Towards Understanding the Skill Gap in Cybersecurity

TL;DR

This paper analyzes the cybersecurity skill gap by correlating job ads and curricula data, revealing significant shortages in key security skills and providing recommendations for curriculum improvements.

Contribution

It introduces a novel approach combining manual and automated skill analysis to identify critical cybersecurity skill shortages.

Findings

Significant undersupply in software and application security skills

Strong agreement between manual and text mining skill analyses

Recommendations for curriculum development to address skill gaps

Abstract

Given the ongoing "arms race" in cybersecurity, the shortage of skilled professionals in this field is one of the strongest in computer science. The currently unmet staffing demand in cybersecurity is estimated at over 3 million jobs worldwide. Furthermore, the qualifications of the existing workforce are largely believed to be insufficient. We attempt to gain deeper insights into the nature of the current skill gap in cybersecurity. To this end, we correlate data from job ads and academic curricula using two kinds of skill characterizations: manual definitions from established skill frameworks as well as "skill topics" automatically derived by text mining tools. Our analysis shows a strong agreement between these two analysis techniques and reveals a substantial undersupply in several crucial skill categories, e.g., software and application security, security management, requirements engineering, compliance, and certification. Based on the results of our analysis, we provide recommendations for future curricula development in cybersecurity so as to decrease the identified skill gaps.