New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled IT workers in America, as he has asserted at hearings over the past two years, but talk to most CISOs and they will confirm that when it comes to cybersecurity talent in particular, the skills shortage is very real.\n\n\u201cThere\u2019s no doubt about it,\u201d says John Masserini, CISO at equity derivatives marketMIAX Options in Princeton, N.J. \u201cWe\u2019ve had two positions open for three months now,\u201d a security operations center analyst and a security engineer position. The company\u2019s location between two major metro areas \u2013 New York City and Philadelphia \u2013 makes the competition for cybersecurity talent especially tough, he says. Meanwhile, the firm\u2019s security workload keeps growing. \u201cI already know that by the end of this year I\u2019m going to have a couple more openings,\u201d he says.\n\nThe cybersecurity unemployment rate dropped to zero in September, according to research firm Cybersecurity Ventures. The global demand for cybersecurity workers is expected to reach 6 million by 2019, with a projected shortfall of 1.5 million qualified security pros. More than half (57 percent) of organizations today say that finding and recruiting talented IT security staff with the right skill sets is a \u201csignificant\u201d or \u201cmajor\u201d challenge, according to a survey by Osterman Research for Trustwave. The new White House administration could make finding cybersecurity talent even tougher.\n\nThe Trump administration intends to bolster the nation\u2019s cybersecurity, but at the same time it\u2019s looking to revamp the country\u2019s H-1B visa program, a huge source for bringing specialized IT talent to the U.S. The administration has floated the idea of replacing the current lottery system for issuing H-1B visas with a merit system, in an effort to recruit only the \u201cbest and brightest\u201d talent for the most in-demand IT skills and to keep well-paying IT jobs in American hands.\n\nThe skills, education and experience that would garner additional merit have not been discussed publicly, but some cybersecurity leaders and industry-watchers say that special consideration should be given to H-1B visa applicants with cybersecurity skills to help fill critical positions.\n\n\u201cU.S. businesses are thriving. In this hyper-expansion mode, you can\u2019t get everything perfect. You need people to plug those security holes,\u201d says Chris Schueler, senior vice president of managed security services at Trustwave. \u201cWe need to tap into those skills where they exist, and a lot of them don\u2019t exist in the U.S.\u201d\n\nToday, few H-1B visas are used for IT security positions. Visas for information security analysts, for instance, made up .3 percent of all H-1B visas issued for IT jobs, with a mean salary of $99,708, according to data from the U.S. Citizenship and Immigration Service and analysis by Janco Associates. Network and computer systems administrators, who account for 1.9 percent of H-1B visa holders in IT jobs, also bring some security skills, \u201cand may also fill some security analyst positions,\u201d says M. Victor Janulaitis, CEO of Janco. Those H-1B admins earn a mean salary of $76,233, according to the Janco report.\n\nIn general, all H-1B visas are meant to be merit-based, but if cybersecurity talent were given a higher priority than other IT jobs, it wouldn\u2019t be the first time an occupation received special treatment, says Rosanna Berardi, managing partner and U.S. immigration lawyer at Berardi Immigration Law in Buffalo, N.Y. \u201cCurrently, there\u2019s a shortcut to getting a green card for certain occupations that the government has designated to be in short supply and are critical to the U.S. economy,\u201d Berardi says. \u201cMost of them right now are related to medical skills.\u201d\n\nFederal legislation, such as the Nursing Relief for Disadvantaged Areas Act of 1999, created a special visa classification to encourage more foreign-born nurses to come to the U.S. to deliver care in rural communities.\n\n\u201cIf there is truly that volume of need, then perhaps the tech industry could flex some muscle and get cybersecurity on that list,\u201d Berardi says.\n\nNot for everyone\n\nNot every U.S. company would welcome H-1B security professionals, says Janulaitis. \u201cMany C-Level executives do not feel comfortable with security being done by non-U.S. workers who are not on shore or are outsourced,\u201d he says. \u201cWhen they have a choice, the idea that an H-1B is responsible for security is not one they relish unless there is some assurance that they will remain with the company.\u201d\n\nSome leaders believe that using an H-1B employee who is a contractor gives them less control and agility when responding quickly to cyber attacks, Janulaitis says. \u201cOn the other hand, companies like Microsoft and Apple offer real opportunities for security specialist and are hiring for the long term.\u201d Both companies have a long-term view for their visa employees and have good internal training programs in place \u201cwith real career paths for the best-of-breed technologist that they hire with H-1Bs,\u201d he says.\n\nToo early for some to weigh in\n\nMeanwhile, several cybersecurity industry organizations that could potentially play a role in advocating for more cybersecurity workers in the H-1B visa program remain tight-lipped. (ISC)2, a global, non-profit with 123,000 members, specializing in educating and certifying information security, declined to discuss the program. The Center for Internet Security, which focused on enhancing the cybersecurity readiness and response of public and private sector entities, also declined comment, as did the Information Systems Security Association (ISSA) a community of international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.\n\nThey\u2019ll have plenty of time to make their case, as this year\u2019s rules are already in place. U.S. Citizenship and Immigration Services will begin accepting new H-1B applications on April 1, and the new H-1B visa recipients can\u2019t start working until Oct. 1, 2017.\n\nA renewed push for cyber education\n\nRegardless of whether cybersecurity skills get special treatment in the H-1B visa program, one of the potential benefits from this renewed push for cybersecurity and the attention brought to the cybersecurity skills deficit may be greater investment in U.S. education.\n\n\u201cIt\u2019s evident that we\u2019re not investing as a country in these [cybersecurity] skills\u2026 but there really has never been a push to fill our needs domestically. Now there is motivation,\u201d Schueler says. \u201cThere will be a lot of short-term pains,\u201d but Schueler believes the result will be more funding for university cybersecurity programs. Janulaitis hopes he\u2019s right.\n\n\u201cWe need an educated population of college graduates who focus on both math and the science,\u201d Janulaitis says. \u201cIt is much easier to grow our skill base if we have the professors who can teach those subjects. China, for example, is graduating more students from it universities in robotics on an annual basis than we have in total.\u201d\n\nU.S. students should also occupy more of the advance degree slots at U.S. universities than H-1B visa holders do, he adds. \u201cIt is not the U.S.\u2019s role to educate the world,\u201d Janulaitis says.