By Paul Bingham
Layoffs and staff reductions at Big Tech companies such as Microsoft, Amazon, and Google have become all-too-frequent news headlines over the past six months, leaving many wondering, ‘Are cybersecurity jobs secure?’Adding to economic tensions already plagued with inflation and other financial uncertainties, these headlines seem daunting, if not downright depressing.
When I read about these layoffs, I think immediately of the human impact. Thousands throughout the country have been deeply affected by job loss, and we cannot minimize the impact felt by their families. I extend my best wishes to all who have been affected.
The headlines do little justice to the tremendous potential, increases, and growth in tech jobs across the US economy. At time of press, the US labor economy in general remains very strong: The U.S. economy added 4.5 million jobs in 2022, and the unemployment rate in December 2022 fell from 3.7% to 3.5% to match a 50-year low. After the number of open roles in the U.S. surged to 11 million in December, the economy then added more than 500,000 jobs in January — an unexpected turn that pushed unemployment down to 3.4%. Little has changed through the early months of 2023 with the unemployment rate at 3.5% as of March 2023, and reports show over 200,000 jobs were added in that same month.
Despite the recent tech layoffs, the tech industry is still growing in Washington state. Nearly 1 in 10 residents (9.4%) is in tech, which is higher than the national average of 5.8%. Futher, more than 40% of job openings are for tech companies.
As consumers moved to the internet in droves during the COVID-19 lockdowns, companies responded to the sheer volume of activity to match the demand. This led to an extraordinary need to increase the Big Tech workforce at a rapid rate—adding tens of thousands of jobs. As consumers have slowly returned to pre-pandemic ways of life, companies have needed to adjust to the reduction in demand for their services and related revenues. As several Big Tech CEOs have stated, the recent layoffs have been a result of those business adjustments.
Most analyses of the layoffs indicate the largest reductions affected employees in HR and talent sourcing positions, followed by Software Engineering and Sales and Marketing. The data also demonstrate that the average time on the job before the layoffs was just over two years, which shows that many employees who were hired during the early months of Covid-19 to meet the surge in demand were those most affected by the retraction in demand. Our accountant friends would categorize this as a LIFO (last in, first out) strategy. Noticeably absent from every categorization of layoffs was the mention of cybersecurity personnel.
So, the question remains: where does this leave cybersecurity professionals?
During the January NICE (National Initiative for Cybersecurity Education) Community Coordinating Council meeting, my esteemed co-chair Bridgett Paradise, Chief People and Culture Officer at Tenable, made the following statement, confirming much of what I have seen through the past few months: “There has been a profusion of layoffs in the high-tech industry. 216,000 tech- industry workers have lost their jobs since the start of the year ranging from recruiters to system engineers. Cybersecurity jobs have not been greatly impacted by the layoffs. The demand continues to grow for cybersecurity talent in all sectors. The scarcity of cybersecurity workers puts people in cybersecurity roles in a better position for surviving the layoffs. The work of the cybersecurity workforce cannot be underestimated.”
The imperatives for human survival are food, water, and shelter. The imperatives for corporate survival are revenues that exceed expenses and, increasingly, a secure cyber environment. If a tech company has unfilled dev roles, they may miss a launch deadline here or there. As a result, their short-term revenues may suffer, but their business will continue. If they have unfilled cybersecurity roles, their risk of suffering a catastrophic cyber incident increases; the result of which may cause their business to fail. The security imperative demands successful hiring, retention, and job growth in all cybersecurity roles.
CTOs and CIOs agree on one thing: It would be dangerous, if not catastrophic to downsize cybersecurity jobs. About 26% of organizations surveyed by PriceWaterhouseCoopers expected to grow their cybersecurity budgets by 11% or more in 2022, and more than half planned to increase their budgets by at least 6% to defend against increasingly complex cyber attacks. In the balance, these investments are a bargain compared to an estimated annual loss of $445 billion to cyber criminals and Cybersecurity Ventures’ assertions that by 2025 cybercrime losses will exceed $10 trillion.
Most sources cite over 700,000 cybersecurity job openings in the US. Cyberseek.org estimates that there are only enough workers in the US to fill 68% of the cybersecurity jobs that employers demand. The Bureau of Labor Statistics says that security careers in tech will have a job growth of 31% over the next few years, which is much faster than most industries. The “2022 Cybersecurity Skills Gap" report from Fortinet found that 60% of businesses struggle to recruit cybersecurity talent while 52% find it hard to retain them, putting many organizations at risk. Almost every industry and government organization require some form of cyber security, so the need for talented professionals will continue to be strong for the foreseeable future.
Don't let news of Big Tech layoffs deter you from pursuing a career in cybersecurity. Over 90% of cybersecurity job postings require at least a bachelor’s degree, making a cybersecurity degree an optimal choice. Additionally, a master’s degree in cybersecurity can help candidates stand above the competition for leadership roles. Industry certifications are a nice complement to formal degrees. At WGU, we like to say, “Certifications help you get a job, degrees help you build a career.”
Bio: Paul Bingham is a Vice President and Dean in WGU’s College of Information Technology, where he leads four cybersecurity degree programs with a combined enrollment of over 17,500 full-time students. Paul holds several industry certifications including CISSP, CPA, GPEN, GCIH, and GSTRT.