After reading the ISC 2024 CyberSecurity Workforce Study ( If you are interested in this topic and you haven’t already it will only take 15 minutes ) I wanted to share my opinion with a short article.
I am an ISC2 member (because I have a cybersecurity certification) and I think is still one of the most reputable organisations focused on Cyber Security.
What you will read below are my professional opinions (not of my employers one) of an IT professional and developer who worked closely or related to cybersecurity space for ~20 years.
Demographics
I will start by analysing (in the Appendix of the survey) the demographics of those who responded :
- mainly employed by Large Organisations (Company size 1000+ people >61%),
- a Manager or Executive ( >51%),
- part of the internal security staff of the company (62%),
- can hire employees ( 49%)
- older than 35 years old (>83 %),
- more importantly, is based in the US (>46%).
Economy and AI have changed the previous forecasts
The survey reflects changes in the landscape due to the economy and AI. Already at the second half of 2023, we have already seen across the IT industry and Cyber Security is strictly coupled with IT in general, so at least for me that would have been easy to guess.
What I would say is finally also showing that the growth of the demand for cyber professionals and the forecasts of 5/6 years ago was too “optimistic” and probably now are going to be more “realistic”.
The figures around the Workforce GAP I think are still too high considering the majority of the audience should be capable and in a position to reduce this workforce gap if there is a real need in the market.
Conclusions: Where are small/medium businesses?
My humble opinion is that until individuals and small/medium businesses won’t prioritise cybersecurity as a functional requirement and bake it into every single service they purchase or sell we won’t have the demand for those double-digit figures for hiring cybersecurity professionals.