Sobering news on the cybersecurity hiring front: More than 20% of organizations get fewer than five applicants for an open security job and more than half of all positions (55%) take at least three months to fill with a qualified candidate.
Of those who do apply, fewer than 25% are actually qualified for the posted job, according to a new ISACA report released at last week’s RSA Conference in San Francisco.
It won’t surprise anyone in IT management to learn that it’s extremely challenging to fill open jobs in information security. But the ISACA’s report on the state of security hiring quantifies those challenges more starkly.
The source of the problem doesn’t appear to be money, says Eddie Schwartz, an ISACA director and also EVP of cyber services at security vendor DarkMatter. “We continue to see a lack of qualified candidates, even though companies are offering extremely competitive salaries, higher than other IT jobs,” Schwartz says.