Cybersecurity hiring hasn’t suffered a downslide, but its modest budget increases may not be enough to keep pace with threats. The Wall Street Journal reports that organizations had planned to increase their cyber budgets by about 6%. Any increase is good, but as Dice.com points out, it’s “not the double-digit growth seen in the previous two years for cybersecurity budgets.”
What does that mean for cybersecurity hiring? Let’s get the worst news out of the way:
Most respondents—about 59%—to the State of Cybersecurity 2023 Report from ISACA and Adobe told the researchers that their cybersecurity teams are understaffed. More than 70% claim their organizations have unfilled cybersecurity positions. These are contributing factors in 48% of respondents believing their organizations are more vulnerable to threats now compared to the previous year. The findings mirror a Gartner prediction that, by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.
“The current state of cybersecurity could not paint a more dire picture—an aging workforce coupled with too few entry-level positions. The existence of gatekeeping and problematic job descriptions worsens the situation and amounts to self-inflicted pain points that no number of reskilling programs will help overcome. And yet, an already fragile situation has been made worse by employee burnout, economic uncertainty and a surge in return-to-office mandates,” states the authors of the State of Cybersecurity 2023 Report from ISACA and Adobe.
But let’s find some light in this darkness. We dove into the ISACA findings and other research and uncovered a few opportunities for those involved in cybersecurity hiring over the next couple of years. It starts with fostering new talent while supporting those in management and executive roles.
Foster New Talent
One critical finding by ISACA is the lack of interest in entry-level cybersecurity hiring. According to the report, aspiring cybersecurity professionals spend significant time and money completing pathway programs and yet remain unable to secure employment in the cybersecurity field.
“While the United States National Cyber Workforce and Education Strategy (NCWES)3 and similar efforts globally may be comprehensive, they cannot compel enterprises to create entry-level positions. Failure to resolve this critical issue will magnify the existing problem of students and career changers being unable to obtain employment due to lack of experience, despite any knowledge, skills or credentials they have acquired,” the study authors write.
It’s hard to attract an experienced cybersecurity workforce. What if you, instead, dedicated a portion of cybersecurity hiring resources to attract and develop entry-level talent who you can then promote into leadership?
Be a Psychologically Safe Place for Cybersecurity Leaders
“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, a director analyst at Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.” It’s a critical issue, which is why we’ve covered the topic several times over the past few years. Feel free to revisit our posts Is C-Suite Burnout Causing a New Wave of Resignations? and Easing Tech Worker Burnout and consider how you can instill changes to create a great place for cybersecurity professionals to thrive.
These two priorities are just the start, but they can carry you far in your cybersecurity hiring efforts. As the cybersecurity workforce ages, economic pressures strain resources and benefits, and increasingly sophisticated cyberattacks lurk around every corner, there’s no time like the present to realign your strategies. Both The HT Group’s tech recruiters and advisors can help.