Why is it so hard to recruit cybersecurity experts?


Cybersécurité: the first constats

According to a recent report into workplace efficiency published by Gartner this summer, 65% of companies employ a cybersecurity expert as an integral part of their workforce. This is a positive sign, highlighting both technological progress made whilst equally underlining the challenges to be overcome in the field, given that a third of companies studied still lack sufficient cybersecurity capabilities (the Gartner study interviewed 3,160 IT management teams across 98 countries). This led Sam Olyaei, the report’s lead data analyst, to remark that

“it’s alarming to see that a third of the world’s companies don’t have a dedicated cybersecurity team”.


Lack of resources in cybersecurity

To explain this lack of resources, the report found that recruitment was often to blame;

  • be it due to the cost of maintaining cybersecurity systems (up to $250,000 per year in the USA, for example),
  • or that it traditionally didn’t form part of the company’s operations,
  • or simply that it isn’t possible to fill cybersecurity posts due to a lack of “available talent”.

That said, the cybersecurity market is booming, with over $114 billion invested in an ever-evolving sector so far. It is thought that 60% of company security expenditure is now dedicated to detecting and resolving online security threats, thus creating an array of new jobs for the young coders of the future.


A cybersecurity forum dedicated to recruitment

In France, there is currently a recruitment initiative supported by some of the country’s largest companies: a forum dedicated to sourcing cybersecurity experts which will meet for its second time on November 6th, 2018 in Paris (and again on November 21st in Rennes – see  for more details). With the event anticipating over 1,000 potential candidates and some 300 companies, what needs to be done to draw in the experts of the future?


What skills and qualities are required in cybersecurity trades?

A search of some specialised websites and job postings allows us to group together the main skills and desirable qualities sought by employers:

  • On a personal level, it’s not surprising to find candidates detailing their naturally-curious personality, tact and “diplomacy”, along with their flexibility and always switched-on availability.
  • On a more technical level, the list can often become (very) long which is inevitably constrained by the format of job applications, though often they will reel off their ability to master the software architecture of systems and networks, data handling, programming languages, IT security procedures, operating systems, all without forgetting their English and interpersonal skills!

The job openings vary vastly and require an equally diverse skillset, often extending beyond that of one particular industry. They often require candidates to demonstrate that they can identify potential flaws in systems, as well as use cryptology to reinforce security. Essentially, they need to know everything, about everything!

So where are our future experts coming from?

Which schools can provide sufficient, up-to-date training today to guarantee the jobs of tomorrow? It’s perhaps easy to see why today so many companies are outsourcing their cybersecurity work, even in an era where personal data confidentiality remains a major issue for their clients.


To discover : Does the risk of cyberattack only pose a threat to the data of private companies?