"Save me, oh God, from people who have no sense of humor."
— Ludlow Porch

Cyber-Security Talent Shortage.

An article published in CSOOnline back in September of 2016, stated that unemployment in the Cyber-Security field was zero percent, and that there were over 1 million un-filled jobs with nobody chasing them. Now I may be a bit over-critical, but isn't that the textbook definition of something of a NEGATIVE unemployment rate?

Many experts are saying that we are currently sitting on a -5% unemployment rate in the Cyber-Security world and expect the shortage in qualified candidates to grow to upward of 3.5 million by 2020.

Some think that part of the problem is companies trying to "hire a unicorn" by writing job descriptions for with cross-cutting requirements that no single person is ever going to have; hence recruiters are unable to find anyone who's qualified.

I keep getting calls from recruiters trying to place cyber-security experts in cubicles. Some are offering relocation packages and some are not. One client was willing to let a good candidate work remotely as long as they were willing to spend one week each month traveling to the client's offices in Northern Virginia... AT THE EMPLOYEE'S OWN EXPENSE.  :-/

Current roadblocks are...

  1. There just aren't as many cyber-security experts as are desperately needed. Each reported cyber-attack or data-breach represents only a small percentage of the actual activity, and creates more demand for experts to help mitigate the issue.
  2. Universities can't graduate cyber-security experts fast enough, because a freshly-minted undergrad doesn't have the requisite experience.
  3. Existing hiring practices are woefully inadequate to address the problem.
  4. Managers are unwilling to pay cyber-security experts the salaries necessary to lure them away from their current positions. In many cases this will be an amount far above what the manager himself makes.
  5. Most people are unwilling to relocate in order to take a job that can very easily be done remotely.