Cybersecurity Unemployment Rate

FROM THE EDITORS AT CYBERSECURITY VENTURES

2017 Edition

The editors at Cybersecurity Ventures bring you the top stories on cybersecurity job market trends, statistics, notable employment activity, and resources for job seekers, employment managers, recruiters, search firms, corporate executives, engineers, consultants, and sales and marketing executives.

FEATURED STORY

Cybersecurity Unemployment Rate Drops To Zero Percent

There’s a job for everyone with cybersecurity experience.

stevemorgancvheadshotSteve Morgan, Editor-In-Chief

The demand for cybersecurity professionals will increase to approximately 6 million globally by 2019, according to some industry experts cited by the Palo Alto Networks Research Center.

Earlier this year, Cybersecurity Ventures predicted there will be 3.5 million unfilled cybersecurity jobs by 2021, up from an estimate of 1 million by Cisco in 2014.

Almost anyone with cybersecurity experience and realistic salary expectations can find immediate employment. There may be a small percentage of the cyber workforce who are in between jobs, some who have resigned to explore new opportunities, and others who are unrealistic about which positions they qualify for (and the compensation commensurate with their experience) — but there’s an abundance of positions available for cybersecurity pros.

Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015… and the world will spend $1 trillion cumulatively over the next five years from 2017 to 2021 on cybersecurity products and services to combat cybercrime. These figures suggest the cyber employment problem will get worse before it gets better.

We interviewed several industry experts who corroborate the unemployment rate, and share the recruiting challenges that come with it.

​John McAfee, Cybersecurity Luminary

“The field of cyber security is the least populated of any field of technology” says John McAfee, a cybersecurity luminary and founder of Future Tense Central, a privacy and security company which has developed and invested into several cutting edge technologies which protect users of mobile and web apps.

“There are two job openings for every qualified applicant”, adds McAfee, who is also CEO at MGT Capital Investments, Inc., which is in the process of acquiring a diverse portfolio of cyber security technologies.

​Robert Herjavec​, Cybersecurity CEO

Robert Herjavec, founder and CEO at Herjavec Group​, ​a leading global information security advisory firm and Managed Security Services Provider (MSSP) with offices across Canada, the United States, United Kingdom and Australia​, concurs with Cybersecurity Ventures’ findings​. “We are one of the few industries globally​ experiencing zero-percent unemployment” says Herjavec.

”Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the Black Hats.”

Gary Hayslip, CISO

“Why​ ​are​ ​organizations having a hard time hiring?” asks Gary Hayslip, Chief Information Security Officer at Webroot and previously the Deputy​ ​Director, CISO for the City of San Diego​, ​Calif.​, the eight largest city in Calif. ​He answers, saying “​​Organizations at times are trying to hire a unicorn​ –​ i.e. they need ​three people but can only hire​ one​ so they write the job spec with a huge list of ​disparate skill​ ​sets that most security professionals don’t have.”

“I also believe there​’s​ a number of people coming out of school with cyber degrees and they can’t get jobs because of minimal experience. Whether they like it or not they need to take those entry level positions and mature as a security professional​. ​J​ust because you have a degree doesn’t equate to a high paying position – you have to work for it and many times that means you take the junior positions and get experience.​” Hayslip, who is co-author of the book ‘CISO Desk Reference: A practical guide for CISOs‘, makes a good point which is also relevant to IT workers who are crossing over to cyber.​

Frank Zinghini, Software CEO

Frank Zinghini, founder and CEO at Applied Visions, Inc. (AVI)​, ​a software development company focused on creating visual software solutions to solve complex problems​ ​in​ cyber​ ​security​ ​and command and control systems to government and commercial customers worldwide​, has been hiring programmers who are fresh out of college for more than twenty years​.​ ​”Opportunities for jobs in the cyber security sector are abundant, and far outstrip the available talent to fill them” says Zinghini.

“​The challenge in finding one of those opportunities is that the term “cyber security” is a broad umbrella that covers many disciplines, education levels, skill sets, and aptitudes. The kind of person who is comfortable sitting in a Security Operations Center (SOC) monitoring sensors and looking for attacks in real time is different from a forensic analyst who enjoys poring through log files in search of signs of an adversarial presence in the network.”

“Similarly, those who enjoy attacking web apps to help the developers see if they left anything unsecured are not likely to be interested in (or capable of) analyzing the source code itself for patterns of weakness. These and many other disciplines are all within the realm of cyber security; anyone interested in a career in this area needs to understand the differences and choose a path that suits them. The industry, and the nation​ (U.S.)​, needs them to do that soon.”

Veronica Mollica, Headhunter

Non-existent unemployment may be good for candidates, but not for employers. “While zero percent unemployment rates sounds optimal, it creates a lot of challenges for organizations including retention issues, salary inflation, and sub-par candidates getting jobs they are not qualified for” says Veronica Mollica, a Cyber Security Executive Recruiter for the past 14 years and currently Vice President of Business Development at CyberSN.

“Companies are going to have to invest heavily in training young cybersecurity professionals who have a combination of technical, business, and soft skills as the talent gap widens.”

Cyber Talent​ Hunt​

​Where is the best place for employers to find the top cybersecurity talent?

“​The U.S. currently possesses the the largest and most talented pool of cyber security specialists in the world​” states John McAfee – in his Cyber Security Doctrine, published when he was a 2016 U.S. Presidential Candidate for the Libertarian party​. ​”​These specialists congregate multiple times each year in various locations, culminating in the annual DEF CON Conference, comprised of upwards of 50,000 specialists. These specialists compose our Hacker Community.​”

HR chiefs may want to take McAfee’s lead and send their recruiters to the top cybersecurity conferences to network in a venue where thousands of cyber people are all under one roof. Local cyber events are another viable recruiting ground.

Jobs For Everyone

The experts are saying there’s a job for everyone, and candidates just need to be realistic.

Recent college grads with cyber degrees and IT workers crossing over to cyber may have over-inflated views of their job prospects. Some of them might need to think about starting out at the bottom rung of the ladder as an information security analyst and then working their way up.

U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs last year. They stated the profession is growing at a rate of 36.5 percent through 2022. That bodes well for newbies, much the same as more experienced cyber fighters.

Steve Morgan is founder and CEO at Cybersecurity Ventures and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies.

grayfooterline

© 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.