The big lie of millions of information security jobs

Ben Rothke
8 min readNov 28, 2023

How can you know how many security jobs there are if there’s no real statistical data available?

https://imgflip.com/i/87fumc

Millions of information security jobs

As I wrote in Is there really an information security jobs crisis?, reports of millions of information security jobs are an exaggeration. Be it Cybersecurity Ventures which says there will be 3.5 million unfilled positions in 2025, or the ISC2 Cyber Workforce Study 2023 stating that there are roughly 4 million cybersecurity professionals needed worldwide, those numbers are not statistically defendable.

Nearly every story in the media, from Fortune with The cybersecurity industry is short 3.4 million workers — that’s good news for cyber wages, IBM with Bridging the 3.4 million workforce gap in cybersecurity, to the Institute for Pervasive Cybersecurity at Boise State University all reference the same ISC2 and Cybersecurity Ventures data.

The lack of empirical data has created a vacuum and no organization has filled that better than Cybersecurity Ventures. Even the vaunted McKinsey & Company quoted them in New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers.

--

--

Ben Rothke
Ben Rothke

Written by Ben Rothke

I work in information security at Tapad. Write book reviews for the RSA blog, & a Founding member of the Cloud Security Alliance and Cybersecurity Canon.

Responses (11)