Cybersecurity Downturn

It’s started. The cybersecurity industry is experiencing a down turn in employment. The most recent numbers as of May 1st indicate that all but four of the major cateogries have experienced declines since the beginning of the year. The exceptions were API Security (+1.6%), Training (+1.1%), Operations (+.3%), and Application Security (+.2%).

When I saw this my first reaction was to question the data. It is collected every month from LinkedIn. Head count figures from LinkedIn are generally reliable because a person’s employment is self reported. It is very hard for a company to game the system to inflate their numbers. That said, a company can bar their employees from revealing their employment, or at least ask them not to. I have encountered this with MSSPs that want to avoid having their highly skilled SOC analysts poached by competitors.

Did LinkedIn clean up millions of fake accounts in April? Could that account for the change? Last year Brian Krebs dug into the fake account issue on LinkedIn and reported that LinkedIn purged almost half the total of accounts claiming to be employed at Amazon and Apple. Here are a few tests we conducted to see if there had been a purge.

IT-Harvest. Linkedin reports 12 people at IT-Harvest. Aside from Craig Kensek who passed away last summer, one of them is a likely fake account. Razu Ahammed has no association with IT-Harvest but claims to have been an IT Executive with us since 2017.

So no cleanup has occured here.

noname security. This API security vendor has been difficult to track because so many test and fake accounts choose it as their employer. Last year we audited noname and discovered about 40 obviously fake accounts. If LinkedIn has been purging accounts, noname’s numbers should drop by 40. But it only dropped by 8 in April.

[redacted] is another problematic company to track. Security minded people think it is clever to choose “redacted” as their employer. In 2021 reported numbers fell off a cliff probably due to some action taken by the company to clean things up. But in April the head count dropped by just 16 people.

Axis Security. It turns out that there are several Axis Security companies around the world. Only one is a Secure Serive Edge (SSE) company. The rest are security guard companies, one in India. The cybersecurity company has struggled with employees of the physical security companies choosing the wrong employer when they get on LinkedIn. The decline in early 2022 was the last time they got LinkedIn to purge those connections.

HPE announced they were acquiring Axis Security in March. Often an acquisition leads to a dramatic drop in the numbers for the acquired company. Mandiant, for instance, dropped in half when Google completed the acquisition last year. This is in part due to a reduction in force but primarily because the employees rush to list their new employer on their profiles. This has not happened at Axis.

These spot checks lead me to believe that the downturn is real. But there is another factor to consider.

When they lose their job people tend to not update their LinkedIn profile immediately. It is easier to job hunt if you are not out of work. They do not update their profiles until they have landed a new job. So the head count data we collect on 3,400+ companies is very accurate when companies are growing, but lags when they are shrinking.

So the dramtic drop across the board in April indicates that the decline in the cybersecurity industry started several months ago and will continue to show up in our data for months to come. 2023 may well be the worst year for industry employment ever.

Does this mean that spending on cybersecurity is dropping as well? Not necessarily.

This listing of earnings reports from the Stonepipe Advisors news letter shows six out of seven beat analyst’s expectations.

Revenue was up at six as well. In the meantime Zscaler had to pre-announce last week beacuse their revenue was going to exceed their own guidance. On top of that, cybersecurity stocks have been rallying since January 6. I track those on this Google sheet.

Certainly the industry has put the brakes on hiring this year. Most vendors are slowing or freezing their hiring and not replacing people who leave. But this may be a good thing as revenue grows and runways are extended.

It’s not all bad news. Over one thousand vendors increased head count in the first four months of 2023. Of companies with more than 50 employees 218 grew by more than 5%. These are the categories and countries those vendors are in.

Subscribe to keep up to date on on the entire cybersecurity industry.

And reach out if you want to get access to the only platform for researching the cybersecurity industry.