Why Recruiting Cybersecurity Talent Is Like Looking for a Needle in a Haystack

Read Time 2 minutes

Enterprises looking to beef up their cyber resilience face major challenges in on-boarding cybersecurity professionals due to a huge shortage of skilled resources in the market. According to industry reports, the number of unfulfilled security roles is expected to cross 1.5 million by 2022. It is projected to get worse in the future.

Compounding the problem for CISOs are the challenges with existing cybersecurity staff, who face high levels of job-related stress and burnout, due to daunting workloads along with long hours of work.

Why Recruiting Cybersecurity Talent Is Like Looking for a Needle in a Haystack

Since security policies followed when working from home are less stringent compared to working from a secure office environment, organizations are at increased risk of data breaches and ransomware attacks today.

How do newly minted cybersecurity graduates stack up?

A cybersecurity engineer is expected to have core skills in network technologies, Linux and Windows operating systems, computer architectures, common exploitation techniques, cryptography, and virtualization. Some knowledge in creating automation scripts is essential as well.

SAN Institute did a survey of over 500 cybersecurity practitioners to identify the skills most lacking in job candidates and the results are alarming.

Skill areaPercent of cybersecurity job candidates who were unable to perform even basic tasksPercent of cybersecurity job candidates who demonstrated hands-on mastery
Common exploitation tachniques66%4.5%
Computer architectures47%12.5%
Data and cryptography30%2%

The cybersecurity training industry needs to evolve and focus more on providing hands-on training in virtual labs or cyber ranges to build real-world skills relevant to business. Industry certifications need to go hand-in-hand with practical, real-world skills needed for the job.

Red hot jobs in Security Operations

The Security Operations team is responsible for ensuring that the operations of a company’s digital infrastructure remain cyber resilient. Some of the highest-paying jobs are in security operations, as skills availability is an ongoing challenge.

In demand are Red Team roles, which include web and mobile penetration testing, exploit development, and reverse engineering. Key Blue Team roles in demand include threat hunting, incident handling and response, malware analysis, and digital forensics.

Although Red Team roles have a halo around them, the Blue Team roles are where you can find the majority of the jobs in security operations.
Specialized training and certifications for Red and Blue Team roles are highly valued in industry and are worth the investment.

Check out our elite Red and Blue Team training courses and certifications here.

*** This is a Security Bloggers Network syndicated blog from Blog – Cybersecurity Workforce Training on the Frontlines authored by Harish Bhat. Read the original post at:

Secure Coding Practices