Despite the industry's growth, the cybersecurity talent gap persists, with an estimated 3.5 million positions unfilled worldwide. Nearshoring services, industry-led education and cybersecurity events offer solutions.
At a time when innovation and cybersecurity go hand in hand, the expansion of artificial intelligence (AI) development represents a persistent challenge: the growing battle against cyber threats. Despite cybersecurity professionals being at the forefront, the industry faces a significant disparity between demand and available talent. There are around 3.5 million unfilled cybersecurity positions around the world . More than 750,000 are in the US. Bridging this gap has never been more critical.
Source: Cybersecurity Ventures
This shortage is part of a broader problem in the technology industry. As Deloitte Insights found in its research, the biggest problem facing technology companies is hiring the right talent, with nearly 90% of respondents calling it at least a “moderate challenge.” IT professionals with skills in cybersecurity, cloud services, data analytics and machine learning continue to be in high demand, highlighting the selective impact of last year's layoffs based on the evolving needs of the technology sector.
To paraphrase one of the leaders interviewed in the Deloitte study, there is a lack of “systems and security architects. People who can sit down and think about how everything fits together.” In fact, for this leader, they are so rare that they call them unicorns .
We seem to be gravitating towards talent with a more robust skill set. So how can we bridge this gap and at the same time focus on growing the industry?
The scale of the problem
Over the past five years, the cybersecurity talent gap has remained alarmingly stable, with an estimated 3.5 million unfilled positions globally — a number that has not changed since 2021. This stubborn persistence of unfilled roles underscores the severity and complexity of the cybersecurity challenge facing industries around the world.
The cybersecurity talent shortage can be attributed to a combination of factors that have evolved over the years. The biggest factors are:
- Rapid industry growth versus educational output : The cybersecurity industry has experienced a meteoric rise in demand, increasing 350% in job openings from 2013 to 2021 . This growth exceeds current educational and training production, leading to a significant talent gap that is expected to persist until 2025.
- Pandemic-induced changes : The COVID-19 pandemic has accelerated digital transformation and increased dependence on technology, further increasing the demand for cybersecurity professionals. Simultaneously, the economic repercussions of the pandemic and the shift to remote work have influenced recruitment, retention and the way cybersecurity work is conducted.
- Lack of entry-level opportunities and high certification expectations : Entry-level cybersecurity roles are scarce, and companies often require certifications or experience levels that new entrants find difficult to achieve. For example, certifications like Certified Information Systems Security Professional (CISSP) are a five-year certificate but still listed as a requirement for entry-level roles.
4. Technological advancements and the evolving threat landscape : An ever-evolving landscape requires professionals to acquire a highly specialized skill set. Specialized knowledge puts additional pressure on the talent pool, having to reskill every 6 to 12 months to keep up with evolving threats.
5. Retention Challenges and Workplace Stress : The intense and often stressful nature of cybersecurity work, combined with the industry's competitive environment, contributes to high turnover rates. Organizations face challenges in retaining talent due to burnout, workplace stress and the allure of more lucrative or less demanding roles in other technology sectors.
6. Diversity and Inclusion Efforts : While there are efforts to promote diversity in the cybersecurity workforce, there continues to be a significant gap in attracting women, minorities, and neurodiverse individuals to the field.
The cybersecurity talent gap persists not only due to the sheer number of roles to fill, but also due to the need for deeper integration of cybersecurity across organizations. This situation requires a change in perception towards seeing cybersecurity as a priority at all levels of a company's structure, instead of focusing only on training and hiring professionals.
We conduct annual company-wide cybersecurity training that all professionals must complete. This ensures that the entire company has a basic understanding of cybersecurity, including knowledge of current threats and responsible practices to protect company assets. As digital threats rapidly evolve, it is crucial to cultivate a well-informed workforce, from the boardroom to the break room.
Nearshoring to Address Cybersecurity Talent Shortage
Nearshoring emerges as an attractive alternative to solving the cybersecurity talent shortage. It takes advantage of proximity, cultural affinity and time zone alignment. This mitigates the challenges of finding qualified cybersecurity professionals locally. At the same time, it improves real-time collaboration and communication, critical factors in the field of cybersecurity.
One of the main advantages of nearshoring is providing access to cybersecurity experts who can confront global threats and develop defense mechanisms. Our collaborations with clients on different projects highlight the effectiveness of nearshoring in strengthening cybersecurity measures.
For example, we provide Strength Point with senior professionals through a headcount commitment. Our engineers have employed manual and automated QA testing strategies to identify vulnerabilities in cybersecurity software . This approach achieved comprehensive test coverage and ensured compliance with the highest industry standards.
Similarly, our software development outsourcing services model has proven to be pivotal for Rolls Royce . Our software development team worked on granting secure remote access to real-time data monitoring for your plants. This involved implementing advanced cybersecurity controls to ensure system security.
Our engagement with Azlo through staff augmentation services highlighted the role of nearshoring in strengthening cybersecurity for compliance in digital banking . Over 18 months, our collaboration contributed to a significant increase in the number of customers, demonstrating the impact of nearshoring in strengthening security measures and supporting business growth.
Nearshore outsourcing is ideal for specialized and urgent talent needs. On the other hand, you want to know what's happening in the industry's talent landscape. What sets cybersecurity professionals apart? Is it academic credentials, proximity to industry or competitive environments?
Academic programs and their limitations
Academic programs are the starting point for most students. However, they sometimes emphasize theoretical knowledge at the expense of practical skills, leaving a gap between what students learn and what the industry demands . Recognizing this, there is a shift towards making academic programs more dynamic and closely aligned with industry demands. This evolution has seen curricula incorporate more frequent updates, real case studies and practical training to bridge the knowledge-practice gap.
Partnerships between academia and the cybersecurity industry have emerged as a fundamental strategy to face this challenge, facilitating a smoother transition for students into the job market. Initiatives such as internships, co-op programs, and industry-led workshops enhance students' hands-on experience and understanding of current trends.
Additionally, the emergence of short-term remote courses, such as Stanford's Advanced Cybersecurity Program, and learning platforms, such as edX , offer personalized educational paths. These options allow students to gain specific skills for specific cybersecurity roles. This approach diversifies the talent pool and ensures emerging professionals are equipped to face modern cyber threats.
The value of industry-led education
Beyond the boundaries of academia, industry-led programs and training initiatives are designed to create a more direct path from learning to employment. BrainStation , for example, collaborates with industry experts to ensure its cybersecurity courses remain relevant and up-to-date. Students participate in real-life case studies and receive hands-on training from professionals working at companies like Google Cloud and IBM. This approach equips students with the latest skills and offers insights into industry challenges.
Several companies and organizations offer scholarships and free training to support cybersecurity education. Notably, Cisco, Raytheon, Google , and Microsoft offer scholarships, with Cisco providing $10 million for careers in cybersecurity . This financial support helps students access education and training opportunities that would otherwise be beyond their reach. Programs such as the U.S. Navy's Information Assurance Grant Program (IASP) further expand educational support to develop infrastructure for information assurance education.
In Jamaica, Confiança HEART/NSTA launched a Cisco Certified Cybersecurity Training Program with the aim of training 500 individuals in collaboration with the Global Services Sector (GSS) Project. The objective is to democratize cybersecurity skills and attract talent from other regions.
Cybersecurity Competitions: School of Hard Knocks
The importance of hands-on experience in cybersecurity education is paramount, directly addressing the limitations of traditional classroom learning. Methods like cybersecurity competitions offer a dynamic platform for students to engage in cybersecurity tasks, from ethical hacking to network defense, in a controlled but competitive environment. This increases your ability to apply theoretical concepts and cultivates critical thinking and problem-solving skills.
There are several popular competitions that offer a unique focus. For example, Google capture the flag presents challenges related to web security, reverse engineering, and encryption. In contrast, Pwn2Own focuses on software and operating system vulnerabilities. On a more specialized level, the President's Cup Cybersecurity Competition was created in response to an executive order, with the goal of rewarding the best cybersecurity talent in the federal workforce.
The impact of AI on cybersecurity in the short term
As AI-powered tools are increasingly integrated into business operations, prioritizing cybersecurity has never been more relevant. The adoption of AI opens new frontiers for efficiency and innovation, but it also introduces unique vulnerabilities that can only be mitigated through a robust cybersecurity framework. The cybersecurity talent gap is expected to become an even greater pressure across industries.
The UK's National Cyber Security Center recently revealed alarming predictions surrounding the use of AI in malicious activities. They found that “AI reduces barriers for novice cybercriminals, hackers for hire, and hacktivists to conduct effective information access and collection operations.” This will likely contribute to ransomware threats in the coming years. Its report also suggested that “all types of cyber threat actors – state and non-state, skilled and less skilled – are already using AI, to varying degrees.”
Strategically, companies must view cybersecurity as a core component of their value proposition to customers, stakeholders and partners . This involves developing cybersecurity strategies that are proactive, predictive, and adaptive to the evolving threat landscape that AI technologies may be exposed to. This underscores the importance of looking at talent cybersecurity strategies from a talent and technology perspective.
In conclusion: Ensuring trust and a competitive advantage
In essence, integrating cybersecurity into the fabric of business strategies is essential to building trust, ensuring compliance, and securing a competitive advantage in the digital economy. While finding and retaining specialized talent is difficult, it must remain a top priority for companies given the evolving threat landscape.
Companies can address this challenge by assisting in cybersecurity competitions, reaching out to schools for partnerships, or choosing to engage with nearshoring partners. In doing so, they not only protect themselves from potential threats, but also position themselves as forward-thinking, reliable and secure partners in the eyes of their customers and the market at large.
If you are a cybersecurity expert looking to collaborate with high-profile clients across 100+ industries, take a look at our job openings . We are constantly looking for the best talents who will transform opportunities into results.