Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

Cyber Skills Gap Quantified in Terms of Supply and Demand

Gaining and retaining security talent is a major headache for almost all security leaders — indeed, the consensus is that the world is suffering under a chronic security skills gap. But most of the evidence for this skills gap is empirical; there is little hard evidence in facts and figures.

Gaining and retaining security talent is a major headache for almost all security leaders — indeed, the consensus is that the world is suffering under a chronic security skills gap. But most of the evidence for this skills gap is empirical; there is little hard evidence in facts and figures.

Indeed.com, which describes itself as the world’s number one jobs site, has now provided facts and figures from its own experiences. It does this by comparing security vacancies (industry demand) against click-interest (supply) from job seekers. The difference between the two figures demonstrates the size of the skills gap in terms of both security specifics and global region. Since Indeed is able to compare the difference today with the difference from two years ago, it is also able to quantify whether the skills gap is widening or narrowing.

Geographically, Israel has the highest demand (measured by security job postings per million postings). This is 89.2% higher than second-placed Ireland; 118.8% higher than third-placed UK; and 187% higher than the US in fourth place. The figures merely quantify the demand — they do not explain it. 

Indeed.com postulates that the strong demand in Israel comes from the country’s position as second only to the US as an exporter of security goods and services, combined with the emphasis it places on security in general. Ireland could figure so highly because of the tendency for multi-nationals to site their European headquarters in the country (according to Ireland’s investment agency, “over 1,200 companies… have already chosen Ireland as their strategic European base.”)

An implication from the US figuring so far behind Israel and Ireland could suggest that the US skills gap is smaller than elsewhere. This is to some extent proven when Indeed compares demand to supply (measured by the difference between the jobs postings and interest in those vacancies). Indeed measures the gap as the percentage of interest against vacancies. With this metric, the higher the percentage, the less the gap: ‘100%’ means that supply matches demand.

Here the US scores relatively well, with 66.7%. Israel fares worst at 28.7%, while the UK is second worst at 31.6%. Of the countries included, only Canada has a smaller skills gap than the US, scoring 68.1%. The US and Canada are the only countries where job-seeker interest is more than 50% of employer demand.

It’s not all bad news. In some countries the skills gap is shrinking. In Ireland the mismatch between supply and demand has improved by 14% since 2014. In the US it has improved 7%, and in Israel 5%. But in some countries it is widening: in the UK by 5%, in Brazil by 11% and in Canada by 12%.

“It would be nice to think that the continued media spotlight on cyber security has boosted awareness of the field and the number of professionals entering it,” postulates Indeed.com. “But it is too soon to say whether these slight improvements represent the beginnings of a turnaround for global cybersecurity hiring.”

Advertisement. Scroll to continue reading.

The methodology chosen by Indeed.com provides granularity into security specializations. This shows that even where there has been an overall improvement in the skills gap, there still remain hotspots of demand. Job-seeker interest in cloud security only meets 9% of demand in Ireland despite Ireland’s overall improvement. Even in the US, supply only meets 22.9% of demand.

Application security is similarly problematic, as supply only meets 20.6% and 36.5% of demand in Ireland and the US respectively. And it is far worse in the UK at a meagre 8.5% of employer demand.

Despite this, there are some specialties where supply exceeds demand; the skills gap has become a jobs gap. There is more interest in security administrator positions than available vacancies in Ireland; and more interest in ethical hacker positions than jobs in both the UK and the US. Both of these jobs gaps are, however, dwarfed by CISO interest in the US; which scores a supply to demand mismatch of more than 200%.

The skills gap details in this report only highlight the gap itself — the reasons are beyond the scope of the report. Nevertheless, it demonstrates that industry has a long way to go to close the gap. In the meantime, new technologies that require their own brand of security — such as IoT — continue to emerge. While we are still trying to catch up with the present, the future will present new difficulties; and the likelihood is that new and major breaches will continue to be revealed for many years to come.

Related: Report Shows Few Solutions to Filling Cyber Skills Gap

Related: The Harsh Truth of the Cybersecurity Talent Gap

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Phishing

Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how...

Management & Strategy

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into...

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.