It’s an excellent time to be a cybersecurity professional: Job postings in the field have gone up 74% over the past five years, with a Cisco report estimating that there are currently 1 million unfilled positions worldwide. US News and World Report ranked a career in information security analysis fifth on its list of best technology jobs, with high starting salaries.

As cyber threats continue to grow in number and sophistication, the need to hire an information security professional poses a challenge for many tech leaders, who are under pressure to find skilled staff members amid this shortage and stagnant budgets.

When asked, “Has your company experienced trouble finding a cybersecurity expert in the past year?,” four IT leaders said yes, while eight said no.

Muhammad Azfar Latif, head of the IT product management division at United Bank Limited, said his company has had “a lot of trouble.”

“The senior-level experts who really know what their role is and how they can be helpful in growing business are really scarce,” Azfar Latif said. “The majority are the ones who were information systems auditors and now are becoming the security experts, doing one or two certifications and reading books without any practical knowledge and know-how. This is becoming another challenge, as cybersecurity is now becoming a road block for business as usual.”

SEE: Top 10 companies hiring cybersecurity professionals

Simon Johns, IT director for Sheppard Robson Architects LLP, said he had also experienced difficulties hiring cybersecurity professionals. “We have to outsource our niche requirements such as this due to cost of procuring in house, and difficulty of finding good quality staff,” Johns said.

And Alan Stukalsky, CIO of Randstad Technologies, said allocating the proper compensation and finding the right fit has posed a hiring challenge for his company.

Some tech leaders are reassessing their current staff to fill cyber shortages. Dustin Bolander, CIO of Technology Pointe, said his company has not had trouble because “we’ve been training people up internally.”

Indeed, with the shortage of trained cybersecurity professionals, it’s becoming increasingly common for people–especially women–to enter the field from other positions within an organization. These employees form a group of “accidental” cyber professionals who are filling the need for cyber professionals and offering a different view on security threats.

“We aren’t so much adjusting to find specific cybersecurity staff, but roles are definitely shifting so that all IT workers are security aware,” said Dan Gallivan, director of information technology at Payette. “We are also shifting towards re-evaluating tools for enhanced security monitoring and alerting to raise the overall IT level of security consciousness. We find that the exposure keeps growing with the number of IoT, mobile devices and cloud applications that security is constantly in need of being reviewed.”

Two-thirds of tech leaders said they think the level of internet security threats has increased in the last year, driven by ransomware, according to another recent CIO Jury poll.

This month’s CIO Jury was:

  • Simon Johns, IT director, Sheppard Robson Architects LLP
  • Dan Gallivan, director of information Technology, Payette
  • David Wilson, director of IT services, VectorCSP
  • Dale Huhtala, executive director of infrastructure operations, Service Alberta
  • Dustin Bolander, CIO, Technology Pointe
  • Gene Richardson, COO, Experts Exchange
  • Muhammad Azfar Latif, head of IT, product management division, United Bank Limited
  • David Wilson, director of IT services, VectorCSP
  • Arkadiusz Olchawa, IT director and CIO, Itaka
  • Alan Stukalsky, CIO, Randstad Technologies
  • Martin Mc Cormack, head of operations, Royal College of Physicians of Ireland
  • Shane Milam, executive director of technology infrastructure services, Mercer University

Want to be part of TechRepublic’s CIO Jury and have your say on the top issues for IT decision makers? If you are a CIO, CTO, IT director, or equivalent at a large or small company, working in the private sector or in government, and you want to join TechRepublic’s CIO Jury pool, click the Contact link below or email alison dot denisco at cbsinteractive dot com, and send your name, title, company, location, and email address.