The gap between the number of cybersecurity professionals and the number of available jobs in the industry will rise to 1.8 million by 2022, according to a new (ISC)2 survey.
The 2017 Global Information Security Workforce Study polled 19,641 cybersecurity professionals in 170 countries, looking to gain insights into the ways IT departments are adjusting to the growing threat landscape. It found that organizations’ biggest challenge continues to be finding enough qualified staff. The skills gap represents a global increase of 20% compared to 2015’s forecast, and includes 265,000 vacant cybersecurity positions in North America alone.
Reasons for the skills gap
According to the study’s respondents, the most cited reason for the skills gap is a lack of qualified personnel. This problem is felt most strongly in North America, where 52% of respondents said that they had problems finding enough qualified staff to fill positions.
Other leading factors cited by respondents from North America are:
- Leadership doesn’t understand the IT department’s requirements: 42%
- Business conditions can’t support additional personnel: 41%
- Security workers are difficult to retain: 34%
- There is no clear information security career path: 28%
The good news is that IT departments are actively looking to address this shortage. Globally, 31% of hiring managers are planning to increase the size of their department. North America and Europe are the most ambitious in that desire, with a significant number of respondents in both regions (21% in Europe, 27% in North America) saying they plan to increase the size of their departments by more than 20% in the next year.
Where will these employees come from?
It’s all well and good planning to hire more people, but, as the report shows, the demand for staff continues to outpace supply. So where will these new employees come from? According to (ISC)2, hiring managers are exploring new recruitment strategies and are looking to entice previously unqualified people with the promise of a good salary and opportunities for career growth.
The report states:
Individuals with non-technical previous careers often rise to become key decision makers in their organizations: globally, 33% of executives and C-Suite professionals began in a previous non-technical career. […] It will be important, if not essential, to consider the relevant educational foundations, training and professional development opportunities that support the breadth of people with potential to enter the field in order to fill the worker shortage.
Gain industry-recognized ISO 27001 qualifications
The first step in starting a career in information security should be to gain an ISO 27001 qualification. ISO 27001 is the international standard that describes best practice for an information security management system (ISMS), and it provides the basis for managing data security using an integrated set of policies, procedures, and technologies.
With IT Governance, you’ll receive practical and interactive help from experienced practitioners. You can choose the specific course to fit your need and opt to study in either a classroom or online format.