Are we facing a cyber security jobs recruitment crisis?

Rob Phelps
Owner & Founder | Cyber Security Jobs
24th November 2017

A serious data breach will cost the average UK business a staggering USD$3.1 million. No business is immune to cyberattacks, as demonstrated by the 2017 ransomware attacks which crippled the NHS.

Stories of big businesses, organisations and even governments being hit by cyberattacks are rarely out the headlines in fact. Add to the direct costs of a data breach the potential legal costs imposed by the new General Data Protection Regulation (GDPR), which will have an upper limit of €20 million or 4% of global turnover for companies which fail to protect sensitive data, and you can see why cyber security experts are in high demand.

So high is the demand, in fact, that there is a 0% unemployment rate for cyber security professionals and a predicted 1.5 million cyber security positions that will be left unfilled by 2019, according to ISC².

How can Individuals Break into the Cyber Security Job Market?

With such a huge demand for cyber security professionals, the rewards and jobs are there for the taking, to those with a desire to break into the industry. The first thing to do is to understand what are the entry level roles and the career paths you can take. Cyber security is a broad and burgeoning industry with numerous distinctive roles, from Security Engineer and Security Analyst all the way up to Chief Security Officer (CSO).

There are several steps that you can take to get into the cyber security industry, regardless of experience.
These include:

  • Research more about the field and familiarise yourself with what’s involved
  • Get qualified with a recognised course, such as CEH (Certified Ethical Hacker) and the Global Information Assurance Certification GPEN (Certified Penetration Tester) Certificates
  • Acquire a Rounded Skill Set
  • Gain additional experience through an apprenticeship or internship
  • Get as much work experience as you can
  • Join a professional association like the IISDP  (Institute of Information Security Professionals)
  • Take the cyber security challenge
  • Set up your own testing site to get some hands on experience and prove your worth to future employers
  • Network with people in the industry

The IT industry has become very focused on certification over the past decades and there is certainly no quick or simple path into a cyber security role. The vast majority of security certifications demands at least two years of direct experience before you can even try to pass the test. 

Of course it’s not all about hard IT skills though. An IT background is important but not essential, as those working in highly analytical roles may possess many of the soft skills the industry is crying out for. If you have experience in any line of work involving complex problem solving, data modelling or analysis, investigation, or security practices, you have some skills that many in the IT world lack, which directly relate to cyber security.

For these individuals, the key will be proving your IT skills, which makes a technical diploma or conversion course a relatively quick pathway toward a cyber security role. Once you have an IT qualification, your past work experience and differing viewpoint to many ‘IT only’ employees can make you a valuable asset.

What can Businesses in the West do to combat the Cyber Security Shortage?

With almost 75% of businesses believing there is a good likelihood of them being hacked, it’s important that organisations, both inside and outside the cyber security sector, work together. While business may lack cyber security professionals, there is no shortage of individuals who are willing to learn how to better protect their businesses and others who are keen to work toward cyber security certifications. 

There are lots of things businesses in the West can do. These include:

  • Re-evaluate interview and hiring process:  Businesses need to carefully reconsider their hiring requirements when it comes to cyber security. Being willing to look outside of the usual educational and pathways and consider a self-taught individuals or those with strong investigative skills, but no direct security experience, can open up a potentially massive and largely untapped talent pool 
  • Build local networks: Information sharing is important and local networks are a powerful way of sharing experiences and expertise. Raising awareness around key areas of concern, such as prevalent viruses, Trojans and scam techniques is an important social role your organisation could play and will help raise your local standing and profile as an offshoot. Working with schools and educational institutions to offer work experience and training is also a good way of encouraging individuals into the industry 
  • Properly mentor new recruits: Cybersecurity employees should get a holistic understanding of the businesses critical IT infrastructure if they are to be effective and help train the next intake. You should offer new recruits exposure to different areas of your business, allowing them to work on different projects. This will help them discover where their skills can be best applied, whilst giving them a rounded understanding of the threats facing the business. 
  • Consider a cyber security guru: Instead of a full complement of security professionals, a single experienced cyber security expert augmented by some people with the IT background required to get them up to speed quickly, paired with opportunities for professional development, can move you from being understaffed and vulnerable to having a team of homegrown security superstars.

Nowadays it’s hard to find a business in any industry sector that doesn’t store most, if not all of its information and records in digital form. More commonly this information will often be stored in the cloud or on a remote server. These businesses have good reason to be concerned about the possibility of cyberattacks causing serious damage to their business. 

It isn’t all doom and gloom, though, as this massive demand leaves a lot of room for individuals to break into the booming cyber security industry, and with careful planning, savvy businesses can plan ahead and start looking to recruit the cyber security talent today that will put their businesses in good stead for the threats they may face in the future.

About the Author

Rob Phelps is the owner and founder of UK based Cyber Security Jobs. He has been working in the cyber security industry for 10 years and has helped UK businesses source and recruit professional cyber security experts.  


Kevin Borley
Some good advice in this Blog for those interested in getting into this market and become involved in a very interesting career. There is a major hole however in the scenario being faced. Whilst GDPR is headlining the Cyber market place just now (frustratingly in my view as 90% of the issues being faced have been around since the earlier versions of data protection legislation) an equally large piece of legislation called NIS will also hit the UK statue books in early May, with the same draconian impact. The NIS legislation is based on Iso 27000 family of standards. Whilst aimed at all operators of UK essential services e.g. Transport, SAAS services, Search engine companies, Utilities, Airport's, Health service providers, etc., There will be significant impact on the supply chain of all of these businesses......... Are you in that market place? To learn more go to:
  • Let us help you

    By registering your interest, we'll be equipped to help answer any questions you may have about the GDPR and provide further information about how it will affect your business

Do you want to join the conversation?

Sign up here