The news that the Democratic National Committee’s research on Donald Trump was broken into by Russian hackers may prompt calls for tougher cybersecurity measures—but it doesn’t change the basic fact that there simply isn’t enough cybersecurity talent to go around.
Cybersecurity hiring has boomed the past few years, as more and more companies in more and more sectors have faced security breaches. In fact, our last report found cybersecurity openings have grown three times as fast as openings for IT jobs overall. For example, many cybersecurity jobs require a CISSP certification. There were nearly 91,000 postings for workers with a CISSP in 2015. That’s a third more postings than the roughly 69,000 people with a CISSP in the United States—and it’s fair to assume that not all of them are looking for work. Imagine a game of musical chairs where a third of the chairs are the ones left standing.
That also means employers also have to pay more to get cybersecurity workers, who can command an average salary premium of nearly $6,500 per year, or 9% more than other IT workers.
The hard fact is that this labor shortage won’t go away quickly. Cybersecurity is a demanding specialty within IT, and workers need five years of experience before they can even apply for a CISSP certification. It’s impossible to tell whether staffing shortages played any role in the DNC hack. But it is fair to say that America’s cyber barricades, whether in government, business, or politics, are likely to be shorthanded for some time to come.