Demand for cybersecurity skills is asking for a mathematical impossibility?

  • SpinRite v6.1 is Released!
    That's right. SpinRite v6.1 is finished and released. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

As we all know, there is an acute global shortage of cybersecurity professionals. I think a big part of this problem is on the demand side. As I wrote in my blog article,

Demand for cybersecurity skills is asking for a mathematical impossibility​

As I mentioned before in this article,
In this Information Age, changes are happening at an accelerating rate. There will always be new processes, new technology, new software, new hardware and new information coming in.
The work that you do will always be changing. Your experience will grow along with your work, even in the absence of training and development by your employer.
But there is one problem.
The specific configuration of experiences you gain will be unique to your company only. Since no two companies are identical, no two people with the same job title in different companies will have an identical configuration of experiences. In other words, you, along with many others, have become a unicorn.
This is especially true for technology workers.

Let me quantify the level of uniqueness of modern technology workers. In cybersecurity alone, there are 3,500 different specialisations. Let’s say in a typical cybersecurity job, employers are looking for experience in 5 different specialisations. How many permutations and combinations of 5 specialisations can you get from 3500 specialisations? Using this Excel formula, COMBIN(3500,5), I get 4,364 trillion! If I am looking for only 2 specialisations, the number of permutations and combinations drops down to 6.1 million.

In typical technology job postings, it is common to see employers demanding several to a dozen specialisations. For a dozen specialisations, this is the number of permutations and combinations:


No matter how you cut it, the demand for cybersecurity skills has reached a mathematical impossibility. That is the real reason why there is a skills '‘shortage’ in cybersecurity (and technology in general). The supply cannot be filled globally. It is a mathematical impossibility.