Cybersecurity is one of the top concerns for the government and American businesses.
But there are not enough trained experts for all of the open jobs.
63% of IT employees say there are open cybersecurity positions at their workplace, according to recent data.
Almost two-thirds say it takes at least three months to fill those jobs.
Experts say because of the job market conditions, it’s best for companies to focus on the talent they already have.
“You have to have an organizational training program. And if you can't do it in-house, you've got to find a service that's going to do it for you, to kind of help you grow your own talent. This problem that we have, it's not going to go away. If anything, I think it's going to get worse,” warned Jonathan Brandt, Director of Professional Practices and Innovation at ISACA.
Hiring managers face a second problem -- new employees don't always have the knowledge they need.
The largest skills gap in a recent survey is in soft skills, including writing, critical thinking, honesty and empathy.
“The thing that was disturbing to me, the thing that stood out most, was how low they rated honesty and empathy,” Brandt said.
“You have to have empathy with the business leaders and what it is they're trying to accomplish because you're a partner to them to help them achieve objectives.”
Experts say there is an opportunity for companies who are willing to train people on some of the other skills they need, like coding, Cloud computing and security controls.
There is also a push to get rid of the four-year degree requirement for some cybersecurity jobs.
This year, 52% of organizations required a degree for entry-level cybersecurity work.
Last year, it was 58%.