Today, the cyber security profession itself is facing a crisis that requires a different kind of management. There is a critical skills gap in the profession that will leave many crucial positions unfilled, jeopardizing the security of enterprises around the world.

The research firm Frost and Sullivan recently partnered with cyber security industry association (ISC)² on (ISC)²’s annual Global Information Security Workforce Study. The 2017 report of this study revealed an extremely significant finding: “Frost & Sullivan projections show that the gap between available qualified professionals and unfilled positions will widen to 1.8 million by 2022.”

Think about that number for a moment. It’s an astonishing number of cyber security employment positions. If every single adult in the state of Arizona quit their jobs today and trained to become an information security professional, the industry would still be short about 200,000 qualified individuals!

While this number represents a crisis for CISOs, hiring managers, and HR departments, there’s a silver lining for cyber security professionals. Increased demand and reduced supply in the profession means that there will be plenty of job opportunities over the next decade. It’s a wonderful time to take stock of your current career path, set a target for your next step, and prepare yourself for a promotion.

A cyber security generalist with a Security+ or SSCP certification would do well to specialize in a security subdiscipline and add a few relevant credentials to his or her resume, in preparation for the looming staffing crisis.