Cybersecurity jobs take up to six months to fill, and most candidates are unqualified.
A new study from the Information Systems Audit and Control Association (ISACA), has found that more than 20% of cybersecurity firms receive less than five applicants a year, and that more than half of the available job positions take between three to six months to fill. Of the applicants, less than 25% of applicants are even qualified for the job.
This is troubling news, though not surprising for IT managers, who have surely felt this issue for a while now. The problem isn’t money, either, according to Eddie Schwartz, an ISACA director and also EVP of cyber services at security vendor DarkMatter. “We continue to see a lack of qualified candidates, even though companies are offering extremely competitive salaries, higher than other IT jobs.”
The report was created using data gathered from an email survey to ISACA members around the world. It found that the most important qualifications which seemed to be missing from applicants was not training per se, but hands-on experience with cybersecurity. Schwartz believes the future of the industry will see less applications composed of standard CVs listing training, or general security questions, and more live-fire security simulations that can put applicants’ skills to the test. “If you’re an apprentice, they’d be more rudimentary, but if you’re an expert you’re going to be asked to work in more advanced scenarios,” Schwartz says.
Schwartz also says that educators and employers need to change how they train Millennial and Gen Y workers, noting that the results of the survey make it clear that the equation to bringing out new security professionals needs a fresh approach. “They prefer just-in-time training and ratings like the ones in gaming systems,” Schwartz says. “They’re all about how they can continually gain knowledge and how they rank relative to their peers.”