• United States



1 million cybersecurity job openings in 2017

Jan 06, 20173 mins
CareersCyberattacksInternet Security

CIOs and CISOs need to cross-train IT workers to fill cybersecurity positions, and it won't be easy.

Group of people waiting for interview
Credit: Thinkstock

A Forbes story in January 2016 reported there were 1 million cybersecurity job openings in 2016. Some things are worth repeating. There are 1 million cybersecurity job openings in 2017, give or take. Not much has changed over the past year.

Can armies of interns close the cybersecurity skills gap? asked a Fast Company story in September of 2016. Not likely. In the U.S., and internationally, there’s not enough cybersecurity grads — or computer science grads with cyber credits. In the U.S., students can graduate from some of the top computer science programs with little to no cybersecurity courses.

For every cybersecurity grad, there’s a job. But that will only put a small dent in the number of entry and lower end positions which include titles such as information security analyst.Those people play important roles by monitoring screens of information displaying abnormalities and alerts, and other tasks. However, it’s the experienced mid-level to senior cybersecurity specialist positions that are the most daunting to fill. 

The top experts in the cybersecurity field are in a candidate’s market with numerous reasons to be looking around. Retaining them, and recruiting others is where the rubber hits the road for the heads of IT and security teams.

So, what’s a CIO or CISO to do? Hiring college grads for some positions is a no brainer. Outsourcing aspects of security will reduce some of the burden. Consolidating the number of point security tools will help. Shifting some of the IT infrastructure to the cloud will shift partial security responsibility to the cloud provider. Next generation security solutions promise to cut down the staffing burden — but there’s a big time gap involved with evaluating, selecting, buying, and implementing them.

After all that, the smartest and most effective IT leaders are still going to find themselves in a cyber personnel pickle.

Cross trainers IT workers on cybersecurity holds out the greatest promise for filling the more experienced cybersecurity roles. A whole book can be written on the topic. But there’s only a blog post’s worth of space here… just enough to deal with Step. 1 — which is for CIOs and CISOs to assess their IT workers and see which ones might have an aptitude for security — and a baseline understanding of it (assuming of course, they can be spared from their current duties).

To oversimplify, but there’s sure to be some take away material here — interview the pre-qualified candidates (potential cross-overs) one-at-a-time.

Who’s hacking our network? The IT workers who can answer that question with two or more hacker types should proceed on. Those who fail to answer correctly should return to their desks.

Then fire away with the best of these 200 most commonly asked IT security interview questions, posted as a free resource by Skyhigh Networks.This will help narrow down to the IT workers who can think like hackers, and who possess the soft skills to combat them.

Who’s left standing? Call them cybersecurity workers and deduct that number from one million. If enough CIOs and CISOs are cross training their IT workers, it may bring down the global cybersecurity job opening figures. If not, then there will be 1.5 million openings by 2019. Now train those people!


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.