The What, Why, and How: The Cybersecurity Skill Shortage -
  • Home
  • Blogs
  • The What, Why, and How: The Cybersecurity Skill Shortage

The What, Why, and How: The Cybersecurity Skill Shortage

The great resignation is the talk of the town. Professionals are resigning, while companies struggle to find talent to replace them.

The great resignation is the talk of the town. Professionals are resigning, while companies struggle to find talent to replace them. A very small poll done by our VP of engineering on LinkedIn (n=26) suggested that 85% of the respondents were facing skill shortages in their companies. While this sample size holds no statistical power, there are other samples that do. Of particular pertinence to us is the skill shortage prevalent in the tech industry. Gaper has to keep a close eye on these disequilibriums since, well, it is our job to help businesses create tech teams when they find it difficult to do so (whether due to skill shortage or any other reason). This article explores the recent decline in the availability of professionals in the cybersecurity niche – a very critical part of a lot of tech functions.

What is the cybersecurity skill crisis?

There are nearly 600,000 cybersecurity job openings in the US alone. This includes major government and corporate bodies that are quite literally facing an anti-hacker crisis.

In their 2021 report titled, “The Life and Times of Cybersecurity Professionals 2021”, ISSA/ESG describes the situation as a “downward, multi-year trend of bad to worse”. The survey they did lists down the following consequences of this problematic trend:

  • 62% reported increased workload for the cybersecurity team
  • 38% reported an increase in related vacancies
  • 38% also reported a high burnout among staff
  • 95% of the survey responses indicated that the dearth in cybersecurity skills along with its accompanying consequences has remained unresolved
  • 44% are of the opinion that the situation has actually taken a turn for the worse

According to the report, there are also three main areas of cybersecurity that are affected by the skill shortage:

  • cloud computing security
  • security analysis and investigations
  • application security

Why does the skill shortage exist in the first place?

One would be inclined to think that the skill shortage exists because there are not enough people that possess these skills. The problem however may lie at the end of the employers as well.

A major reason cited by the report is that perhaps this profession is grossly undervalued by the very people that demand it. 38% of the respondents to their survey felt that a lack of competitive compensation was a major reason why companies were failing to attract and keep professionals in this field. 33% of CISOs choose to leave one company for another because of better compensation packages.

Secondly, another factor cited by people that work in this field is the lack of learning opportunities offered by companies to their teams. 39% of respondents felt like better steps with regard to cybersecurity training could be taken. However, 21% of those surveyed did not complete the standard 40 hours of training in the year as nearly half of them could not afford to undertake it themselves.

The thing with cybersecurity is that professionals must continue to polish their skills as often as possible. What was in vogue last year is easy prey for malicious attackers this time. There are people whose past times and/or professional roles involve breaching the security boundaries of other digital spaces. These parties are one of the most resilient and determined actors of the internet world. If you find a way to tackle their mischief (and understated adjective), they will come up with another way to render your efforts fruitless. Cybersecurity, therefore, is one of the more difficult and unforgiving work areas to keep your skills relevant in.

To wrap these points up, the respondent data indicates that HR departments seem to have very little clue about what cybersecurity job roles actually entail. This leads to poorly thought out hiring criteria and recruitment processes. ISSA’s report suggests that 29% of professionals in the fields find that HR in their company is likely to reject skilled applicants just because the department personnel do not have an appropriate understanding of the skillset required. 25% also found that job advertisements for cybersecurity positions were impractical and expected an unreasonable level of experience, technical skill, and certifications from candidates.

How can we tackle the cybersecurity skill shortage?

For starters, we can start addressing the factors identified by data-driven research as described above. We cannot expect the supply side to adjust itself to equilibrium if the demand side does not fix certain important variables that are under their control.

For starters, companies need to be more cognizant of the importance of cybersecurity talent i.e. compensate the critical nature of their work with competitive salary packages. Secondly, it would pay dividends in the long run if companies are open to some sort of skill-building investment at least once a year.

A major overhaul is also long due in the way that HR deals with cybersecurity positions. In addition to being taught to expect a realistic level of skill and experience from applicants, HR departments also need a better awareness of what the actual job description should be and what the objective and goals of these positions are.

And while the HR side of things is being revamped, it would also help to allow cybersecurity teams to integrate better with other departments in the company that include, but are not limited to, business development teams, directors, and the legal team. A little understanding and collaboration between these functions of a company actually goes a long way.

As a side note, we are at a point where tech personnel need to have a certain degree of understanding about the business side of things, while those engaged in business development activities also need to be aware of the nature of tech that their company engages with. It is no longer enough to have expertise in one area but be completely clueless about the other.


It seemed that companies were able to make do with some reshuffling and redelegation of work when the skill shortage issue initially began surfacing. However, now that the problem has ballooned enough to be considered a stand-alone threat, it is high time that founders and managers are prudent in their decision-making and adopt suitable hiring and working approaches that will be able to sustain their businesses for years to come. This was a lesson that the pandemic had already taught us, yet the ideas need to be reinforced in face of a second shock – which was not as exogenous and unforeseen as the lockdowns. If you find yourself in need of a tech team or cybersecurity professionals, do not hesitate to set up a little call with Gaper.

Hire Top 1%
Engineers for your
startup in 24 hours

Top quality ensured or we work for free

Developer Team @2023 All rights reserved.

Leading Marketplace for Software Engineers

Subscribe to receive latest news, discount codes & more

Stay updated with all that’s happening at Gaper