The serious talent shortage in the information security workforce shows no sign of waning: The Center for Cyber Safety and Education says that employers must look to millennials to fill the projected 1.8 million positions that are estimated to be unfilled by 2022.
This is an increase of 20% from the 1.5 million worker shortfall forecast by the Center’s 2015 Global Information Security Workforce Study (GISWS).
“For years, we’ve known about the impending shortage of the information security workforce, as evidenced by our study year-over-year,” said David Shearer, CEO, (ISC)², which sponsored the report. “For the first time, we’re taking a deep dive into the millennial respondents, and we’re finding that they want different things in terms of job satisfaction and career paths. They truly are the future of cybersecurity, and I believe they hold the key to filling the well-publicized information security workforce gap.”
One of the largest studies of the information security profession ever conducted, the 2017 GISWS was carried out from May through September 2016 by Frost & Sullivan, using a web-based survey. Since its first release in 2004, the GISWS provides a complete profile of the information security workforce, with a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitudes toward information security that is of use to governments and corporations, hiring managers, and information security professionals.
Among the findings is the fact that millennials salaries are not the highest priority for millennials. However, they received higher salary increases than other generations. What they do want is career development, including: Sponsored mentorship and leadership programs; paid-for attendance at industry events; training programs; and employer-paid professional certifications and association memberships.
The report also found that millennial workers are more likely to change employers than other generations; and, they’re more likely to aspire to become security consultants than move into managerial roles within an organization.
“Millennials will and in many cases are already critical players who enable the success of our collective cyber defense,” said Angela Messer, executive vice president at report sponsor Booz Allen, and the firm’s cyber-innovation business leader and cyber-talent development champion. “To attract, retain and empower these millennials, it’s clear from the Global Information Security Workforce Study that our industry must be innovative not only in its tradecraft, but also in how we support this next generation of information security professionals. At Booz Allen, we provide opportunities for skills development by offering traditional training and covering certification or advanced degree program fees, as well as non-traditional learning opportunities, such as our Kaizen capture the flag platform and hacker space labs.”
The report also found that the UK is in a particularly bad spot. Two-thirds of UK companies have too few cybersecurity personnel, with 47% claiming the reason is a dearth of qualified applicants. But many organizations seem to be shooting themselves in the foot by refusing to hire and train inexperienced recruits. Some 93% said previous cybersecurity experience is an “important factor” in hiring, and just 6% said they recruit university graduates.