While many companies offer heftier salaries and better benefits, others are trying fractional IT security positions and more intelligent systems to ease the shortage of security professionals.
Bluelock, an Indianapolis-based cloud provider of disaster recovery services, has had to struggle to attract the right security staff to help the company develop and manage its cloud service.
Being based in the Midwest, the company has to compete against both the West Coast and East Coast for talent. As Indianapolis becomes more of a tech hub, they compete with other local companies, as well.
The competition is fierce for developers and IT professionals, but even more so for security experts, said Jeff Ton, executive vice president of products and services for Bluelock and a former CIO for Goodwill Industries.
With security skills a necessity for nearly 25 percent of its workforce, the company has hired aggressively and fought to keep its employees. In addition to beefing up benefits, Bluelock has focused on working with its IT staff to develop their individual careers by putting an emphasis on continuing education and interesting projects. For the most part, the approach has worked and attrition rates are low, Ton said.
"You have to attract new talent, and once you attracted them, you have to keep them," he said. "So we have to make sure that they see Bluelock as an attractive place to work."
Developers and IT professionals have always been in short supply. Yet, with breaches regularly making headlines, workers with cyber-security skills are finding themselves in even higher demand. Companies are having trouble finding qualified candidates, and when they find them, they have trouble retaining their new hires.
In a 2015 survey of 14,000 global respondents
, Frost & Sullivan found that 62 percent of respondents felt they had too few security professionals, compared to 56 percent who felt the same in a 2013 survey. Based on the demand, the research firm estimated that the shortfall in global information security workers would reach 1.5 million in 2020, even though almost 200,000 skilled workers were expected to join the workforce in 2015.
The shortfall means that hiring cyber-security professionals is expensive. Workers in IT security get 9 percent more than other IT workers, or about $6,500 per year, according to Burning Glass
, a provider of data-analysis technology for human-resource groups. In 2014, there were almost 240,000 postings for positions having to do with cyber-security, accounting for 11 percent of all IT jobs.
Much of the demand could likely be offset by more efficient use of skilled workers and more intelligence tools, said Uday Veeramachaneni, co-founder and CEO of Pattern Ex, a startup that uses artificial intelligence and pattern-recognition software to identify attacks that resemble issues that analysts have previously discovered.
To date, most companies have been very inefficient in how they secure their systems—for the most part, not through any fault of their own. Information-security technology has typically been a hodge-podge of products and systems that companies often lack the expertise to integrate. As a result, many companies' current approach to security is just throwing more bodies at the problem, he said.
"Most companies, when they find that [they] are missing attacks, the natural reaction is to hire more humans," Veeramachaneni said.