Recruiting Watchers for the Virtual Walls: The State of Cybersecurity Hiring

e are recreating a research from Burning Glass Technologies that has been tracking jobs data to answer a basic question about cybersecurity: Do American employers have the talent they need to defend themselves? The threat remains as potent as ever—and so is the persistent cybersecurity talent shortage.

There have been major efforts to increase the supply of cybersecurity workers. But Burning Glass research shows demand has increased as well, which means cybersecurity talent is still expensive and hard to find.

For example, federal data shows the number of postsecondary programs in key cybersecurity areas has increased 33%, and the number of conferrals rose 44% between 2013-17. Yet one key indicator of supply and demand, the ratio of currently employed cybersecurity workers to job openings, has hardly budged since 2015. In other words, the pool of available talent has remained proportionally the same.

One reason for this is the very fact that cybersecurity is now more widely considered a critical function. Demand for security skills, once limited primarily to government and the defense industry, has spread throughout the economy.

The changing priorities and tactics of cybersecurity are reflected in hiring patterns. Overall, the field is emphasizing deploying automation and managing risk more effectively. That is partly in the belief that these tactics will be more effective in preventing breaches—but it is no coincidence that they also alleviate the need for hard-to-hire human workers. In addition, projections show that the next generation of cybersecurity workers will need skills in cloud security and the Internet of Things.

Burning Glass Technologies has been tracking the cybersecurity job market since 2013, both in a series of reports and on the website Cyberseek.org. Based on their database of nearly one billion current and historical job postings, Burning Glass has built a definition of the cybersecurity job market that includes all job openings with cybersecurity-related job titles, skills, or certifications.

Key findings:

  • The number of cybersecurity job postings has grown 94% since 2013, compared to only 30% for IT positions overall. That’s over three times faster than the overall IT market.
  • Cybersecurity jobs account for 13% of all information technology jobs. On average, however, cybersecurity jobs take 20% longer to fill than other IT jobs, and they pay 16% more. On average, that works out to more than $12,700 per year.
  • Yet for most IT workers, cybersecurity is one among many responsibilities rather than a dedicated role. More than half of jobs demanding cybersecurity skills are in fact other IT roles, where security is only one part of a broader job description.
  • For each cybersecurity opening, there was a pool of only 2.3 employed cybersecurity workers for employers to recruit. That is almost exactly the same ratio of openings-to-employed workers as in 2015-16. By comparison, there are 5.8 employed workers per job opening across the economy in general. Even with the expansion of cybersecurity programs, supply has not kept up with demand.
  • Demand for automation skills in cybersecurity roles has risen 255% since 2013, and demand for risk management rose 133%.
  • Public cloud security (170%) and knowledge of the Internet of Things (140%) are projected to be the fastest-growing cybersecurity skills in demand over the next five years.
  • Over 88% of employers looking for cybersecurity professionals require at least a Bachelor’s degree in IT security or a related field. They are also required to have three years of experience working in cybersecurity.
  • The cybersecurity job market is expected to grow by 31% from 2019 to 2029.