How Secure is Your Company's Security?
By Paul Bingham
Layoffs and staff reductions at Big Tech companies have become all-too-frequent news headlines over the past five months. Adding to economic tensions already plagued with inflation and other financial uncertainties, these headlines seem daunting, if not downright depressing. When I read about these layoffs, I think immediately of the human impact. Thousands throughout the country have been deeply affected by job loss, and we cannot minimize the impact felt by their families. I extend my best wishes to all who have been affected.
The headlines do little justice to the tremendous potential, increases, and growth in tech jobs across the US economy. At time of press, the US labor economy in general remains very strong: The U.S. economy added 4.5 million jobs in 2022, and the unemployment rate in December 2022 fell from 3.7% to 3.5% to match a 50-year low. After the number of open roles in the U.S. surged to 11 million in December, the economy then added more than 500,000 jobs in January—an unexpected turn that pushed unemployment down to 3.4%. Little has changed through the early months of 2023 with the unemployment rate at 3.5% as of March 2023, and reports show over 200,000 jobs were added in that same month.
Utah is currently ranked first in the United States for its economic outlook, while reporting a 2.4% unemployment rate, as noted recently by TechBuzz News. The Bureau of Labor Statics reported 45,000 information jobs in Utah, yet the majority of Utah companies report struggling to recruit and retain tech talent according to a ProFocus Technology survey. When we take a deeper dive into the numbers, we see that although the layoffs are occurring at tech companies, it may not be tech jobs that are in jeopardy.
As consumers moved to the internet in droves during the COVID-19 lockdowns, companies responded to the sheer volume of activity to match the demand. This led to an extraordinary need to increase the Big Tech workforce at a rapid rate—adding tens of thousands of jobs. As consumers have slowly returned to pre-pandemic ways of life, companies have needed to adjust to the reduction in demand for their services and related revenues. As several Big Tech CEOs have stated, the recent layoffs have been a result of those business adjustments.
Most analyses of the layoffs indicate the largest reductions affected employees in HR and talent sourcing positions, followed by Software Engineering and Sales and Marketing. The data also demonstrate that the average time on the job before the layoffs was just over two years, which shows that many employees who were hired during the early months of Covid-19 to meet the surge in demand were those most affected by the retraction in demand. Our accountant friends would categorize this as a LIFO (last in, first out) strategy. Noticeably absent from every categorization of layoffs was the mention of cybersecurity personnel.
So, the question remains: where does this leave cybersecurity professionals?
During the January NICE (National Initiative for Cybersecurity Education) Community Coordinating Council meeting, my esteemed co-chair Bridgett Paradise, Chief People and Culture Officer at Tenable, made the following statement, confirming much of what I have seen through the past few months: “There has been a profusion of layoffs in the high-tech industry. 216,000 tech-industry workers have lost their jobs since the start of the year ranging from recruiters to system engineers. Cybersecurity jobs have not been greatly impacted by the layoffs. The demand continues to grow for cybersecurity talent in all sectors. The scarcity of cybersecurity workers puts people in cybersecurity roles in a better position for surviving the layoffs. The work of the cybersecurity workforce cannot be underestimated.”
The imperatives for human survival are food, water, and shelter. The imperatives for corporate survival are revenues that exceed expenses and, increasingly, a secure cyber environment. If a tech company has unfilled dev roles, they may miss a launch deadline here or there. As a result, their short-term revenues may suffer, but their business will continue. If they have unfilled cybersecurity roles, their risk of suffering a catastrophic cyber incident increases; the result of which may cause their business to fail. The security imperative demands successful hiring, retention, and job growth in all cybersecurity roles.
CTOs and CIOs agree on one thing: It would be dangerous, if not catastrophic to downsize cybersecurity jobs. About 26% of organizations surveyed by PriceWaterhouseCoopers expected to grow their cybersecurity budgets by 11% or more in 2022, and more than half planned to increase their budgets by at least 6% to defend against increasingly complex cyber attacks. In the balance, these investments are a bargain compared to an estimated annual loss of $445 billion to cyber criminals and Cybersecurity Ventures’ assertions that by 2025 cybercrime losses will exceed $10 trillion.
Most sources cite over 700,000 cybersecurity job openings in the US. Cyberseek.org estimates that there are only enough workers in the US to fill 68% of the cybersecurity jobs that employers demand. The Bureau of Labor Statistics says that security careers in tech will have a job growth of 31% over the next few years, which is much faster than most industries. The “2022 Cybersecurity Skills Gap" report from Fortinet found that 60% of businesses struggle to recruit cybersecurity talent while 52% find it hard to retain them, putting many organizations at risk. Almost every industry and government organization require some form of cyber security, so the need for talented professionals will continue to be strong for the foreseeable future. According to a March 2023 report from Cisco, a mere 15% of organizations globally have the 'Mature' level of readiness needed to be resilient against today's modern cybersecurity risks.
Don't let news of Big Tech layoffs deter you from pursuing a career in cybersecurity. Over 90% of cybersecurity job postings require at least a bachelor’s degree, making a cybersecurity degree an optimal choice. Additionally, a master’s degree in cybersecurity can help candidates stand above the competition for leadership roles. Industry certifications are a nice complement to formal degrees. At WGU, we like to say, “Certifications help you get a job, degrees help you build a career.”
- 22% of active UT students are enrolled in the COIT (1,851 active students).
- Of those active IT students, 26% are enrolled in the BS Cyber Security program (473 active students).
- Of the 22,768 UT lifetime grads, 2,196 or 10% are from the COIT.
Survey — Click here to take a very brief survey on this topic. We would like to get a sense of how TechBuzz readers are dealing with cybersecurity issues. We'll share the results in 2 or 3 weeks.
TechBuzz welcomes guest-author Paul Bingham, Vice President and Associate Dean in WGU’s College of Information Technology. Bingham leads four cybersecurity degree programs with a combined enrollment of over 17,500 full-time students. He spent 24 years with the FBI, conducting and managing domestic and international investigations and holds cyber certifications including the CISSP, GCIH, GSEC, and GISP. Bingham earned his Master of Accountancy and Bachelor of Science in Accounting from Brigham Young University.