The big lie of millions of information security jobs
How can you know how many security jobs there are if there’s no real statistical data available?
Millions of information security jobs
As I wrote in Is there really an information security jobs crisis?, reports of millions of information security jobs are an exaggeration. Be it Cybersecurity Ventures which says there will be 3.5 million unfilled positions in 2025, or the ISC2 Cyber Workforce Study 2023 stating that there are roughly 4 million cybersecurity professionals needed worldwide, those numbers are not statistically defendable.
Nearly every story in the media, from Fortune with The cybersecurity industry is short 3.4 million workers — that’s good news for cyber wages, IBM with Bridging the 3.4 million workforce gap in cybersecurity, to the Institute for Pervasive Cybersecurity at Boise State University all reference the same ISC2 and Cybersecurity Ventures data.
The lack of empirical data has created a vacuum and no organization has filled that better than Cybersecurity Ventures. Even the vaunted McKinsey & Company quoted them in New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers.
