Cybersecurity jobs are booming. Where’s the talent?

With millions of unfilled cybersecurity jobs, why organizations that go all in recruiting diverse employees will stay competitive.

By Joanna Burkey, CISO, HP Inc. — March 4, 2021

Given my role assessing cybersecurity risks at HP, it might not surprise you if I list the biggest security challenges of the past year: the massive and sudden transition to remote work made workflows more complex, and also made companies vulnerable in wholly new ways. That’s against the backdrop of a 600% increase in cyberattacks on cloud infrastructure and a 6,000% increase in phishing attempts.

What might surprise you, however, is a part of my job that will continue to be challenging long after the pandemic has passed — bringing in talent to stay ahead of these threats. Allow me to bust a popular myth: that cybersecurity professionals must be technical wunderkinds, hoodie-clad prodigies who can crack a password in six seconds with time to spare for an energy drink. Far from it.

While highly technical roles are key, on average they make up less than a third of a healthy cybersecurity organization. Just look at my own career trajectory: I come from a technical background, but as a software engineer, not a security researcher. I have expertise in divergent areas such as product strategy, security evangelism, business development, and engineering management. And I use these skills every day as a leader at HP.

With an estimated 3.5 million cybersecurity jobs globally that are likely to go unfilled in 2021, there’s much more room under the “big tent” of this industry than people think. To be successful in the future, we need to invite people who have expertise not just in technical roles, but also in risk management, business analysis, sales, deal support, and even marketing and communications.

Dark blue illustration of heads with coding to represent talent in cybersecurity.

Adam McCauley

There's room for people from all different types of professional backgrounds under the "big tent" of cybersecurity hiring.

That means opening up to mid- or late-career employees, people who’ve pivoted from other industries, historically underserved populations, workers with non-traditional degrees, and those who were forced out of their jobs by the seismic economic shifts from the pandemic.

As the world has become more digital —  augmented by the explosion of data and capabilities offered by advances in technology such as 5G, the cloud, open source code, and infrastructure-as-a-service — there are now very few areas that do not touch cybersecurity in some way. That’s a little scary, but it’s also a terrific opportunity.

Chief information security officers (CISOs) and their organizations are increasingly called on to be business partners across the enterprise due to many parallel factors:

    • Customers are more educated and discerning about security.

    • Business partners want to feel confident that B2B connections are safe.

    • The global regulatory landscape continues to get more complex.

    • Each piece in the supply chain is aware of the interconnected nature of its operations — and inherent risks.

Together, these trends mean that a CISO and their organization have to be aware of what is going on “out in the business” by fostering lateral movements from other departments in and out of the cyber-security organization.

As the world has become more digital, there are now very few areas that do not touch cybersecurity in some way.

Similarly, there is also a need for an array of experience levels. Just because an individual may not have in-depth cybersecurity-specific knowledge, other capabilities may prove more important — knowledge of a given enterprise environment, experience in a complementary field, or creativity in strategic vision and long-term planning.

Diversity in any field is a strength, and cybersecurity is no exception. Since the core goal of cybersecurity is to anticipate and combat a broad field of remote attackers, complementary diversity in the field itself is not only a benefit, but a requirement.

HP is sponsoring efforts with HBCUs (historically Black colleges and universities), organizations such as Black Girls Code and Boys & Girls Clubs of America, and minority-owned suppliers in order to create more opportunity for diverse talent and also to get the word out about current needs. HP’s Cybersecurity organization is proud to sponsor annual scholarships for cybersecurity students at Prairie View A&M University and the University of Queensland, Australia, in order to open more doors across the industry. And the company recently formalized its partnership with the Information Technology Senior Management Forum (ITSMF), the only national organization dedicated exclusively to cultivating executive talent among Black technology professionals, when HP Chief Information Officer Ron Guerrier recently joined as a member. He is now a co-executive sponsor of HP’s strategic partnership with them, which aims to increase inclusion and diversity in senior technology managers.

HP is, however, an outlier. Less than half of companies participating in the ISACA 2020 Cybersecurity Study said they have diversity and retention programs to recruit women and racial minorities into cybersecurity roles.

Diversity in experience, skill sets, and identity is not only a moral imperative, but will ensure that the reality of a cybersecurity career grows to be more expansive. The only non-negotiable requirement is a passion for making the world safer — no hoodie required.


RELATED: How new tools, practices, and technologies could help reverse massive pandemic job losses for women.