In a 2023 paper, the National Institute of Standards and Technology (NIST) found that 1,129,659 people were employed in cybersecurity in the U.S. workforce. However, there were over 660,000 openings, a cybersecurity talent gap that experts say has only widened since then. Worldwide, the tech shortage balloons to over 3.4 million. According to the NIST survey, employers seek specialists in cloud security, cyber threat intelligence, and malware analysis.
Closing the gap in cybersecurity talent
Amid the growing cybersecurity employment gap, managed service providers (MSPs) have a real opportunity to fill the void. However, they are experiencing the same hiring issues as other companies. The shortage itself can cause cybersecurity challenges.
“In a perfect world, a large enterprise, take a school for example, would have a deep bench of IT talent on the payroll ready to go, but that isn’t the world we live in,” remarks Greg Summers, an independent cybersecurity consultant in San Francisco. “The lack of human eyes on systems definitely can create a risk because while artificial intelligence (AI) is a super tool, it still can’t beat the human experience and wisdom that might detect anomalies in systems caused by bad actors,” states Summers. He goes on to add that the lack of cybersecurity talent is especially damaging in healthcare and finance where copious amounts of sensitive data are handled daily.
“I know of large companies that would give anything – including hefty recruiting bonuses – to land top-flight cybersecurity talent, but the talent just isn’t there,” Summer explains, adding that lack of talent leaves everyone exposed. “And the problem is getting worse. In 2025, when you have so many threats from foreign and homegrown actors, we need all the IT talent we can get,” he adds. “This is where MSPs are worth their weight gold; they can spread the IT talent wherever there is a void.”
Summers shares that in 2025, MSPs should focus on growing their own talent pipeline by partnering with technical schools, colleges, and even high schools to help fill the talent gap. You want to try to be the first to tap the talent, and that means mentoring and hiring at the youngest of ages, which will reap dividends for everyone.”
Empowering MSPs to navigate talent shortages
Robert Griffin, founder and CEO of the cyber risk and security platform Qualsis, works with MSPs to help them navigate the changing tides of technology and security. “As organizations face tighter staffing, the solution isn’t simply hiring more technicians—from our perspective, it’s about empowering existing teams through process efficiency, automation, and AI. By streamlining routine tasks, technicians can focus on high-stakes security measures, ensuring robust client protection even amid talent shortages.”
Jeff Le, Managing Principal at 100 Mile Strategies, says that, unlike other industries, the recent Bureau of Labor Statistics and CompTIA found that the tech sector had fewer declines overall. “But that does not account for the talent needed to do particular areas of IT, especially in IT senior management.”
Finding talent overseas is becoming increasingly common to plug the gaps here.
“More companies are turning overseas and have been for some time to save on costs, have time zones work in their favor continuously, and have other experiences to bear,” Le notes, adding that he has seen partners and clients doing more to partner with entities in Israel, Romania, Ukraine, El Salvador, and Kenya to have more IT-as-a-service where smaller organizations are lacking the capacity while also trying to adopt AI and other tools to innovate and use less rank-and-file human talent. “this, though, does not address broader cyber jobs and vulnerabilities.”
Managing risks
Le says he doesn’t expect the talent shortage to end anytime soon.
“The former Biden White House’s Office of the National Cyber Director found that over 500,000 cyber roles were open. I anticipate that number will stay steady where cyber offensive tools are growing exponentially in their aggressive targeting and where AI defense still has not caught up,” Le shares. He agrees that the skill shortage itself creates cybersecurity risks, which all stakeholders need to be aware of. “Upskilling and growing capacity with staff can be valuable for preventing groupthink and creating opportunities for new talent to emerge. However, four quarters do not equal a dollar here. The most up-to-speed people who can utilize key tools and understand how they fit together are rare. With this deficit, there are meaningful challenges to secure environments without a stronger technical leadership role with appropriate staffing.”
The ongoing cybersecurity talent gap poses significant challenges for organizations. While MSPs are well-equipped to help address this gap, they are also experiencing staffing shortages and an increasing demand for skilled professionals. To overcome these obstacles, MSPs should adopt innovative solutions such as process automation, AI, and strategic talent development to optimize their existing teams.
Photo: iLixe48 / Shutterstock
