ISACA Research Reveals Tightening Cybersecurity Labor Market

ISACA has been surveying the cybersecurity field.

What's the old proverb? Keep your friends close and your skilled cybersecurity employees closer? That seems about right in 2022. Cybersecurity has both a skills gap and a directly related hiring gap. There aren't enough skilled cybersecurity professionals entering the job market. Ergo, competition for those available is fierce.

Employers who don't hang on tight to the cybersecurity professionals already on the company payroll are apt to find themselves back in the business of looking to hire skilled cybersecurity professionals. It's just not the right time to drive a hard bargain on salary demands, or skimp on benefits.

The increasing supply-and-demand-driven scarcity of skilled cybersecurity professionals is a key point raised in the newly available State of Cybersecurity 2022 report compiled by cybersecurity and IT governance professional association ISACA. The eighth annual report is based on a survey of more than 2,000 cybersecurity professionals worldwide.

ISACA data indicates more than 60 percent of businesses are having problems both filling cybersecurity job roles and retaining employees hired to fill those roles. Survey respondents report that the process of finding a qualified cybersecurity employee typically takes more than six months. In the meantime, about two-thirds of employers are fielding understaffed cybersecurity teams.

The wild competition for qualified personnel has definitely initiated a self-perpetuating cycle: The top reason that cybersecurity professionals who participated in the survey gave for leaving their jobs is recruitment by other companies. If you're skilled and reliable, then there's no shortage of employers who want to make you a godfather offer.

It's definitely a seller's market for skilled cybersecurity professionals, and employers are most interested in individuals with extensive prior experience. On the other hand, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources, and Cyberoperations (to go by the full name of the ISACA report) reveals that certification is the next-most important factor in cybersecurity hiring.

Did you hear that, current and aspiring cybersecurity professionals? If you're looking to break into the cybersecurity field — if you don't have extensive professional cybersecurity experience already, in other words — then the most important thing you can do to get yourself on the hiring radar is get certified.

There's also evidence that you need to have a solid grasp of communication and interpersonal relations. According to State of Cybersecurity 2022, after cybersecurity, the most important skill set that employers are looking for is soft skills. Don't think you can just wall yourself up in a cybersecurity bunker and ignore everyone else.

The full State of Cybersecurity 2022 report is available online.

Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author

GoCertify's mission is to help both students and working professionals get IT certifications. GoCertify was founded in 1998 by Anne Martinez.