Experienced cybersecurity professionals are difficult to find. And once you manage, they will ask for quite a sum of money that will make you wonder whether you really need to bring a cybersecurity expert onboard.

According to the recent 2021 (ISC)2 Cybersecurity Workforce Study, cybersecurity professionals are satisfied with their jobs and earn as much as $119,00 in North America.

However, despite the job being so satisfactory (a statement that so many people doing the job would strongly disagree) and ‘strongly compensated,’ the field of cybersecurity still lacks about 2,7 million professionals. Although, the cybersecurity skills shortage gap has narrowed over the past year from 3,1 million.

There are approx. 4,2 million professionals in the field right now. So it means we need almost twice as many to satisfy the current needs. Why are cybersecurity experts in such high demand? Well, if you lack them, you are at greater risk of cyberattack, as well as things like slowly patched critical systems, misconfigured systems, rushed deployments, and so on.

Some experts say we will not solve our problems by throwing more people at them and argue we should rely on technology more for protection. Meanwhile, we ask cybersecurity headhunters if cybersecurity professionals are nowhere to be found.

Charles Pritzl and Patricia Field from the ManpowerGroup detailed how they are hunting for cybersecurity specialists and what they are doing to make skills shortage less of a problem.

Cybersecurity lacks millions of professionals. Are they really nowhere to be found?

Charles Pritzl: I would say yes and possibly no. One of the things that I’ve been seeing is that many companies will say, ‘I want a professional that has five to ten years of IT or cybersecurity experience.’ That area is complex right now. It is challenging to find them. And if you do find them, they’re commanding a pretty good pay rate. What I think companies need to start looking at is, you can’t focus on ‘give me a four-year education, five to ten years of service.’ You have to look at their skills, certifications to some extent, and their ability to fit into your culture. You almost have to grow the professional a little bit in your organization.

Why don’t companies then start growing from within? Find the people you have in your organization, train them up, don’t sit around and say, ‘oh, we are not finding anyone.’ Do something about it, find those people internally, skill them, and get them on their way to that cybersecurity space. You can get a very good person who can do the work, has the base knowledge that can come to speed very quickly, and fills those positions. Maybe the high-end ones, yes, you want to focus on those multiple years of education. But looking at it a little differently might help companies until the education system catches up with the demand.