Cybersecurity labor crisis expected to continue through 2021. Credit: Thinkstock *Disclaimer: Steve Morgan is founder and CEO of Cybersecurity Ventures.Last summer the Cybersecurity Business Report pointed out a severe cybersecurity workforce shortage. The numbers haven’t changed much since then. There’s still roughly 1 million job openings in 2016 — which is expected to reach 1.5 million by 2019. The Palo Alto Research Center reports that, by 2019, the demand for cybersecurity professionals will increase to approximately 6 million globally.Cybersecurity Ventures announced last week that the cybersecurity unemployment rate has dropped to zero-percent. What does this mean for cybersecurity employers, recruiters, workers, and job hunters? A few industry experts put the cyber labor crisis in perspective, and offer suggestions for filling the open positions.Two job openings for every candidate Cyber luminary John McAfee, founder of Future Tense Central and CEO at MGT Capital Investments (NYSE MKT: MGT) says, “The field of cyber security is the least populated of any field of technology. There are two job openings for every qualified candidate.”Small pipeline of security talent Robert Herjavec, founder and CEO at Herjavec Group, a Managed Security Services Provider with offices globally, says, ”Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic. Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the Black Hats.”Candidates don’t match job specsGary Hayslip, deputy director, CISO for the City of San Diego, Calif., and author of the book ‘CISO Desk Reference Guide, A practical guide for CISOs‘, says, “Organizations at times are trying to hire a unicorn – i.e. they need three people but can only hire one so they write the job specs with a huge list of disparate skill sets that most security professionals don’t have.”Robert Herjavec, founder and CEO at Herjavec GroupCandidate, know thyselfFrank Zinghini, founder and CEO at Applied Visions, Inc. (AVI), a software developer providing cybersecurity solutions to government and commercial enterprises globally, says, “The kind of person who is comfortable sitting in a Security Operations Center (SOC) monitoring sensors and looking for attacks in real time is different from a forensic analyst who enjoys poring through log files in search of signs of an adversarial presence in the network. Similarly, those who enjoy attacking web apps to help the developers see if they left anything unsecured are not likely to be interested in (or capable of) analyzing the source code itself for patterns of weakness. These and many other disciplines are all within the realm of cyber security; anyone interested in a career in this area needs to understand the differences and choose a path that suits them.” Salary inflation and sub-par candidatesCyber Security Executive Recuriter Veronica Mollica, who has 14 years of experience in the field and is currently vice president of business development at CyberSN, says, “Non-existent unemployment may be good for candidates, but not for employers. “While zero-percent unemployment rates sounds optimal, it creates a lot of challenges for organizations including retention issues, salary inflation, and sub-par candidates getting jobs they are not qualified for. Companies are going to have to invest heavily in training young cybersecurity professionals who have a combination of technical, business, and soft skills as the talent gap widens.”Cyber grads entering the workforce“I believe there’s a number of people coming out of school with cyber degrees and they can’t get jobs because of minimal experience” says Hayslip. “Whether they like it or not they need to take those entry-level positions and mature as a security professional. Just because you have a degree doesn’t equate to a high-paying position – you have to work for it and many times that means you take the junior positions and get experience.” U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs last year. These (entry-level) positions offer a median annual salary of approximately $90,000, and pay more than six-figures in New York, California, and Virginia, according to the U.S. Bureau of Labor Statistics. BLS states employment of information security analysts is projected to grow 18 percent from 2014 to 2024.Recruiting cyber experts at hacking conferences“The U.S. currently possesses the largest and most talented pool of cyber security specialists in the world” states McAfee, referring to the higher end of the market which includes senior candidates possessing many years of deep domain cyber experience. “These specialists congregate multiple times each year in various locations, culminating in the annual DEF CON Conference, comprised of upwards of 50,000 specialists. These specialists compose our Hacker Community.” McAfee’s point? Employers should skip the job boards and send their recruiters and hiring managers to the major cyber events including the RSA Conference, Black Hat, and others.More cybercrime creates more job challengesWhile hiring practices, candidate expectations, and recruiting strategies all play into the cybersecurity unemployment rate, the biggest contributor is cybercrime. CSO recently reported a prediction that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion last year. Another CSO blog shares a forecast that the world will spend more than $1 trillion cumulatively over the next five years – from 2017 to 2021 – on cybersecurity products and services to combat cybercrime. These figures will surely lead to more unfilled jobs, and even more pressure on employers to fill them. Related content feature Cyber NYC boosts the Big Apple's cybersecurity industry New York City Economic Development Corp. launches Cyber NYC to foster public-private partnerships focused on building a vibrant cybersecurity community and talent pool in the largest U.S. city. By Steve Morgan Feb 06, 2018 6 mins Internet Security IT Skills Careers opinion Young girls are society's future cyber crime fighters There are lots of opportunities for girls in cybersecurity. The problem is they don't know what those opportunities are. Parents and guidance counselors can help. By Steve Morgan Feb 05, 2018 5 mins Internet Security IT Skills Careers analysis Why healthcare cybersecurity spending will exceed $65B over the next 5 years Hospitals and healthcare providers remain under cyber attack, causing organizations to spend more to protect their systems and patient data. By Steve Morgan Feb 02, 2018 15 mins Data Breach Cyberattacks Hacking news Cybersecurity M&A deal flow: List of 200 transactions in 2017 Rising tide of mergers and acquisitions in the trillion-dollar cybersecurity market. By Steve Morgan Jan 26, 2018 35 mins Data and Information Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe