An article published in CSOOnline back in September of 2016, stated that unemployment in the Cyber-Security field was zero percent, and that there were over 1 million un-filled jobs with nobody chasing them. Now I may be a bit over-critical, but isn't that the textbook definition of something of a NEGATIVE unemployment rate?
Many experts are saying that we are currently sitting on a -5% unemployment rate in the Cyber-Security world and expect the shortage in qualified candidates to grow to upward of 3.5 million by 2020.
Some think that part of the problem is companies trying to "hire a unicorn" by writing job descriptions for with cross-cutting requirements that no single person is ever going to have; hence recruiters are unable to find anyone who's qualified.
I keep getting calls from recruiters trying to place cyber-security experts in cubicles. Some are offering relocation packages and some are not. One client was willing to let a good candidate work remotely as long as they were willing to spend one week each month traveling to the client's offices in Northern Virginia... AT THE EMPLOYEE'S OWN EXPENSE. :-/
Current roadblocks are...
- There just aren't as many cyber-security experts as are desperately needed. Each reported cyber-attack or data-breach represents only a small percentage of the actual activity, and creates more demand for experts to help mitigate the issue.
- Universities can't graduate cyber-security experts fast enough, because a freshly-minted undergrad doesn't have the requisite experience.
- Existing hiring practices are woefully inadequate to address the problem.
- Managers are unwilling to pay cyber-security experts the salaries necessary to lure them away from their current positions. In many cases this will be an amount far above what the manager himself makes.
- Most people are unwilling to relocate in order to take a job that can very easily be done remotely.