When training and credential provider ISC2s released its latest workforce analysis recently, the report’s continued focus on a gap between the number of “needed” cybersecurity professionals and the estimate of the current workforce touched off a backlash.
Following discussions with dozens of unemployed cybersecurity professionals, field CISO Ira Winkler of CYE Security wrote an open letter to ISC2, criticizing ISC2’s continued focus on the gap as a measure of true demand. Ben Rothke, a senior information security manager at Experian, also took issue with the data, as well as the marketing that fuels get-rich-in-cybersecurity training programs.
Rather than a healthy market for cybersecurity labor, workforce estimates have plateaued — both in North America and worldwide — suppressed by a lack of budget to pay for cybersecurity hires. It’s something even the ISC2 even flagged in its report. Essentially, no matter how much businesses may want to hire additional cybersecurity professionals — and 59% of professionals surveyed by ISC2 claim to need skilled workers — budgets are tight and being spent elsewhere, resulting in stagnating demand for cybersecurity workers.
It’s high time to sit down prospective cybersecurity professionals for a real-world talk, Winkler says.
“My gut reaction was, hey, whatever the number of openings is, that should not be [ISC2’s] concern — they should be worried about the members who are long-term unemployed, of which there are many,” he says. “Many of these people are really frustrated hearing that there’s all these openings, and they can’t get one.”
For years now, reports from a number of organizations estimating the cybersecurity workforce size (and its potential size) have focused on the “cybersecurity workforce gap” between the number of workers that security managers claim they need and the estimate of actual workers they have in place. The perceived gap has attracted potential students to train — or increasingly, retrain — for a job in cybersecurity. In late October, when the ISC2 released its aforementioned “2024 Cybersecurity Workforce Study” report, the organization estimated the gap had grown 4% to 543,000 for cybersecurity workers needed in North America, while its estimate of the existing workforce shrank by 2.7% to 1.45 million.
Overall, the cybersecurity jobs market continues to struggle with factors including overestimates of demand, a lack of well defined career paths, and subpar training, industry watchers say.
Source: Dark Reading