Halfway through 2020, the United States is still reeling from the COVID-19 pandemic as the number of new cases continue to climb and the lasting economic impact of the virus has yet to be seen. Unemployment rates are the highest they’ve been since the Great Depression, reaching a peak of 20.5 million unemployed Americans in April. While most industries have felt the effects of stay-at-home orders and new restrictions, particularly those in the food service, travel, and entertainment industry, organizations across most industries are still actively hiring for technology and cybersecurity roles.
When we last looked at the impact of COVID-19 on cybersecurity jobs, we were encouraged to see that just over 261,000 jobs related to cybersecurity had been posted signifying great resilience within the industry. Now that an estimated 62% of the workforce has transitioned to working from home and organizations have realized a host of new vulnerabilities, there’s been an increase in hiring for cybersecurity roles. This breakdown shows the number of open cybersecurity roles based on LinkedIn’s job postings over the last three months.
- April 2020: 261,545 open positions
- May 2020: 244,140 open positions
- June 2020: 348,082 open positions
Cybersecurity’s Resurgence
In terms of hiring, and in relation to the 22 industries listed in LinkedIn’s Workforce Report for Q2, the Software and IT Services industry has made an impressive comeback month-over-month.
Layoffs and hiring freezes were prominent in March, with an industry average decline of -10.94% for hiring changes month-over-month. Contrary to Software & IT Services, which experienced a decrease of just -0.8%, or a +10.14% difference compared to all industries. Since then, we’ve seen a drop to -0.35% and an increase of +7.21% in hiring for Software & IT Services in April and May respectively.
Where we’ve seen the greatest rebound in openings specifically for cybersecurity positions falls under the healthcare and financial services industries, with at least 120,000 and 115,000 openings reported on LinkedIn since June 18th. Other notable industries include Information Technology and Services (114,000+), Retail (85,000+), and Computer Software (77,800+).
Hospitals and healthcare systems in particular have been hit the hardest since the rapid spread of COVID-19, having to manage the influx of patient intake, a decline in revenue from other billable services, and cyber attacks. Attacks have resulted in losses ranging from patient data breaches to a complete shutdown to an organization’s network and operations.
A Tech Exodus from Major Hiring Hubs
Since the stay-at-home order made its way through the U.S., big tech companies have made strides to make remote work a permanent solution for their employees while also cutting direct costs. This has created an opportunity for employees to relocate elsewhere. A recent LinkedIn Workforce report cites evidence showing that technology hubs such as San Francisco have been experiencing a “tech exodus” where people are relocating to other metropolitan (or not-so-metropolitan) areas.
Most notable on the transplant lists from San Francisco are Seattle and Austin, where 7-8 out of every 10,000 workers have relocated within the last 12 months. Obvious motivation seems to stem from the high cost of living in the Bay area–the cost of living is 20% lower in Seattle and a whopping 49% lower in Austin, TX.
More affordable but still highly-populated cities stand to see the greatest influx. The cities below have experienced a significant intake of new workers and boast high number of cybersecurity job openings:
- Denver, CO: (+3%) 6,337 open positions
- Seattle, WA: (-3.4%) 5,574 open positions
- Phoenix, AZ: (+11%) 4,089 open positions
- Austin, TX: (+9%) 3,686 open positions
Less densely populated cities like the ones below are also showing strong hiring numbers, some at even greater proportions:
- Tucson, AZ: 2,210 open positions
- Colorado Springs, CO: 1,883 open positions
- Dayton, OH: 1,599 open positions
- Albuquerque, NM: 1,306 open positions
While the transformation to remote work benefits employees, it has the opportunity to change the game for employers as well. Organizations no longer have to limit themselves to hiring new talent within a limited physical proximity. This physical proximity component has created an inability for companies to always hire the most diverse talent for the position.
In two separate reports from (ISC)², 24% of respondents who identify as women and 26% of individuals who identify as a person of color (who do not self-identify as White or Caucasian) make up the current cybersecurity workforce in the United States.
Therefore, this helps increase the likelihood that organizations can more aggressively pursue diversity and inclusion initiatives given that people of color, women, or other underrepresented groups may not have previously had access to cities with the highest cost of living in the country.
Satisfying Their Own Demand
Organizations may be ready and willing to hire cybersecurity talent at growing rates, but they will likely be disappointed in what they find. The talent shortage that plagued the industry for over a decade is still right where they left it earlier in the year.
The cybersecurity talent gap was an issue well before COVID-19 hit the streets. Databases like CyberSeek have been documenting and tracking the outsized demand and relatively stagnant supply for years now.
A smaller talent pool means fewer applicants. Approximately 298,000 (86%) of the cybersecurity job openings have garnered fewer than ten applicants–while other department listings can average in the hundreds. Of those, 52% were for promoting open entry-level positions. This statistic raises several questions: How will organizations hire for all of these positions from a limited talented pool of cybersecurity professionals most of whom have experienced job security through the pandemic and economic downturn?
For one, organizations can hire within. Many organizations overlook the possibility of transitioning workers from other business areas (including IT) into cybersecurity. This practice, referred to as “cross-skilling,” provides an alternative to traditional hiring and recruitment, plus adds an opportunity for companies to create more diversity in a field that is far less diverse than other areas of their company. Organizations who invest in adequate training for any motivated individuals may find a cost-effective and productive way to find the talent they need and provide new avenues for advancement among employees that may have been forced to look outside the company within their existing roles.
Second, organizations can look beyond simply those with undergraduate degrees in cybersecurity or computer science and pursue individuals of different backgrounds and experience levels. Respected industry certifications like CompTIA’s Security+ or the Associate of (ISC)² CISSP (equivalent for candidates lacking five years of job experience) can and should provide an indication to employers that a candidate is worth an investment even in lieu of the degree.
Being proactive in updating job descriptions, clearly defining job roles and career paths, as well as providing training opportunities to upskill and reskill employees gives organizations the greatest chance of acquiring and retaining the best talent. For some organizations, these tasks are no easy feat. Resources are available for CIO’s, CISO’s, and IT Managers to help optimize onboarding, assessment, training and development for their teams.