The Wall Street Journal reports today (2023-08-21): More Cyber Companies Announce Layoffs. It’s not a clickbait headline, there really are companies laying off cybersecurity workers but it’s important to realize it isn’t indicative of the larger job market.

The companies listed (Rapid7, Secureworks [owned by Dell], HackerOne, Dragos) only do cybersecurity: there are not other workers to lay off.

A cybersecurity recruiting firm in the article is quoted:

The uptick in cy­ber­se­cu­rity job seek­ers gained steam late last year and is con­tin­u­ing, said Mark Sas­son, man­ag­ing part­ner at Pin­point Search Group, a re­cruit-ing firm in cy­ber­se­cu­rity.

Headlines from last year announce that cybersecurity has a 0% unemployment rate. Overall, there is clearly more demand for workers than people available to fill the roles.

In addition, the landscape still favors the bad guys. From my POV, things are marginally better for Windows based environments today than they were five years ago but by no means where the must be. The number of types of attacks to defend against mean that those of us in the industry increasingly need to use new tools to protect against cyberattacks — man power isn’t enough.

Businesses large and small will continue to rely on outsourcing major portions of security because it isn’t possible to maintain enough skill in house, only companies that offer security to many organizations can achieve the economies of scale needed at the macro level to come close to filling the cyber gap.

Finally, government regulation is finally stepping up after decades of ignoring risk. This is happening on the state level, and in multiple laws and regulations at the federal level. Some of the specifics are onerous but on the whole this regulation is needed — it essentially outlaws gross negligence on the cyber side of business.

Don’t read the article and think that the need for cybersecurity is abating— there is no end in sight.