So you want to add a talented and certified cybersecurity specialist to your team?
It won’t be easy.
Want that competent professional to have some actual security experience?
That could be next to impossible.
Recruiters are aggressively targeting candidates with credentials like Certified Information System Security Professional, Certified Information Security Manager, GIAC Security Essentials Certification and Certified Ethical Hacker.
So much so, that unemployment among cybersecurity professionals last year was literally zero, according to research firm Cybersecurity Ventures (CV).
“(CV) projects $1 trillion will be spent globally on cybersecurity from 2017 to 2021," the company said in its recent Q4 jobs report. "Driven by the dramatic rise in cybercrime, the ransonware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally.”
The report projected that the number of unfilled cybersecurity jobs will swell to 1.5 million worldwide by 2019.
The findings are in line with an April 2016 report by CompTIA, which suggested that an inability to acquire cybersecurity talent is hampering the revenue potential of IT services providers and other channel firms.
About 46 percent of small- and medium-sized channel companies reported minor to major gaps in the security skills they need to serve customers, while 38 percent of large firms (50 or more employees) reported a skills gap.
However, just 42 percent of channel companies made recent hires to narrow the gap, while 57 percent secured partnerships with other channel firms. Nearly 7 in 10 companies (68 percent) trained existing employees in the new skills.
Evidence indicates that some MSPs might be offering security services they can’t actually deliver, the CompTIA study found.
“A modern security approach does require a broad mix of products and services, and channel firms should be sure that they can support this mix beyond simply stating that items are available for purchase,” the report states.
Such keen global demand for scarce talent means that many hiring managers find themselves bringing on cybersecurity professionals with no experience whatsoever.
In a recent article for Workforce.com, an associate professor of information security at Georgia’s Kennesaw State University described one student from his CISSP preparation boot camp, who had no prior security experience.
“She took the course, passed the exam and had a cybersecurity job a week later,” Humayun Zafar told the publication, suggesting some employers are overly reliant on certifications.
The article advises managers to include IT staff or outside consultants in the vetting process, and ask pointed questions about how the candidate would respond to various security threats.
Send tips and news to [email protected].