Problem solve Get help with specific problems with your technologies, process and projects.

How to fix shortage of cyber security professionals?

The cyber security skills shortage comes from an aging workforce and lack of interest in security among students. Emphasis must be put on education to close the gap.

What's behind the shortage in cyber security professionals and what can be done to close the gap?

The Cisco 2014 Annual Security Report, along with news outlets Forbes and CIO.com, estimate the shortfall of IT cyber security professionals to be well over 1 million. The shortage of skilled security workers leaves many organizations struggling to adequately monitor and protect their networks and data. The Cisco report indicates that, even when organizations have the funds to hire people, they are challenged to find prospects with current, applicable skills and knowledge.

This shortage stems from a variety of factors, such as high experience requirements, an aging security workforce and a lack of interest from students. The March 2014 Job Market Intelligence report by Burning Glass, for example, states that 84 percent of cyber security postings specify at least a bachelor's degree and two-thirds of job postings require a minimum of four years of experience. Exposure and awareness are also considerations. According to a December 2013 Medill National Security Zone article, younger people either don't know about, or aren't presented with, security as a career option as they make their plans and pursue degrees and training.

Closing the security skills gap can be accomplished mainly through education and collaboration. Primary and secondary education curricula should build in computing and information technology, emphasizing security as much as possible. Companies and government agencies should invest more funds in scholarship programs. Security training and certifications should emphasize skills needed to address security risks and explain how to apply them on the job, rather than simply requiring cert candidates to understand them. Finally, more strategies like the Delaware Cyber Initiative are needed. Still in the proposal stage, this program seeks to create a "collaborative learning and research network" in which academia, companies and nonprofits reside on the same "campus" to promote more and better interaction, and to foster and fund research and innovation around cyber security.

This was last published in May 2014

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How do we get students interested in cyber security?
I think framing the field in relation to recent, real-world security breaches will help - the more students see that they have the opportunity to effect actual change, and that there's a need for these skills from some very well-known organizations, the more interest there will be. 
The problem is not only the students interest in cyber security but also the ones who are interested and obtain bachelor degrees in IT security field are not able to obtain a job because almost all employers require experience which graduated students does not have. I got my bachelor degree in IT Security from Monash University in 2013 but I was unable to secure even a graduate a job because organisations who hire security specialist require experience and other employers do not want to employ specialist degrees which they think will not stay much longer with them. Many of my classmates even did not want to put there major on the resume. I am now studying Master of Network and Security at Monash and hopefully enable me to get a job in cyber security field
I've looking for an opportunity in this field closer to my home; and nobody hires me because I don't have the certifications no matter what I have the experience and the training.
A shortage of these skills translates to a great opportunity for those who take the time and effort to get educated on this topic.
Our school (Capitol College) has had a lot of success with 'Capture the Flag' events for High Schoolers.
I think this is 'sorted'. you hire a bunch of idiots who know nothing, give them a check list and tell them they are 'security auditors'! :)
After being laid off earlier this year, I attempted to find training to add to my IT degree and it has been like looking for a needle in a haystack. The state unemployment people seem to think the solution to filling the gap in cybersecurity is a 2 year associate degree program. That is useless to me since the majority of the required courses are ones I have taken previously. I've more or less given up on this. I think you have to know someone already working in the field who can guide you on the precise things to learn or certifications to obtain and then help you get hired.