Jan 24, 2023 - Technology

Cybersecurity hiring remains strong amid tech layoffs

Illustration of a lone keyboard key with a briefcase icon on it.

Illustration: Aïda Amer/Axios

The demand for cyber workers kept steady in recent months as the broader tech industry suffered from a wave of cost-cutting layoffs, according to data published today.

Why it matters: Cybersecurity job openings present a bright spot in an otherwise grim hiring outlook for the tech sector.

By the numbers: The total number of employed cybersecurity workers in 2022 remained relatively unchanged from previous estimates at around 1.1 million, according to new data from the National Initiative for Cybersecurity Education at the National Institute of Standards and Technology, trade group CompTIA and data firm Lightcast.

  • At the same time, employers posted 755,743 cyber job openings throughout all of 2022 — down roughly 2% from the 769,736 posted between October 2021 and September 2022, the last time these groups compiled such data.
  • Public-sector cybersecurity demand grew 25% throughout 2022 with 45,708 job postings, the report says. Private-sector demand grew roughly 21% to about 710,000 listings.

The big picture: Will Markow, vice president of applied research at Lightcast, told Axios that although demand for new cyber hires didn't skyrocket, it "definitely still remains as strong as it has ever been."

  • The two most in-demand roles remain cybersecurity engineers and cybersecurity analysts, Markow said, adding that there is also strong demand for penetration testers and network security architects.

Zoom out: Employers have been struggling for years to fill open cybersecurity roles.

  • In 2022, there were 68 cybersecurity workers for every 100 open roles, according to the new data. The U.S. needs nearly 530,000 additional cybersecurity workers to bridge the gap.

Between the lines: The scarcity of workers puts cybersecurity employees in a better position to survive layoffs across the tech industry, Markow said.

  • "There's still going to be attacks coming from every angle," Markow said. "Laying off cybersecurity workers feels a lot like firing the sheriff when Billy the Kid is riding into town."

Yes, but: Some cyber workers have still been victims of layoffs. Last week, TechCrunch reported that Sophos plans to lay off 450 employees, or roughly 10% of its workforce.

The intrigue: An economic downturn could inspire more employers to prioritize entry-level cybersecurity hires, who often have lower salaries and have traditionally had difficulties breaking into the industry.

  • Only 10% of cyber jobs are open to someone who doesn't have a bachelor's degree, and about 10% to 15% of roles are open to people who have less than three years' experience, Markow told Axios.
  • "This is effectively cutting out the entry-level rung in the cybersecurity career ladder and making it very difficult for us to bring fresh blood into the industry," he added.

The bottom line: As hacks and breaches increase, cybersecurity isn't seeing the same devastating round of layoffs as other tech industries.

  • Instead, the industry is still struggling to build up the workforce it needs to meet demand.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper