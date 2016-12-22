Over the last year, I (along with others on my team) have received numerous inquiries regarding a “talent crisis” that is brewing in the information/cyber security industry. Organizations continue to have critical security needs but cannot fill them because of a perceived lack of qualified candidates available. The U.S Bureau of Labor Statistics recently pointed to hundreds of thousands of unfilled cybersecurity-related jobs in recent years. Other reports by various cybersecurity vendors advise leaders that the average time to fill a position is closing in on nine months. Of course, escalating salaries aren’t helping this cause and demand is continuing to rise.

I do not doubt the accuracy or scope of the above assessments. In fact, I am co-authoring a research note* (to be published next month) that accepts this reality and provides short and long term actionable advice for Gartner clients. One of the many angles this research will tackle is our industry approach towards “talent”.

When looking at various job postings, I noticed the long list of requirements that an organization looks for in a candidate. A notable example was a Security Architect posting that was partly responsible and accountable for performing scheduled VM scans. Another example was that of a Cybersecurity Analyst posting that was deemed entry level but required a CISSP and 5-7 years of experience.

The Cybersecurity Talent Shortage…. is a myth?

