How to Make it Through a Cyber Security Shortage


In the 21st century, with the world’s dependence on cyber-infrastructure and IT professionals, no one would have thought that a shortage of cyber security professionals would be possible. But it is possible, and it is currently underway, with potentially highly damaging consequences. Issues such as impending doom for online data with no defense against the growing army of malicious hackers[1], causing havoc worldwide, are prime examples.

Some problems that contribute to this matter include:

  • Supply and Demand
  • Education vs. Experience
  • Barrier to Entry

The current supply shortage is exacerbated by an outdated status quo of hiring only 4-year degree-educated personnel. However, there exists a vast, passionate workforce that didn’t attend college. Therefore, companies place limits on themselves by holding a firm barrier to entry that HR departments must remove by adopting a new hiring strategy.

Supply and Demand

Cyber security is currently in low supply and high demand, according to a 2020 study on the phenomenon. The paper concludes that there is currently a shortage of approximately 3 million qualified professionals[1]. In addition, the report states that many cyber security services are concerned that Covid-19 will further impact the online integrity of most companies. This is because they often include cyber security as a value-added expense when money is available. 

While demand for qualified security staff is extremely high, there is a considerable gap in the workplace. 56% of those surveyed believe the current shortage will put their business at risk[2]. However, some say the issue lies not with a lack of qualified professionals but the excessive requirements of being “qualified.”

Education vs. Experience

Currently, a newly qualified cyber security expert is expected to hold a 4-year degree level certification. However, holding a degree doesn’t necessarily indicate competence, skill, or even intelligence. And there are many skilled and talented individuals who did not attend a college that are more than capable of performing cyber security tasks effectively[3]. Their skills are based on real-world experience rather than outdated, classroom theoretical exercises.

What a degree requirement essentially does is closes the door on these individuals. The firm ‘no’ and a disregard for demonstrable skills in favor of a piece of paper welds a pretty substantial barrier to entry for millions of talented people that didn’t have the means or opportunity to attend college, but are skilled nonetheless. This is a frustrating waste of access to an experienced pool and an unfair disadvantage to passionate individuals who might otherwise be a precious asset.

Barrier to Entry

A degree-level education is a valuable experience for anyone, but it isn’t a requirement. One solution to the current shortage that is expected to worsen is to remove the barrier to entry. For example, suppose you are in dire need of talented cyber security professionals. You could consider an adjustment to your hiring strategy that offers a role to a skill-based, qualified person in addition to degree-educated post-graduates.

This would aim to fill in the gaps in the talent pool where skilled experts are required. The multiple roles of cyber security are vast and diverse. Additionally, suppose there is anything that a newly hired employee or potential candidate lacks. In that case, companies could do more to become the example by offering extensive training and education that addresses their specific requirements. This could reduce dependencies on college students and effectively shorten the gap between available talent and real-world cyber security needs.

In Summary

There is currently a shortage of around 3 million cyber security experts available for hire. This is primarily due to the outdated hiring practices of most companies that are willing to accept only degree-educated personnel. In essence, this exacerbates the shortage since there is a vast and untapped potential of skilled candidates. Uneducated yet motivated, passionate, and skilled individuals are more than capable of fulfilling a cyber security role.

The degree requirement placed during the hiring process only serves to stymie the addition of qualified talent to a business in dire need of an expert. By removing this unfair and outdated barrier to entry, companies would potentially allow those who deserve it and will perform their job admirably. However, it would also aim to slowly close the concerningly wide gap between supply and demand in a worrying cyber security shortage.