Skip to content

Canada's Business and Tech Newsroom

  • Professional Subscription
  • Partnerships & Advertising
  • Licensing & Syndication
Log In Subscribe
Welcome,
  • My Account
  • Log Out
  • Business
  • Tech
  • National
  • The Big Read
  • Briefings
  • Commentary
Search
Log In Subscribe
Welcome,
  • My Account
  • Log Out
The Big Read

Shortage of cybersecurity workers a ‘crisis’ at apex of federal government

OTTAWA — The shortage of cybersecurity workers in Canada is so acute that even the national cyberspying agency can’t get all the people it needs.

The Big Read

Shortage of cybersecurity workers a ‘crisis’ at apex of federal government

With one job in six unfilled, burnout rampant and dropout rates high, even cyberspying agency can’t find people

By David Reevely
Canada was short on cybersecurity workers five years ago, and the problem has only worsened. Perpetually short of people itself, the national Communications Security Establishment emphasizes its protective mission alongside technology in its video pitches for recruits. Photo: CSE | YouTube
Jun 6, 2023
A A
A Small A Medium A Large
Share

Gift

Share

OTTAWA — The shortage of cybersecurity workers in Canada is so acute that even the national cyberspying agency can’t get all the people it needs.

“We’re always looking to hire and we can’t fill jobs fast enough, honestly, just because of the gap,” said Melanie Anderson, director of cryptographic security and systems development in the Canadian Centre for Cyber Security at the Communications Security Establishment.

Talking Points

  • Canada was short on cybersecurity workers five years ago and the problem has only worsened
  • One in six jobs goes unfilled in protecting data and critical infrastructure

The CSE, which answers to the minister of defence, has both offensive and defensive missions. It captures signals intelligence and breaks codes, carries out cyberattacks against threats to Canada and helps the companies that run critical infrastructure in Canada protect themselves from hacks. Some of those assignments involve some exotic work that can offer unique appeal.

But Anderson told The Logic in an interview that a lot of the positions at the CSE are “kind of standard cybersecurity jobs,” such as software development. There are simply too many of those posts and not enough people to do them.

Across the country, one in six cybersecurity jobs goes unfilled, according to the International Association for Information Security Leaders. Canada’s Information and Communications Technology Council calls the situation a crisis. The field has almost zero unemployment and salaries are high, but workers report burnout and many young people who start cybersecurity education programs quit them.

The worries have reached the top of the federal government. Last fall, a standing committee of deputy ministers—the top career public servants in Ottawa—devoted to cyber matters spoke with Chris Inglis, then the Biden administration’s national cyber director, about overhauling Canada’s national cybersecurity strategy.

Related Articles

Magnet Forensics expands to Australia as the government cracks down on cyber crime

By Catherine McIntyre

TransUnion staggers under load of customers seeking credit monitoring after cyberattack

By David Reevely

Through an access-to-information request, The Logic obtained a copy of the preparation package for Public Safety deputy minister Shawn Tupper, who co-chaired the session with Caroline Xavier, the head of the CSE.

The 2018 cybersecurity strategy, which the federal government is revamping, noted there was a talent shortage in the field, but almost in passing. Its prescription was to encourage more students into science, technology, engineering and math (STEM) and to encourage non-STEM students to “specialize in the skills needed for cybersecurity jobs.”

That didn’t work, or not well enough. Meanwhile, a recent CSE assessment found the pandemic-driven shift to hybrid work for many computer-oriented jobs has increased the “threat surface” that cybercriminals and state-sponsored hackers can target.

“I would say there are five overarching themes we’ve heard so far from partners,” said the speaking notes prepared for Tupper at last November’s meeting. “These include the need to address the national cyber-skills gap. If there is one issue everyone can agree on, it is this one.”

(The others were improving public awareness, sharing more information on threats, working together better and addressing cybercrime and helping its victims.)

Amid the desperate shortage of people, the public sector competes with the private sector, small- and medium-sized entities compete with large ones, and Canada competes with the U.S. for the same talented people.

“Cybersecurity is a team sport.” — Melanie Anderson, director of cryptographic security, CSE


One of those small public entities in Canada is British Columbia’s School District No. 42, which covers Pitt Meadows and Maple Ridge in suburban Vancouver. In January, it suffered a data breach, when a database with information about 19,126 students and staff was posted online. 

The material wasn’t intensely private—names, schools, departments and email addresses—but the district warned that bad actors could use it for targeted phishing attacks.

The district’s IT director Kevin Abma was new on the job at the time. The district reported the incident to the RCMP, but nobody has been caught, Abma told The Logic by email. 

He has about 20 staff covering 28 schools and a postsecondary college, with 16,000 students, plus staff and administrators. Rather than hiring cybersecurity specialists, “our approach instead has been to actively train all IT staff in cybersecurity and supplement their efforts with consultants,” Abma wrote.

“This is a topic at every IT-director gathering and a shared area of concern. Everyone knows that it is only a matter of time before their organization is compromised,” he wrote.

User education would go a long way, in Abma’s view: “Being able to offer annual training for staff in the area of cybersecurity would dramatically increase our resilience,” he wrote.

The CSE’s Anderson agreed with Abma. “Cybersecurity” is a broad domain, she said, that includes education, government and corporate policy and human behaviour. Trying to get people to not reuse passwords from one website to another—to practise basic cyber hygiene—is not a math or programming challenge.

Atty Mashatan, an associate professor at Toronto Metropolitan University and director of its Cybersecurity Research Lab, told The Logic in an interview at a job fair that technical skills are important, but so are depth and breadth of knowledge.

“You can talk to any of these employers—what they need, more so, is the person who understands the context of the business, understands risk management, understands business continuity management,” she said.

“Everyone knows that it is only a matter of time before their organization is compromised.” — Kevin Abma, IT director, B.C. School District No. 42


A business graduate “may not know as much computer science programming as computer science people, but they know how to talk to an executive,” she said. “They can be the bridge between that technical side of the house and that executive side of the house. This bridge is [an area in] the cybersecurity sector where the shortage is more pronounced.”

The CSE organizes secondments with the private sector to make sure its staff stay as current as possible on how the business they’re trying to protect works.

The agency also sees public education in cybersecurity as a long-game recruitment tool. When the CSE issues step-by-step instructions on securing a home internet router, it hopes that will lead to better secured home internet routers—but also that the information will pique the interest of a young person.

But developing a cybersecurity workforce that more closely reflects the makeup of the country won’t be easy. The ICTC reported last fall that the cybersecurity workforce is older, whiter and more male than the general population—just 20 per cent of cybersecurity workers in Canada are women, and 25 per cent are Black, Indigenous or otherwise people of colour.

This is partly a perception problem, said Anderson, who credited a female dean with helping keep her in a computer science program: “Sometimes I find … women don’t understand where they can add value in cybersecurity, if they don’t identify as the hacker sitting in the basement in the dark playing video games—which is often how the media portrays cybersecurity professionals.”

But dropout rates among people who have gone as far as enrolling in cybersecurity programs are also out of whack: According to an ICTC survey, whose numbers it included in last fall’s report on the sector, 30 per cent of male respondents dropped out of cybersecurity-related studies but over 50 per cent of female ones did.

“I’m honestly not surprised by that stat,” said Anderson. Many science, math and engineering programs value individual brilliance and on-the-spot performance over asking for help and working in teams to figure things out, she said, and that selects for a certain type of personality.

“In one of my computer science classes, there were three women. We banded together to work through some of the problems because we were looking at it from a slightly different perspective,” Anderson said. In that group, “we also didn’t feel like we’re going to be ridiculed for asking questions when maybe we didn’t fully understand something.”

Anderson does her part now by speaking at high schools and recruitment fairs and teaching girls coding through programs like Hackergal.

The lack of diversity in the field is a problem, Anderson said, and not just because the sector doesn’t have enough bodies. A cybersecurity team without diverse viewpoints, expertise and backgrounds isn’t well equipped to fight off diverse threats against systems serving diverse users. “Cybersecurity is a team sport,” she said.

As important as it is, cybersecurity is often just not talked about.

A 2021 hack brought Newfoundland and Labrador’s health system to its knees and included the theft of personal and health information.

Gift the full article

“We do not publically [sic] disclose information about our security program” was the province’s response to most of The Logic’s questions about how its health system handles the worker shortage.

Toronto’s Hospital for Sick Children suffered a ransomware attack at the end of 2022. A spokesperson acknowledged The Logic’s inquiries but did not answer them.

With files from Jonathan Got

#Communications Security Establishment #cybersecurity #labour

Loading...

Thanks for sharing!

You have shared 5 articles this month and reached the maximum amount of shares available.

Close
This account has reached its share limit.

If you would like to purchase a sharing license please contact The Logic support at [email protected].

Close
Want to share this article?

Upgrade to all-access now

Close
Gift the full article!

You have gifted 0 article(s) this month and have 5 remaining.

Copy link and gift
Copy Link
Email to a friend
Send Email
Gift on Social Media

Recipients will be able to read the full text of the article after submitting their email address. They will not have access to other articles or subscriber benefits.

Photo: CSE | YouTube

Most Popular This Week

A man wearing a dark shirt is pictured against a brick wall. He is looking directly into the camera. with a serious facial expression.
The Big Read

How Sheldon McCormick brought Communitech back from the brink

By Catherine McIntyre
A skyscraper on Bay Street in Toronto, viewed from street level looking up, with a traffic light and street sign in the foreground against a blue sky with clouds.
Analysis

Canada’s AI hiring boom has reached Bay Street’s top executives

By Chaimae Chouiekh
A shot from above of five people clustered around a table, all working on near-identical laptop computers. Their computer bags lie on the floor and some are wearing yellow lanyards.
News

1 in 3 professionals are using unauthorized AI on the job, global survey finds

By Anita Balakrishnan
A head-on shot of James Neufeld seated with others at a round table in a meeting room. Eleanor Olszewski is seated to his left. There's a laptop open in front of Neufeld.
News

For this Alberta tech firm, ‘Buy Canadian’ isn’t working as advertised

By David Reevely

In-depth, agenda-setting reporting

Great journalism delivered straight to your inbox.

Carney and Trump at a photo op in Sharm El-Sheikh, Egypt, against a white backdrop that features a peace-themed logo for the gathering. Carney is leaning toward a scowling Trump and pointing his index finger at the U.S. president.
News

What to expect as the CUSMA review talks finally get underway

By Joanna Smith

Briefing

Alberta to submit West Coast pipeline proposal to the federal Major Projects Office this week

By Meghan Potkins   |   Jun 30, 2026 | 3:58 PM ET

Magnificent Seven lost a combined US$2.2T in market value in June

By Murad Hemmadi   |   Jun 30, 2026 | 3:48 PM ET

Radical Ventures, Gomez, Hinton back Etched to build hardware to run AI

By Murad Hemmadi   |   Jun 30, 2026

Best business newsletter in Canada

Get up to speed in minutes with insights and analysis on the most important stories of the day, every weekday.

Exclusive events

See the bigger picture with reporters and industry experts in subscriber-exclusive events.

Membership in The Logic Council

Membership provides access to our popular Slack channel, participation in subscriber surveys and invitations to exclusive events with our journalists and special guests.

Recent Popular Stories

Analysis

It turns out Trump does need something from Canada—aluminum

By Joanna Smith   |   Jun 25, 2026
A close-up of a made-in-Canada stamp on the end of a cylindrical piece of raw aluminum.
Exclusive

Ssense has laid off photo and make-up teams and says AI will do much of their work

By Catherine McIntyre   |   Jun 22, 2026
News

Alberta to free up a huge amount of power to attract Big Tech and its data centres

By Meghan Potkins   |   Jun 24, 2026
A wide landscape shot of high-tension power lines over green and golden fields in rolling countryside.
News

What makes a nuclear reactor Canadian? Billions of dollars ride on the answer

By David Reevely   |   Jun 23, 2026
A bowl-shaped structure surrounded by concrete barriers. A white sign with a blue Westinghouse logo is suspended across one side of the structure.
News

How a former Russian TV anchor ended up suing Canada’s go-to rocket company

By David Reevely   |   Jun 22, 2026
A shot across an expanse of low forest of a rocket launching into blue skies.
Analysis

Canada’s AI hiring boom has reached Bay Street’s top executives

By Chaimae Chouiekh   |   Jun 23, 2026
A skyscraper on Bay Street in Toronto, viewed from street level looking up, with a traffic light and street sign in the foreground against a blue sky with clouds.

Canada's most influential executives and policymakers are reading The Logic

  • CPP Investments
  • Sun Life Financial
  • C100
  • Amazon
  • Telus
  • Mastercard
  • bdc
  • Shopify
  • Rogers
  • RBC
  • General Motors
  • MaRS
  • Government of Canada
  • Uber
  • Loblaw Companies Limited
logic-logo

Canada's Business and Tech Newsroom

100% human-crafted journalism

Newsroom

  • News Tips
  • AI Policy
  • Editorial Disclosures
  • Story Pitches

Company

  • About Us
  • Terms of Service
  • Privacy Statement
  • Corporate Information

Contact

  • Contact Us
  • Advertise
  • FAQs
  • Work at The Logic

© 2026 The Logic Inc. All Rights Reserved.

Trusted by leaders

Error

Account creation failed.

Please email us at [email protected].

Create Account

[wppb-register form_name=”cozmo-registration-form-for-modal”]

I do have an account
Login
or

[wppb-login]

I don’t have an account