The cybertalent crunch


Cybercriminals surely don't set out to foster job growth. Still, their actions have inspired an extraordinary hiring boom in the cybersecurity sector, as organizations worldwide scramble for project talent that can secure data and thwart hackers. For project managers specializing in cybersecurity or those looking to enter the sector, it's very much a job seeker's market.

There are 1 million unfilled information security jobs around the world, according to Cisco's 2015 Annual Security Report. And an additional 1 million cybersecurity jobs will be created between 2014 and 2017, according to the International Information System Security Certification Consortium. “The severity of the shortage is profound,” says Ken Daubenspeck, founder, Daubenspeck and Associates, a Chicago, Illinois, USA-based executive search firm.

For cybersecurity practitioners, the shortage means their skills are in demand—and their jobs are more difficult. When organizations have no choice but to hire inexperienced candidates to fill team vacancies, that puts pressure on project managers, says Peter Tran, senior director, worldwide advanced cyberdefense, RSA, Bedford, Massachusetts, USA.

“Because there is such a shortage of really good, skilled practitioners, our project managers end up having to bootstrap it,” he says. “They have to become on-the-fly experts just to get their projects through.”

Given the lack of experienced talent, Mr. Tran's firm has given project managers broad authority to keep its initiatives on track.

“We're starting to see lift in multi-threaded projects where the project manager oversees several different teams—the infrastructure side, the security side and the implementation side,” he says. “It's not easy, because you're going to have some juniors along with a couple of rock stars. The key is knowing how to blend those complementary players appropriately.”



“We're starting to see lift in multithreaded projects where the project manager oversees several different teams—the infrastructure side, the security side and the implementation side.”

—Peter Tran, RSA, Bedford, Massachusetts, USA

Building a team with the right mix of skills can require creative recruitment, given that junior-level candidates often lack formal training. Rather than study cybersecurity in college, many learned on the job either as IT professionals who gravitated toward security work or as gray-hat hackers. (Rather than maliciously violate an organization's cyberdefenses, gray-hat hackers may do so to call attention to vulnerabilities.) Such hackers are often highly skilled, but have checkered resumés. They're in high demand, however, as organizations search for forensics specialists who can reverse-engineer attacks.

“You're looking for people who have skills that in many cases were developed by doing things that are not necessarily legal and certainly ethically dubious,” says Evan Lesser, the Atlanta, Georgia, USA-based co-founder and managing director of, which connects job seekers to positions requiring government security clearances. “That makes the search incredibly difficult and complicated when considering security clearance suitability.”

In response to the challenging hiring environment, some organizations have begun building their own cybersecurity talent pipeline from scratch. The security firm Symantec estimates that 20 percent of cybersecurity jobs in the United States could be filled by candidates without prior sector experience or even a college degree. Last year, the organization launched the Cyber Career Connection, a yearlong training program to prepare job seekers for cybersecurity careers. It consists of six months in the classroom, followed by a six-month internship with Symantec or another firm. The program's first class will graduate in September 2015.

For the sector's middle tier, where salaries are rising quickly, observers expect a growing number of IT professionals to begin specializing in cybersecurity. Yet fully staffing a project team may be the easy part for organizations—the tougher hurdle may be finding the right talent to lead complex, high-stakes security projects.

For that reason, Mr. Tran says project management is critical to the industry's future—and even experienced professionals stand to benefit from project management training. “To enhance a security analyst's ability to effectively manage client engagements, you invest in getting them a Project Management Professional (PMP)® credential as part of their career development,” he says. —Steve Hendershot




Related Content

  • PMI Case Study

    Fujitsu UK member content open

    This case study outlines the learning framework Fujitsu put in place to prepare project managers fully at the start of their careers.

  • Project Management Journal

    Work Outcomes of Job Crafting among the Different Ranks of Project Teams member content locked

    By Haffer, Rafal | Haffer, Joanna | Morrow, Donna Lynne This study examined the effects of job crafting on the work meaningfulness and work engagement of project participants of different ranks.

  • PMI Case Study

    Airbus Flies Higher with NextPerts member content open

    How does an organization like Airbus identify and develop next-generation project leaders who can drive innovative solutions across the enterprise?

  • PM Network

    Office Redux member content open

    By Ali, Ambreen | Hendershot, Steve | Hermans, Amanda | Thomas, Jen | Wilkinson, Amy When COVID-19 rocked the global workforce, the reaction seemed obvious: send employees home, if possible. But a return to the office has been far more fitful. In China, real estate firm Cushman &…

  • PM Network

    Digging Deep member content open

    By Parsi, Novid Iron ore mining projects are on the rise again in Australia. After prices plummeted in 2015, the sector is expected to see an increase in export volumes of iron ore from 847 million metric tons in…