Skill gap plagues cyber security industry as jobs go unfilled
India’s cyber security industry is grappling with an ongoing skill shortage, resulting in numerous unfilled vacancies. This stands in contrast to a broader downturn in technology spending and hiring that has led several companies to prune their workforce.
The industry saw more than 40,000 job postings in the first five months of 2023, according to a report published by staffing firm TeamLease Digital on 21 June. However, it added that nearly 30% of them remained vacant despite strong demand and rising salaries for such roles.
Experts say a shortage of skilled professionals for requisite roles, high attrition levels, and often-extreme stress levels is impacting the industry.
Another report by TeamLease Digital projected on 28 March the information technology (IT) services sector, India’s biggest tech recruiter, to cut annual hiring figures by up to 40%.
“Last year, the cyber security industry had about 45,000 open opportunities, with a 37% gap in supply of skilled professionals,” Sunil Chemmankotil, chief executive of TeamLease Digital said.
IT services companies have also highlighted their struggles in hiring cyber security personnel. In an interview on 22 June, Debashis Chatterjee, managing director and chief executive of IT services firm LTIMindtree, said the company continues to recruit cyber security talent despite a drop in overall hiring across the organisation.
“There are niche skill requirements in the present market that our clients look for and are willing to spend — cyber security is one such area where the demand is persistent,” he said.
Chemmankotil at TeamLease Digital, however, said most of the cyber security recruitments have taken place in entry-level and mid-junior levels, leaving mid-career and upward roles mostly vacant. Among roles that remain unfilled include IT auditor, information security analyst, network engineer, cloud architect, penetration tester, forensics analyst, and top posts such as chief information security officers (CISOs) and cyber security directors.
This is happening despite a considerable rise in salaries for top cyber security talent. Data regarding cyber security salaries, sourced by Mint from TeamLease Digital, showed that the salary of a CISO (chief information security officer) with over 12 years of experience has increased by over 30% in the past one year to nearly ₹80 lakh per annum.
Mid-career network engineer roles, requiring 8-12 years of work experience, have seen a rise of over 25% in average salaries in the past 12 months, with average payout rising to ₹23 lakh per annum, up from ₹18 lakh. IT auditor jobs have seen average salaries rise to ₹25 lakh for employees with 5-8 years of work experience, up from ₹20 lakh a year ago.
Industry experts attribute the rise in payouts to the talent shortage plaguing the industry, especially for senior roles.
“While upskilling and reskilling are parts of most job profiles, the rate at which it happens vis-a-vis the nature and speed of evolution of cyber-attacks do not match. Many companies have to fill open cybersecurity roles with regular candidates, as a result — those with a degree in a related field or previous cybersecurity work experience,” said Prateek Bhajanka, CISO and director, APJ at US-based cyber security firm, SentinelOne.
Sandip Kumar Panda, co-founder and chief executive of Delhi-based cyber security firm Instasafe, added that a widespread lack of adoption of open-source standards, including training programs and curriculum courses based on open-source technologies, is a significant barrier in upskilling cyber security talent.
“Upskilling is happening but not at the rate that it should happen in the country. Unless there is an open-source culture, where more are given the freedom and flexibility to fix errors in events such as bug bounty programs and security hackathons — to come up with indigenous security solutions, the skills gap will continue to expand,” he said.
Both Bhajanka and Chemmankotil said that high attrition levels is another reason for the supply gap.
“Many cyber security professionals leave the job midway, owing to immense job pressures. They struggle with new frameworks and models, such as zero trust,” Chemmankotil said.
Experts also added that the irregularity and rising intensity of a cyber security job has also been a deterrent for many. The paucity of talent continues to remain, even as TeamLease data projects the domestic cyber security sector to grow at 8% annually, to be worth $3.5 billion by 2027.