enterprise [2]. Compounding the issue is that as the shortage of cybersecurity talent grows, so do the frequency and the variety of attacks worldwide. Attacks can range widely in technical sophistication — from zero-day vulnerabilities in vendor-provided software to phishing emails that trick unsuspecting users into handing over logins and/or other sensitive information. According to Symantec’s 2016 Internet Security Threat Report, cyberattacks across the technical spectrum are experiencing an uptick in volume. The ISTR specifically highlights a 125 percent increase in zero-day attacks, a 55 percent increase in employee-targeted phishing campaigns, and a 35 percent year-over-year increase in the use of ransomware [3]. In the face of these challenges, now is the time for dedicated efforts to increase awareness about the breadth of opportunities the field of cybersecurity provides and to develop a sustainable talent pipeline for jobs in this dynamic field.

While the term ‘cybersecurity’ is pervasive today, surprisingly few young people I talk to are truly aware of how diverse the field of cybersecurity is and the career-path options it affords. Lack of awareness limits the number of individuals who consider cybersecurity at the right time in their high school and college years, despite the health of the job market and availability of well-fitting career paths. We cannot expect students to prepare for jobs they do not know exist! In addition to educating young people about cybersecurity, now is the time for coordinated industry and academic efforts to co-develop a sustainable talent pipeline in cybersecurity. Such efforts should start by identifying the most critical foundational knowledge and skills required for success, the role of academia in delivering that knowledge, and the role of industry in providing meaningful developmental experiences to students.

While an important and growing threat, the cybersecurity talent shortage is not insurmountable. That said, there is work to be done. Industry and academia need to work together to increase awareness among our future workforce and co-develop meaningful opportunities for education and experience in the field. These collaborative efforts can lead to a robust and sustainable pipeline of cybersecurity talent that meets the workforce needs of today and tomorrow.

1. http://cybersecurityventures.com/career-news/
2. https://www.mcafee.com/us/resources/reports/rp-hacking-skills-shortage.pdf
3. https://www.symantec.com/security-center/threat-report

Joshua M. Davis, Ph.D. is a professor and head of the Department of Computer Information Systems in the College of Business at Missouri State University. He earned his Ph.D. from the University of South Carolina. His research interests are in the areas of organizational IT competence, e-value creation, and enterprise IT architecture.

This article appeared in the May 25, 2017 edition of the News-Leader and can be accessed online here.