Cybersecurity professionals received jarring news last year when, for the first time ever, demand for their industry’s workforce shrank to 3.1 million people from the previous year’s 4 million people, according to (ISC)²’s 2020 Cybersecurity Workforce Study report.
That drop represented a whopping 25% decline in the 2020 cybersecurity workforce gap, which measures the difference between the expected demand for cybersecurity professionals and the number of people who are currently in the industry, as well as new entrants and those making a transition into cybersecurity.
In facing such a large double-digit decline, cybersecurity professionals — and those looking to make a transition — may wonder and worry what’s in store for 2021. After all, even the red hot cybersecurity field saw positions cut amid the depths of the Covid-19 pandemic.
“It’s the first time it’s gone down, but I believe it’s completely artificial that it dipped last year,” Clar Rosso, chief executive officer of cybersecurity association (ISC)², told IEEE-USA InSight. “When we reflected on the timing of the survey, we began to question whether the results were real or not.”
The survey, which collected data from 3,790 cybersecurity professionals across the globe, was taken between April through June. That was a period when hundreds of thousands of businesses were shutting down or dramatically scaling back their operations and instituting hiring freezes due to the pandemic.
The combination between lower demand for cybersecurity workers and an additional 700,000 cybersecurity professionals entering the field last year contributed to the narrowing of the gap, Rosso said.
2021 Crystal Ball
With companies now possessing better insight into the financial impact Covid-19 is having on their business, and with vaccinations now ramping up across the globe, Rosso expects the 2021 Cybersecurity Workforce Study will reveal higher demand for this segment of the IT workforce.
But will that demand return to pre-Covid levels of 4 million, like in 2019?
“I was just thinking I was bold to be saying, ‘hey, it’s going to go up.’ But will it go up to 4 million? It reasonably could,” Rosso said. “It would not surprise me if we hit 4 million-plus. You can check back with me at the end of the summer and see if I was right, or totally off, but it wouldn’t surprise me.”
Asia had the largest gap with its cybersecurity workforce in 2020 and the U.S. wasn’t far behind, Rosso said.
Companies that previously didn’t operate in the cloud were rushing to the technology to support their remote workforce and remote operations during the pandemic. As a result, they also started to realize they were not staffed up to an appropriate level to keep their systems safe and secure, and this realization will drive 2021 cybersecurity hiring, Rosso noted.
“When we did the workforce study, 34% of the respondents said they felt their organizations were at an increased risk just because they had moved everybody to a remote working condition, even though they only saw an 18% increase in cyber incidents during that time,” said Rosso.
Top Cybersecurity Skills Needed
Cloud computing security, as a result, topped the list of skills that cybersecurity professionals wanted to focus on in the next two years, according to the (ISC)² 2020 Cybersecurity Workforce Study.
“If I were pursuing a cybersecurity position and looking for something that I wanted to be really relevant, I would look at the cloud security space,” Rosso said, adding,“I would look beyond application-specific training and look for something that’s going to help me think about managing a cloud ecosystem, because I don’t know of any organization that runs on only one kind of technology. They run on an ecosystem of technology.”
Employers, meanwhile, currently are undergoing an interesting phenomenon where they are not necessarily sure which type of cybersecurity professional they need to hire, Rosso observed.
Demand for IT professionals with a Certified Information Systems Security Professional (CISSP) certificate currently outstrips the available U.S. talent pool, Rosso said, adding, while employers initially think they want all their cybersecurity team members to have a CISSP certification, it’s not realistic nor necessary in all cases.
“We think there’s a lot of education to be done with businesses to help them navigate this big workplace gap in cybersecurity. We want them to understand what level of qualifications they need for different cybersecurity roles within their organization,” Rosso explained. “Organizations really have to start looking inside, if they’re big enough, and say who might be best suited to upskill or re-skill into the cybersecurity roles that are needed.”
Since the pandemic hit, a dip in cybersecurity certifications has turned into a wave of demand since December, Rosso said.
Glass Half Empty or Full?
Despite the decline in the 2020 cybersecurity workforce gap, Rosso noted cybersecurity professionals should not lose sight of this one metric as they reflect on last year and look toward the rest of this year.
The unemployment rate for cybersecurity positions remains virtually at zero.
“Effectively, the unemployment rate with cybersecurity is zero,” Rosso said. “If there are 3.5 million cybersecurity professionals around the globe and a gap where we need 3.1 million or 3.2 million, that’s still a huge gap that needs to be filled.”
Dawn Kawamoto is a freelance writer and editor. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET’s News.com, InformationWeek, TheStreet.com, AOL’s DailyFinance, The Motley Fool, Dice.com and Dark Reading.