Shortage of cybersecurity workers is a problem that will solve itself, study says


The Rand Corp. report predicts the high levels of compensation in the cybersecurity field will be enough to lure more workers to its ranks. As the supply of these skilled workers increases, the pay packages will begin to be less eye-popping. (Damian Dovarganes/ASSOCIATED PRESS)

Talk to any recruiter in the Washington region and they will tell you cybersecurity jobs are among the most difficult for them to fill. Workers with the right skills are relatively hard to come by, and in a labor market dominated by the federal government and its contractors, they are in especially high demand.

Companies, universities and government entities are all focused on finding ways to close the gap: Educational partnerships. Hackathon competitions. Internal corporate training programs. A regional task force.

But the Rand Corp. argues in a study released last week that this problem — which has prompted so much action — will solve itself.

Study authors Martin C. Libicki, David Senty and Julia Pollak examined existing studies on the cybersecurity workforce; interviewed government agencies, defense contractors and security firms; and looked at labor economics research to try to get a handle on the nature and scope of the cybersecurity worker shortage.

Based on that compendium of information, they predict that the high levels of compensation in this industry will be enough to lure more workers to its ranks. As the supply of these skilled workers increases over the long term, the pay packages will begin to be less eye-popping.

The report forecasts that cyber­security pay will not dip below where it was in 2007, when a rash of high-profile Internet attacks made this field seem more essential.

But the authors do predict that pay will cool off from where it is now.

The authors say that this balance “may take some time to achieve,” and they are careful to state that, indeed, demand for cyber professionals is intense right now.

“Our assessment does not refute this position — good cybersecurity professionals are in high demand — but it suggests that these fears be tempered, that many forces are at work to fix the situation, and that the case for additional effort beyond that is not particularly strong,” they write.

The report also determines that the hardest-to-fill cyber­security positions call for forensics, code-writing and “red-teaming,” or thinking like an attacker to figure out a system’s vulnerabilities.

Their interviews led them to conclude that the cybersecurity worker shortage is most deeply felt at the upper reaches of the field: They estimate that the workers who are hardest to find are those who would be paid more than $200,000 per year.

One unsurprising finding? That the federal government has perhaps the hardest time attracting top cyber talent.

The study suggests that this is because government salaries make it hard to compete with the private sector on compensation.

Capital Business is The Post’s weekly publication focusing on the region’s business community. For more Washington business news, go to www.capbiz.biz.

Sarah Halzack is The Washington Post's national retail reporter. She has previously covered the local job market and the business of talent and hiring. She has also served as a Web producer for business and economic news.
Comments
Show Comments
Most Read Business