Current challenges in the cybersecurity industry have less to do with technological limitations and more to do with a shortfall in human capital. Cybersecurity firms are staring at an encroaching job shortage across the board. The continued growth of the industry at large has not been met with an increase in the number of skilled developers, and firms need to take a closer look at their internal hiring protocol before this problem becomes acute.

In order for cybersecurity firms to scale up their operations to meet increasing demand, they must adapt their workforce strategy to match the impressive growth in the software sector.

What does the cybersecurity talent gap look like?

The talent gap in cybersecurity refers to the apparent lack of skilled developers available for important positions at companies and firms. Consider research done by Frost and Sullivan projecting that by 2020 there will be 1.5 million unfilled positions in the global cybersecurity workforce. That is a major shortfall, and brings to bear issues in education, training, hiring strategy, and scope of work required.

Part of the issue is that, on average, companies are not even looking for the most skilled positions. A Cybersecurity market review conducted by Momentum found that 26% of nationwide job postings were geared towards ‘operating and maintaining’ existing systems. Combine that with 24% for ‘securely position’ jobs (building the security infrastructure itself), and that brings us to 50% without consideration for ‘risk management/analyst’ positions. Contrast that with only 16% of job postings for ‘protection and defense’ positions, and the talent gap becomes more clearly defined.

Either there are not enough skilled developers on the market, or the companies themselves are naïve to the issues and believe they can get away with hiring builders and administrators instead of cybersecurity managers and vulnerability analysts. It’s likely that both forces are contributing to the gap in hiring.

Industry Growth Makes the Talent Gap More Acute

This is all happening in an industry that will not sit still. The IDC indicates that revenue for cybersecurity firms will grow from $73.7 billion in 2016 to over $101 billion by 2020. This annual growth rate of 8.3% is more than double the rate of overall spending growth in the IT sector. Clearly companies are in the process of scaling up their cybersecurity departments, and that means they will be looking to hire.

The issue is: how do firms adapt to prevent 1.5 million unfilled positions by 2020?

Firms Need to Create Job Ecosystems and Hire Outsiders

The most proactive approach is to change the existing hiring protocol. Cybersecurity is an industry that certainly requires a healthy dose of technical skill – but that is not the most important intangible at play when it comes to hiring. The most important intangibles are curiosity, excellent problem solving ability, and an understanding of risk potential. People with these aptitudes and an impressive background in another industry should be given more of an opportunity when put up against a developer with a 4-year college diploma.

Companies should put more resources into on-the-job training and mentorship for those who might not have the experience but certainly have the passion to learn. Not only will the job shortage risk be mitigated, but companies will develop a team of experts that know their system inside and out.

Bringing it all Together

At current growth rates, the cybersecurity industry of 2020 will be hit with a severe job shortage. For companies looking to expand their cybersecurity departments, the most proactive solution is to strengthen on-the-job training programs so that newcomers who might not be experts in the field are given the resources to become so.