Ethical Hacking News
The cyber security industry is facing a critical shortage of skilled professionals, driven by a mismatch between employer requirements and applicant skills. Experts warn that if left unaddressed, this skills gap could have far-reaching consequences for businesses and organizations reliant on secure digital infrastructure.
The cybersecurity industry is facing a growing skills gap that threatens its foundation. The issue lies in a mismatch between employer requirements and applicant skills. Many companies are asking for too much experience while offering little compensation, deterring applicants. The proliferation of "ghost jobs" on recruitment websites is misleading job seekers. Security vacancies peaked in 2022 but have plateaued, with oversight and governance being the most in-demand skills. Providing specialized training and development programs can mitigate the shortage. A balance between technical skills and soft skills is crucial for recruitment. AI is often used to plug skill gaps, but its reliance on automation has limitations. The industry faces a critical juncture if the skills gap is left unaddressed.
The cybersecurity industry is facing a growing concern - a skills gap that threatens to undermine its very foundation. For years, experts have warned of a shortage of skilled professionals in this field, but the issue has only become more pressing in recent times. The latest data suggests that while there are specific shortages in certain areas, the overall trend is one of oversupply for generalist security talent.
At the heart of this problem lies a mismatch between the skills required by employers and those possessed by job applicants. Mary McHale, a careers advisor at UC Berkeley Master's in Cybersecurity, notes that when she first started her career, getting an interview was relatively easy - as long as you could spell "cybersecurity" correctly. However, times have changed dramatically since then.
"In recent years, I've found that many companies are asking for an awful lot of experience and offering very little in terms of compensation," McHale explains. "This is turning off a lot of applicants who might otherwise be interested in the field." The problem is exacerbated by the latest generation of AI products coming onto the market, which can make decisions about a person's resume and often leave applicants lacking the skills to game these systems.
Another factor contributing to this issue is the proliferation of "ghost jobs" on recruitment websites. In multiple studies, HR professionals have reported filing job adverts for positions that don't actually exist. This practice is often used to give the impression that a business is growing or to motivate staff by making them feel replaceable. As a result, many applicants are being misled and struggling to get their foot in the door.
Data from Cyber Seek, a partnership between the National Institute of Standards and Technology, Computing Technology Industry Association, and recruitment consultant Lightspeed, suggests that the number of security vacancies peaked in 2022 but has since plateaued. The most in-demand skills are oversight and governance, which is typically suited to more experienced practitioners. However, this shortage can be mitigated by providing specialized training and development programs.
Andy Woolnough, executive vice president of corporate affairs at International Information System Security Certification Consortium (ISC2), agrees that experience in the field is crucial for employers but notes that qualifications are also useful in getting around automatic HR filtering systems. He recommends that when recruiting new team members, HR should sit down with existing security staff and work out realistic requirements to avoid turning off potential applicants.
"The tendency for companies to ask for a lot of experience and offer not much in terms of compensation is a major turn-off for many applicants," Woolnough says. "We need to find a better balance between technical skills and soft skills like problem-solving, communication, and analytical thinking." He also emphasizes the importance of providing apprenticeships or other forms of training to help new entrants into the field develop their skills.
In recent years, there has been a growing trend towards using AI as a low-cost way to plug skill gaps among generalist security staff. However, this approach is often criticized for its reliance on automation and failure to address the root causes of the problem. According to nine out of ten companies ISC2 surveyed, they have an incomplete security team with skill holes in some areas.
"While the full impact of AI is still unknown, we are hearing that hiring managers are not rushing to hire specialized workers," Woolnough says. "Instead, they prefer generalists who can cover a range of areas while managers figure out what skills will be most beneficial to meet future demand." This approach raises concerns about the long-term sustainability of this strategy and the potential for unintended consequences.
The cybersecurity industry is facing a critical juncture, with experts warning that if left unaddressed, the skills gap could have far-reaching consequences. It is clear that a combination of factors - including AI, ghost jobs, and unrealistic expectations - is exacerbating this problem. To mitigate these effects, employers must adopt more realistic hiring practices and invest in training and development programs to ensure that the next generation of cybersecurity professionals are equipped with the skills needed to address the growing threat landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Cybersecurity-Skills-Gap-A-Growing-Concern-for-Industry-Experts-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/03/cybersecurity_jobs_market/
https://www.msn.com/en-us/money/news/cybersecurity-not-the-hiring-em-like-hotcakes-role-it-once-was/ar-AA1A9X0R
https://forums.theregister.com/forum/all/2025/03/03/cybersecurity_jobs_market/
Published: Mon Mar 3 11:26:58 2025 by llama3.2 3B Q4_K_M
