Cybersecurity Skills Gap in Higher Education: What’s the cause and how can we fix it?

Cybersecurity Skills Gap in Higher Education: What’s the cause and how can we fix it?

May 11, 2023

It’s no secret that most higher education institutions are at severe risk due to the shortage of professionals with the latest cybersecurity skills. Even worse is the notion that this trend shows no sign of abating.  According to the survey conducted by the Information Systems Security Association International, 95% of respondents claim that the cybersecurity skills shortage and its associated impacts have not improved over the past few years, and other major clusters say it has only gotten worse. In this blog, we look at the reasons why and what can be done to address this growing issue.

Cybersecurity Talent Shortage

As the demand for cybersecurity professionals increases, colleges and universities are finding it increasingly difficult to attract and retain qualified candidates. This shortage also impacts the private sector which is competing for the same pool of talent. Professionals with specialties in cloud computing security, security analysis and investigations, and application security are the three most often reported areas of serious cybersecurity talent shortages. Unfortunately, these three areas are considered critical when looking at the integrity of a higher education institution’s cybersecurity.

A recent report by Cyberseek indicates there are roughly 1.1 million individuals engaged in cybersecurity in the United States; however, there are more than 700,000 vacant security positions. Another research by Cybersecurity Ventures says that the global cyber workforce shortage is estimated to be over 3.5 million.

Lack of Investment in Cybersecurity Education: Many higher education institutions have not made cybersecurity a priority, and as a result, they are not investing enough in cybersecurity education programs. Cybersecurity courses may be limited to basic concepts, leaving students with a limited understanding of the true complexities within the field. Ultimately, this drives a shortage of skilled professionals coming into the workforce who can effectively address the increasing cybersecurity threats.

Rapidly Changing Technology Landscape: As the technology landscape evolves, so does the cybersecurity landscape. Professionals must keep up with the latest technologies and trends to effectively address the changing threats. As a result, cybersecurity professionals require ongoing training and education, which is not always available or accessible either due to limited resources or budgetary restrictions.

Lack of Diversity and Inclusion: Diversity and inclusion are critical components of a successful cybersecurity program. But the unfortunate reality is that the cybersecurity industry has a history of underrepresentation of women, people of color, and other marginalized groups. As a result, we see that the lack of diversity in the cybersecurity workforce drives a narrow perspective and limited solutions to complex security problems.

Leaving Higher Education for Other Sectors: As talent seeks new opportunities in the private sector, higher ed institutions are often challenged to deliver desirable benefits to support employee retention. With cybersecurity roles in high demand, the private sector can often offer higher salaries and better benefits, making it difficult for colleges and universities to compete. Additionally, higher education IT professionals often feel unsupported by institutional leadership. The lack of funding and resources for cybersecurity initiatives leads to an increased workload which causes burnout, frustration, and an increase in employee turnover.

What can Higher Education do to address the cybersecurity skills gap?

Addressing the cybersecurity skills gap in higher education IT requires a collaborative effort. Here are OculusIT’s recommendations on steps your institution can take:

  • Invest in cybersecurity education: Institutions must prioritize cybersecurity education (both in the classroom and continuing education for staff) and invest in ongoing training and development for existing IT staff
  • Partner with industry experts: Aligning your institution with cybersecurity experts and companies will introduce real-world experiences and expertise; your institution can supplement existing knowledge and provide insights into current cybersecurity threats and trends
  • Foster a culture of cybersecurity: Proper cybersecurity measures should be ingrained in the culture of your institution; create a cybersecurity policy, promote awareness, and make training on cybersecurity best practices readily available for all students, staff, and administration
  • Encourage diversity and inclusion: Recruit and hire cybersecurity professionals from diverse backgrounds to bring in new perspectives to solving cyberthreats
  • Collaborate with other Higher Ed Institutions: Share knowledge and resources with other colleges and universities in your region or consortium; participate in cybersecurity research projects, share best practices, and create a reliable network of cybersecurity professionals
  • Focus on retention: Employee satisfaction and ensuring your team has the resources for success can help create a more flexible and stress-free work environment which can help reduce the number of IT employees leaving higher education for private sector


As one of higher education’s leading Managed IT Services Provider, OculusIT offers a multitude of services that can help your institution combat the growing skills gap within your internal teams. From staff augmentation and IT outsourcing services, we have resources available to help support projects big and small.

Is your institution looking for the right candidate to fill the major IT skill jobs? Or perhaps you want to add an extra resource to help manage your existing projects? OculusIT IT Staff Augmentation Services can help! Contact us now.