The cybersecurity talent shortage keeps getting worse. According to Cybersecurity Ventures, the cost of cybercrime will double from $3 trillion globally in 2015 to $6 trillion by 2021. Meanwhile, the number of open cybersecurity jobs will increase from 1 million in 2016 to 1.5 million by 2019.
Meanwhile, the scale and damage of the attacks continues to increase. According to Juniper Research, 2.8 billion customer data records are expected to be stolen this year, increasing to 5 billion by 2022. The total cost of ransomware attacks alone is estimated to reach $5 billion this year, according to Cybersecurity Ventures, up from $325 million in 2015.
Right now, in the United States, there are nearly 350,000 job openings for cybersecurity professionals, and fewer than 800,000 people total in the nation's cybersecurity work force, according to CyberSeek. The number of people with security certifications is also in short supply. There are 30,000 open postings for people with the Certified Information Security Manager certification -- but only about 10,500 certificate holders.
Looking outside the box
That makes traditional recruiting very difficult, and companies need to look for other ways to find people beyond posting help wanted ads, hiring recruiters, and searching for professionals who are already trained and experienced in the work.
One option is to look for people in related technology professions, says Alan Cohen, chief commercial officer at Sunnyvale, Calif.-based Illumio. "Lots of smart IT people are moving into information security," he says. "As things become more software-led, application developers and operations people will filter into important security roles."
Another untapped resource is women. Currently, only 11 percent of the information security workforce is female, according to the ISC2. Improving diversity would go a long way to addressing the talent shortage. "To me, diversity is about finding talent where people are not looking," says Cohen. "One example of a forum we frequent is Women in Technology International."
Other good sources are people with government and military experience, he says. "There are both amazing skills and talent available in the government realm," he says. "Not only do many of them have technical training in the right areas, they have the ability to master new skills and not shrink under pressure." The company also holds hackathons at college campuses to discover new talent, he adds.
They're not the only one looking to competitions. "One of the most effective ways at finding information security talent is through participation in regional hacking conferences, such as Defcon in Las Vegas and HackMiami in South Florida," says Alex Heid, chief research officer at New York-based SecurityScorecard, Inc.
Sign up for CIO Asia eNewsletters.