The 21st century has been marked by unpredictable events, whether it’s disruptive technology, banking crises or geopolitical upheaval. The only thing that can be predicted with some degree of certainty is that businesses will continue to face significant and often existential crises in this globalised digital age will continue unabated. It’s also safe to say that cybercrime could be one of the greatest. Rob Phelps looks deeper. 


With so many high profile hacks and data breaches in recent years (along with the countless security breaches suffered by business not big enough to make the news), it should alarm anyone reading this to discover that the world is facing a recruitment crisis in IT security industry of gargantuan proportions.

How this has come about and what the business community at large can do about it, is something I’d like to talk about today. First though, let’s put the problem into perspective.

Just how bad is the Cybersecurity Job Crisis?

The scale of the growing deficit of skilled IT Security personnel is significant to say the least. To give you a sense of the growing scale of the problem, there are today around a million job offerings unfulfilled in the IT security sector. A 2015 report by Frost and Sullivan for ISC² puts this shortfall at 1.5 million by 2020, with another report from the ISACA (see infographic below) putting that figure at 2 million as soon as 2019. In an industry that’s predicted to be worth $101 billion by 2020, that’s a pretty big chink in the business world’s collective armour.


The problem is even more acute when you factor in the growing sophistication of cyber criminals as well as the involvement and financing of cybercrime by state actors and terrorist organisations, many of which may have motives beyond the purely financial. In many senses, this can and should be seen as an arms race and right now, it’s one the good guys are losing.

How did this IT Security Crisis come about?

It’s difficult to say why the gap has opened up between the threat and the ability for the business world, as well as national governments and NGOs, to recruit enough personnel to deal with it. Much of it may come down to the inability for businesses to truly appreciate the scale of the problem and adapt accordingly. Unlike projections based on economic or financial models, the speed and scale with which the threat has evolved has been difficult to predict and has therefore blindsided many businesses.

Another factor in the emergence of the crisis is the inability for the private and public sectors to recruit from a diverse talent pool. The reason for this may lie in the fact that many business leaders still see cybersecurity as just another function of IT, instead of a rapidly evolving area that requires strategic planning and business-wide input. This myopia may be causing businesses to neglect nascent talent from outside traditional career paths or professional backgrounds.

What can Entrepreneurs and Small Businesses do?

Despite the gloomy predictions concerning the recruitment shortfall, there is a lot that the business world can do and I’m not just talking about the FTSE100 companies of this world. Entrepreneurs and small businesses can do their fair share as well. Below I’ve listed four areas in which changes can be made to begin addressing the issues.

  • Revamped recruitment strategy
    The frontline of the battle against cybercrime for any business is at the recruitment stage. Businesses looking to future proof their IT infrastructure against malicious and increasingly sophisticated cybercriminals would do well to look outside of the normal career paths and educational backgrounds when sourcing talent. Whilst robust IT knowledge is par for the course, investigative, inquisitive and creative skills are necessary for the kind of strategic deliberative thinking involved in the top IT security jobs.
  • Local business networking
    Information is power in the fight against cybercrime and this means looking at how your company can help and benefit from local business networks. Information sharing, whether it’s on the latest viruses and online scams, to more intelligent ways of working, will benefit others but they will encourage reciprocation and in turn benefit you. Involvement should also extend beyond the local business community to schools and educational institutions in an effort to encourage involvement in a sector that is crying out for talented individuals.
  • A holistic approach to CPD
    Continued professional development in IT often fails to expose individuals to other areas of the business. With data security so integral to almost every business function in the 21st century, exposing IT security recruits to other areas of the business, will prep them for the more demanding IT security roles that require holistic thinking that takes into account everything from corporate strategy to supply chain management.
  • IT security gurus
    For smaller businesses, it may not be necessary to take on a full time IT security expert. An alternative could be training up one of your existing staff to act as your company’s IT security guru. As your business grows, this individual would become instrumental in directing your recruitment policy and in training up new IT staff, ensuring your IT team are fit for the cybersecurity challenges that await them.

The Path to a Job in IT Security

Once considered a function of IT departments, there are now many standalone roles available in the IT security industry. For individuals looking to get into this field, there are a number of steps they can take. The career pathway to an IT security role is challenging and requires a solid soft and technical skillset, dedication and a commitment to continual learning and educating others. For those willing to put in the hard work though, there is certainly no shortage of job vacancies that will need filling and the rewards can be considerable (with some cybersecurity software engineers earning more than a CSO).

I’ve broken down the career path to a cybersecurity role into ten distinct areas, which I’ve detailed in this infographic:



About the Author: Rob Phelps is the owner and founder of UK based Cyber Security Jobs and He has over a decade’s experience working in the cyber security industry, helping UK businesses source and recruit professional cyber security experts. You can contact them on LinkedInTwitter or Facebook

powered by Typeform