nCybersecurity professionals remain very satisfied despite skills andnstaff shortages and economic challenges in 2023.n
nnAmid a year of unprecedented global geopolitical tensions, increased digitalndisruption and demand for cybersecurity expertise, this year’snnISC2 Cybersecurity Workforce Study, which was released earlier today, brought to the fore the level ofnoperational contradiction security professionals are having to deal with,nacross emerging threats to tooling to workforce issues.n
nnThe study, which gathered insights from almost 15,000 professionals fromnacross the world, highlighted how both the cybersecurity workforce and thenworkforce gap have grown substantially as the threat landscape has evolved,nand moved up corporate and government agendas.n
nnHowever, the figures also revealed that cybersecurity teams have had tonstruggle with cutbacks and expect more to come, even as artificialnintelligence (AI) changes both the solutions they must deploy and thenthreats they face.n
nn
nA year of exceptional growth
nn
nnPolling the largest global sample of cybersecurity professionals in thenhistory of the study, the data showed that the global security workforcengrew by 8.7% year-on-year, to 5.5 million worldwide.n
nnWhile this represents breakneck expansion, growth in the cybersecuritynworkforce gap once again outpaced growth in the active workforce. Thenshortfall between the active workforce and the perceived need grewn12.6% year-on-year to 4 million worldwide.n
nn
nTechnology’s impact on people
nn
nnIf dealing with the staffing gap is a challenge, so is dealing with anchanging threat and technology landscape. And all those elements arenintertwined. Three quarters of security professionals see the threatnlandscape as the most challenging it has been in the last five years, andnbarely half believe their organizations have the tools and people they neednto deal with incidents over the coming years.
n nnThe shift to the cloud is one exacerbating factor. Cloud security is thenmost sought-after cybersecurity skill and professional development area,naccording to hiring managers, and the one that is most mentioned as an areanwhere companies have a pronounced skills gap. Zero trust is the next mostnpressing area.n
nnMeanwhile, artificial intelligence (AI) and machine learning (ML) skills arennow among the top five most in-demand skills for cybersecuritynprofessionals. A year ago, they were bottom of the list, and were not evennmentioned in previous iterations of the study.n
nn
nPeople vs skills shortages
nn
nnFor the first time since the pandemic, many participants expect hiring inntheir organizations to slow. Almost half of professionals have alreadynexperienced cutbacks, whether in the form of layoffs, reduced budgets, ornstaffing freezes. Almost a quarter had experienced layoffs while almost anthird expect additional cutbacks in the next year.n
nnThis potentially means widening gaps in knowledge, experience and risknmanagement. Gaps which threat actors – also benefiting from AI and otherntech advances – will look to exploit.n
nnA skills gap can be a bigger challenge than a workforce gap, according tonthe study. Even a fully staffed cybersecurity team will be of little use ifnit is lacking critical capabilities within its skillset. Economic pressuresncan mean that while head counts do not necessarily increase, investment innpersonnel development can actually fall, preventing the acquisition andnexpansion of key skills needed to adapt to new and emerging technologies andnthreats such as AI, ransomware, phishing and more.n
nnThis means education and training – both pre- and mid-career – are crucial.nExisting cyber professionals believe so, with 58% saying targeting keynskills gaps can mitigate worker shortages. Workers who continue to invest inntheir skills and keep certifications up to date are better able to weatherneconomic uncertainty, while organizations who help them do so are lessnlikely to experience skills gaps.n
nnMeanwhile, new workers joining the industry are coming from a more diversenpool. More are likely to have a bachelor’s degree in cybersecurity beforenjoining the industry – but they are also more likely to have previouslynworked in a non-IT role. There are more mid-career entrants than previousnyears, and gender and ethnic breakdowns are shifting.n
nnNonetheless, if organizations are recruiting cybersecurity professionals atna furious rate – and still can’t find enough of them – that doesn’t mean thencybersecurity industry can rest easy. Changes in the skills and technologiesnused to combat threats as well as instigate them are happening against anbackdrop of continuing geopolitical and economic instability that arenoverspilling to impact unconnected organizations as well as consumers.n
nn
nHappiness despite the challenges
nn
nnIt might not be a surprise that while 70% of cybersecurity professionals arenvery or somewhat satisfied with their job, this represents a drop of 4%nyear-on-year. It’s worth noting the number of professionals who were veryndissatisfied was 4%. In 2019, that figure was 7%.n
nnThe survey findings suggest the satisfaction drop was largely down to thencutbacks and layoffs that have already occurred, which directly result innmore challenging workloads for employees as well as an erosion of trust,nrather than a wider malaise with the actual work.n
nnNevertheless, despite the challenges – or, perhaps because of them –ncybersecurity professionals are amongst the most fulfilled workers around,nmeaning the profession continues to operate as one of the best paid and mostncontent sectors to work in.n
nnThe full report for 2023 can be downloaded atnnhttps://www.isc2.org/research, along with the Cybersecurity Workforce Study reports from previous yearsnfor further comparison. We will be diving deeper into each section of thenfindings in the coming days.
nn
nMethodology
nn
nnThe 2023 ISC2 Cybersecurity Workforce Study is based on online survey datancollected in collaboration with Forrester Research, Inc. in April and Mayn2023 from 14,865 cybersecurity practitioners. The respondents reside innNorth America, Europe, Asia, Latin America, the Middle East and Africa.nnnRespondents in non-English speaking countries completed a locallyntranslated version of the survey.nA detailed explanation of the estimation methodology for thenCybersecurity Workforce Gap is included in the report.
]]>