Cybersecurity jobs during a downturn: Are companies hiring or firing?

Spend a little time on LinkedIn right now, and your mood is bound to grow dark. Every other post, it seems, is someone announcing they’ve been laid off by a tech company. Even cybersecurity companies are downsizing, though many are still struggling to fill open cybersecurity jobs. 

So, hiring or firing? A little of column A, and a little of column B.

According to Sam Sabin of Axios Codebook, more than 57,000 people at tech companies have been laid off this month, and that isn’t likely to improve. 

But the total number of employed cybersecurity workers in 2022 was relatively unchanged from previous estimates at around 1.1 million, according to new data from NIST, CompTIA and Lightcast.

At the same time, employers posted 755,743 cyber job openings throughout all of 2022 — down roughly 2% from the 769,736 posted between October 2021 and September 2022, the last time these groups compiled such data, the report said.

Public-sector cybersecurity demand grew 25% throughout 2022 with 45,708 job postings, the report says. Private-sector demand grew roughly 21% to about 710,000 listings. And there were 65 unfilled positions for every 100 open jobs. If you’re a company trying to hire cybersecurity professionals, those are difficult numbers. 

But cybersecurity companies are also laying off workers. TechCrunch reported that cybersecurity company Sophos planned to lay off 450 workers. According to Layoffs.fyi, 1,059 people have been laid off by security companies in December and January. While compared with the massive layoffs by companies like Google (12,000), Meta (11,000), Microsoft and Amazon (10,000 each), 1,000 jobs lost isn’t a huge blow. But in cybersecurity, a loss of staff can have devastating consequences. 

“There’s still going to be attacks coming from every angle,” Will Markow, vice president of applied research at Lightcast, told Axios. “Laying off cybersecurity workers feels a lot like firing the sheriff when Billy the Kid is riding into town.”

According to Cobalt’s 2022 State of Pentesting Report, 90% of respondents who have suffered shortages or lost team members are struggling with workload management, Forbes reported. 

Talent shortages slow teams down, “both in fixing critical vulnerabilities and meeting launch deadlines. In addition, the quality of developers’ work drops, raising the chance that new code will bring in even more vulnerabilities,” the Cobalt report said. Sixty-six percent struggle to maintain high quality security standards; 70% struggle to consistently monitor for vulnerabilities; and 69% struggle to monitor for and respond to security incidents, the report said.

Nearly every security team has been, is, or will be struggling with finding and retaining talent, Cobalt said. Forty-five percent of security respondents said their department is experiencing a shortage of employees, 11% expect to have this challenge in the near future, and 38% said they had to deal with it in the last six months, but have been able to resolve. There’s a more distressing trend: people are quitting their jobs — 84% of respondents said someone from their team has left within the past six months.

“Teams are stressed and burnt out. A large portion of respondents are considering quitting their jobs,” Cobalt said, though that isn’t news – cybersecurity pros have struggled with stress and burnout for years now. The report said 54% of security practitioners are considering quitting their jobs, and 53% of developers are considering leaving.

With more than half a million cybersecurity jobs open, could those jobs be filled with people who’ve recently been let go? Perhaps, or as Axios posits, it could mean cybersecurity companies focus on hiring younger workers with less experience who also cost less. 

Either way, it doesn’t bode well for the state of cybersecurity in the coming year. 

The good news is that Fast Future Country has many talented cybersecurity professionals working at businesses ready to serve your business’ needs. Check out our Innovation Locator to find a qualified security company in your area.

Do you like this content? Sign up for the IT Strategy Report newsletter.