While the cybersecurity sector continues to suffer from high skills shortages, there’s no doubt that this year has been a smoother ride than anticipated.
The estimate was for there to be a shortfall of 14,100 vacancies but in reality there were 11,200 according to the Cyber Security Skills in the UK Labour Market 2023 government report, although this could be attributable to some degree to a slow turnover among the workforce due to the cost of living crisis and higher inflation which saw many choose to stay put.
So, what’s in store for 2024 and how can businesses build some resilience into their workforce planning?
Growth will boost budgets
Firstly, it pays to remember that the skills shortage is cumulative which means year-on-year the shortage is intensifying. Moreover, an increase in demand for cyber roles of 30% and growth in employment of 10% over the course of 2022 indicate demand is also on the up. As a result we can expect to see the shortages of skilled cybersecurity employees start to bite next year. Businesses will no longer be able to keep doing what they have been doing and recruit from the same small pool of talent and recruitment strategies will have to become more creative in a bid to identify raw talent if security teams don’t want to be left short staffed.
With inflation easing to 4.6% in Q4 2023, the focus will be on boosting economic growth and that’s likely to translate into an increase in cyber spend. Budgets will get a boost as organisations seek to compete for talent and invest in automated technologies to help lighten the workload of the security team. However, as Generative AI and automation gains ground and roles become augmented, we can also expect to see remits change. There’s liable to be some consolidation in roles with the cybersecurity professional becoming responsible for more activities that require human intuition or analysis while technology does much of the more mundane work and/or offers possible solutions.
AI transforms the recruitment process
AI has long been a part of recruitment but the emergence of Generative AI is now seeing the technology used by candidates too. AI apps are providing candidates with ready crafted replies during interviews, for example. Next year we can expect to see the industry self-regulate with specific clauses in agreements against AI-generated CVs and AI-lead interviews.
Use of AI technologies such as an ATS (Application Tracking System) and/or Recruitment Management System (RMS) is also now widely regarded as problematic because it creates a hidden workforce, exacerbating the skills shortage. These systems are used by 58% of UK businesses, with more than 90% of employers using their RMS to initially filter or rank potential middle-skills (94%) and high-skills (92%) candidates, according to the ‘Hidden workers: untapped talent’ report from Harvard Business School.
Used to filter through CVs and applications, the technology has been criticised for excluding applicants that have been out of the workforce or unconventionally trained but strong candidates that don’t use key search terms. Candidates have tried to bait the system using whitefonting in the past because it’s viewed as such an obstacle. In 2024, we’ll see a move away from this technology towards more intuitive forms of filtering using the natural language processing (NLP) associated with Generative AI. This will enable recruiters to put forward candidates that have the aptitude if not the qualifications needed for specific roles.
The sector seeks to increase retention by reducing stress
However, the sector still has work to do in preventing attrition by addressing stress levels. We remain on track to realise Gartner’s prediction of 50% of cybersecurity leaders changing jobs and 25% leaving by 2025. Thus far that exodus has been tempered by the cost of living crisis but as inflation stabilises and confidence returns there will be an exodus at the top. Given the years of experience needed to fill these roles, this could seriously destabilise security teams and stall security projects.
Finally, let’s end on an optimistic note as we welcome in the New Year. There’s now widespread recognition that new entrants need to be encouraged to enter the sector to counter the skills and workforce shortages and 2024 is likely to see the emergence of more low cost or free training schemes to boost intake. Industry bodies have already taken proactive action with the likes of (ISC)2 offering a million free entry level certification courses and exams while in the US a number of universities have launched free online courses. Advances in the provision of courses online mean this is now a viable low cost alternative so next year we can expect to see more subsidised or free training in a bid to attract more people into the sector or to upskill professionals to fill those roles that are in high demand.
Jamal Elmellas is Chief Operating Officer at Focus on Security, the cyber security recruitment agency, where he is responsible for delivering an effective and efficient selection and recruitment service. He has specific expertise in and is adept at designing and delivering secure, scalable and functional ICT services.
Prior to joining Focus on Security, Jamal built a successful Security consultancy and undertook the role of CTO. He was responsible for delivering secure ICT services for both government and private sectors. He has also fulfilled the role of Lead Security Architect and Assurance practitioner within sensitive government departments and blue organisations.
Jamal has almost 20 years’ experience in the field and is an ex CLAS consultant, Cisco and Checkpoint certified practitioner.
