How more diverse recruitment can help close the cybersecurity talent gap

Cybersecurity’s mission is simple: to protect people. Our industry defends against criminals attempting to steal data, gain money, or create distress. We prevent hackers from shutting down vital medical services, critical public utilities and ransoming private records. We stop nefarious access to voting systems meant to impede the free will of democracy.

Cybersecurity professionals are the unseen heroes keeping the inner mechanisms of society running. And as the volume of threats increases, cybersecurity leaders face a workforce deficit. This talent gap of 3.4 million global professionals, estimated by ISC², places our industry – already square in the crosshairs of cyber criminals – at a crossroads. Our demand for talent far exceeds our supply.

Our inability to attract and retain qualified employees, our lack of diversity, and the challenging nature of security operations will widen this gap further unless we act now.

A survey by Trellix and Vanson Bourne shows that 85% of respondents believe the workforce shortage is impacting their organization’s ability to secure their networks. The survey included 1,000 cybersecurity professionals across nine countries.

Meanwhile, the Ponemon Institute found that the average cost of a single data breach in 2022 was $4.35 million. The demand for cybersecurity talent capable of reducing breaches and their costs is a global crisis, impacting both private and government sectors.

The industry's workforce is homogenized – 64% identified as white, 78% male, 95% with a bachelor's degree, and 85% in IT, computer science, or technology major. Women, non-binary people, people of colour, our LGBTQ+ community and a variety of educational backgrounds, cultures, and countries are greatly underrepresented.

Cybersecurity hiring practices lean heavily toward four-year degrees, excluding qualified people who lack schooling but have earned certifications or completed other vocational training. Around 56% of security professionals believe people don’t need university degrees to have a successful career in cybersecurity. By contrast, cybercriminals hone their methods from diverse backgrounds without barriers such as education prerequisites.

As the volume and complexity of threats increase, so does cybersecurity talent attrition. Security teams try to make sense of a relentless barrage of alerts. Long work hours of constant stress affect those who otherwise find their career meaningful—almost a third of the current workforce plans to change professions in the future. Increased workloads on existing staff lead to higher burnout rates while cybersecurity jobs remain open.

While there are no simple solutions to these severe challenges, new approaches within the industry and government initiatives can boost training, hiring, and retaining cybersecurity talent to make up ground against the gap.

By putting people at the heart of cybersecurity, we can pave a path for more people to do soulful work.

Scaling our cybersecurity teams isn't all the work that needs to be done. Workloads must be reduced. Security operations leaders can support their teams by embracing automation and an extended detection and response (XDR) architecture to do their jobs more efficiently and effectively. Other industries have enterprise platforms, but cybersecurity has not adopted one yet. Moving to an open XDR platform is the revolutionary solution needed.

There’s a clear path forward to solving our lack of diversity and overcoming our talent deficit. It involves attracting more bright individuals across genders, races, ages, ethnicities, and orientations. It includes enticing more skilled workers in search of more purposeful careers and more fulfilling lives.

We can meet the moment by creating pathways for people from diverse backgrounds and equipping security operation employees with the tools they need to make their jobs and lives easier.