Where To Find Cybersecurity Help: Addressing The Security Expert Shortage

September 3, 2020
Steve Fox

In 2021, global cybercrime will cost companies $6 trillion. From application vulnerabilities, social engineering and malware, to insider threats, and stolen passwords, our lack of cybersecurity is a real and pervasive problem.

One of the issues is that we still simply don’t have enough security talent available to fight back against cybercriminals. Cybercrime Magazine says next year we’ll need about 3.5 million more security experts than we will have available. It’s an untenable problem at a time when the risk is higher than it’s ever been. How can your company address the IT security talent shortage?


The shortage of IT workers starts in schools, where there simply aren’t enough students entering the field. Security Magazine says, “Not enough interest is being generated at the middle school and high school levels in STEM.” They go on to say, “Cybersecurity should have been a Bachelor of Science degree 15 years ago.”

This of course means that we’ll have fewer technical graduates than we need for years to come. The result is that we are:

  • Missing the qualified security engineers that we need on the job market.
  • Leveraging practitioners who are under-skilled.
  • Probably using tools that our teams don’t fully understand.
  • Lacking the security oversight needed to fully mitigate cybersecurity risk.

All of this means that when you try to hire a security professional to shore up your team, your company is probably waiting months to find the right person. Even during an economic downturn, these professionals are few and far between. This puts more pressure on the teams you do have, making them retention risks. What can you do?


These days, when looking for IT security talent, it’s important to think outside the box. Some suggestions include:

  • Develop relationships with local universities. Offer internships to college or security boot camp students, with a hiring track upon graduation.
  • Search IT organizations or forums such as CISSP to look for security candidates.
  • Organizations should consider hiring from within and providing additional training. Your existing developer pool could have one or two with interests in the security space. Consider training them and moving them onto the security team.
  • Make sure you consider veterans or military personnel as a resource pool.
  • Consider stretching your existing resources by automating security functions whenever possible.

Generally, it’s a good idea to look for crossover skills and invest in training new hires or existing team members in the rigors of cybersecurity.

It’s also a good idea right now to consider a third-party vendor to assess your current systems and gauge the level of risk to your organization. These professionals can set up training programs for your IT teams and for employees to help create a culture of cybersecurity that will keep workers aware of the latest threats.

For nearly a decade, Security Pursuit has partnered with organizations to help keep their data safe. We specialize in bridging any gaps in your existing security team, up to and including cybersecurity training to shore up their skills. Talk to our team today.

join our email list