A number of factors are combining to make IT hiring more difficult. This includes a COVID-19 induced reticence about returning to work, insistence from companies that employees return to the office, and of course, a skills shortage.
Teams Are Struggling
A surge of cyberattacks has companies scrambling to step up security and IT hiring. Yet these resources are becoming difficult to find, according to a study by Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). It found that 57% of the nearly 500 organizations surveyed noted a worsening cybersecurity skills crisis.
“For business and cybersecurity professionals, the data should be seen as a set of guidelines for maximizing cybersecurity investment, improving cybersecurity job satisfaction, and aligning cybersecurity with the business mission,” said Jon Oltsik, an analyst at ESG.
Among the study’s key findings:
- 62% respondents experienced rising workloads for the cybersecurity team
- 38% have unfilled open job positions
- 38% also noted high levels of employee burnout
- 95% said the skills shortage has not improved over the last few years
- 44% said the skills shortage worsened
Skill Shortages Abound in IT Hiring
There are general shortages of personnel within IT and cybersecurity. But there are acute shortfalls when it comes to cloud security, analytics, security investigation, and application security. The sad part of the situation is that while businesses are well aware of the shortages, they aren’t investing or acting in a way to remedy it.
Read more: How a Cybersecurity Incident Hurts Your Brand
“There is a lack of understanding between the cyber professional side and the business side of organizations that is exacerbating the cyber skills gap problem,” said Candy Alexander, Board President, ISSA International. “Both sides need to re-evaluate the cybersecurity efforts to align with the organization’s business goals.”
The study found that almost two thirds of respondents felt their organization could be doing more to address the cybersecurity skills shortage. To emphasize the lack of effective action, 38% said failure to offer competitive levels of compensation was the biggest factor in the skills shortage, with three quarters of organizations confessing to difficulties in recruitment.
To make matters worse, a third of CISOs said they would be willing to bail on their current organization if someone offered more pay.
A disconnect between HR and IT seems to lurk behind some of the hiring and skills shortage woes. In the survey, 39% believe more investment in cybersecurity training for candidates and new hires could help ease the situation. The vast majority of organizations failed to pay personnel for the recommended 40 hours of training per year.
Job postings, too, were problematic. Some felt that HR tends to aim to high in requirements, demanding too much from experience, qualifications, certifications, and specific technical skills. Yet such lofty requirements often don’t marry up with the annual salaries offered to applications. The result is long waits before anyone is hired.
Read next: Are Your Containers Secure?