Job prospects are booming in cybersecurity as the industry struggles to attract enough qualified staff. These shortages are undermining the security industry’s ability to protect organisations and businesses from a sharp rise in data breaches, computer viruses and ransomware. By 2022, there will be a shortfall of 1.8 million cybersecurity workers globally, according to the Global Information Security Workforce (GISW) study. And the US Bureau of Labor Statistics predicts a 36% increase in demand for cybersecurity staff by 2024, twice the level of demand for other digital workers. The lack of supply is pushing up salaries, making cybersecurity one of the most lucrative careers in technology. Almost three quarters of UK security professionals earn more than £47,000 a year and 39% earn more than £87,000, says the GISW study.
Cyberattacks are becoming more frequent and more serious. This year’s unprecedented WannaCry ransomware attack affected 230,000 computers in 150 countries. A spike in cybercrime is being fuelled by malware-for-hire, which makes it easy for criminals to launch cyberattacks with computer viruses rented online.
“The new threats stem from the sheer number of devices connected to the internet and the logistical problems of managing those and making sure they have the right security systems,” says Cisco System’s Martin Lee.
He says the industry is seeking staff with “Sherlock Holmes-type” investigative skills to identify and fight off threats: “The industry is increasingly looking for people who are monitoring what is going on and using the tools that are available to spot when something looks suspicious, then being able to investigate that. The key skill is this sense of wanting to find out why – why is this like this, why did it go wrong and what are we going to do about it.”
When Lee started in the industry 15 years ago, there were about a dozen pieces of malware appearing every day. Now, that rate has increased to 1.5m a day. “When there are a dozen pieces, you can do a lot of the detection code-writing by hand,” he says. In the future, most of the donkey work of monitoring and protecting systems will be done automatically through machine-learning algorithms. This will require staff to develop algorithms while others find new ways of combating the criminals and seeking out vulnerabilities in their systems.
Some 87% of cybersecurity workers globally did not start out in the industry, according to the GISW study – but many of them had worked in other areas of technology before gaining enough experience to enter this highly specialised field. But, due to the looming shortage of staff, the cybersecurity industry is calling on the current generation of digital natives to get involved and join the fight to save the internet from the cybercriminals.