Cybersecurity Has A Serious Talent Shortage

It’s a refrain we have been hearing for the past 18 months from clients all over the world: “We need more skilled people for our security team.”

A report from Frost & Sullivan found that the global cybersecurity workforce will have more than 1.5 million unfilled positions by 2020. But the security industry is a fast-growing market, with IDC pegging it as becoming a $101 billion opportunity by 2020. So what’s causing the talent shortage?

One of the big reasons is that security businesses tend to look for people with traditional technology credentials, college degrees in tech fields, for example.

But security is truly everyone’s problem; virtually every aspect of personal and professional data is at risk. So why are we limiting security positions to people with four-year degrees in computer science, when we desperately need varied skills across so many different industries?

Businesses should open themselves up to applicants whose nontraditional backgrounds mean they could bring new ideas to the position and the challenge of improving cybersecurity.

Other burgeoning industries have been in similar positions throughout history. In 1951 the US accounting industry was poised for growth but was predominantly male, with only 500 female certified public accountants in the country.

After recognising the problem, leaders across the accounting field teamed with industry associations and academic institutions to solve the issue through awareness campaigns and hiring initiatives.

Today there are over 800,000 female CPAs in the US Security businesses need to follow this example, taking a hard look at themselves to see what’s holding them back.

There are no signs that the bad guys are limiting their talent pool, and cyber-crime is now a $445 billion business. The average company handles a bombardment of 200,000 security events per day. Cyber-criminals are becoming increasingly more organised and aggressive, while the teams defending against these attacks are struggling to fill their ranks.

One way IBM is addressing the talent shortage is by creating “new collar” jobs, particularly in cyber-security. These roles prioritise skills, knowledge, and willingness to learn over degrees and the career fields that gave people their initial work experience.

Some characteristics of a successful cyber-security professional simply can’t be taught in a classroom: unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks. People with these traits can quickly pick up the technical skills through on-the-job training, industry certifications, community college courses, and modern vocational and skills education programs.

Organisations can use a similar approach by establishing apprenticeship opportunities, emphasising certification programs, exploring new education models, supporting programs at community colleges or polytechnic schools, and looking for talent in new places.

Some of our recent additions to the security team came from unexpected career fields such as retail, education, entertainment, and law. The two things they all had in common? They were curious about security and motivated to learn the skills.

Of course, cutting-edge technology is going to be at the center of these new collar jobs. Artificial intelligence, for example, is being used in the workplace in a wide range of ways, and in cyber-security it is already creating opportunities for new collar positions.

AI not only provides a way to help overcome the skills shortage, but is also an important step forward in the way employees will work and companies will defend themselves.

Companies that are interested in using a new collar approach to fill security positions should consider the following:

•    Re-examine your workforce strategy: Do you know what skills you need today and tomorrow to run a successful security program? Realise that skills and experience can come from a variety of places, and adjust your hiring efforts accordingly.

•    Improve your engagement and outreach: Don’t limit yourself to the same old career fairs and recruiting programs of yesteryear. Get involved in community colleges, P-TECH schools, and other educational programs to start building your recruiting base.

•    Build a local cyber-security ecosystem: Connect with government organisations, educational institutions, and other groups. Sponsor Capture the Flag security events, and work with local middle and high schools to generate interest in the field. These groups are always looking for willing experts and mentors.

•    Have a robust support program for new hires: Mentorships, rotational assignments, shadowing, and other opportunities help new cyber-security hires gain experience and learn. Remember, not everyone knows what they want to do right away. Keep new hires engaged by giving them the creative freedom to work on different projects and explore new technologies and services.

•    Focus on continuous learning and upskilling: To retain your new talent, keep employees current on the latest skill sets through classes, certifications, and conferences. Cyber-security is a highly dynamic field, requiring ongoing education and exploration. And be open to employees from other areas of your business who express interest in cybersecurity career paths.

Remember that AI provides employees with more intelligence and contextual recommendations at a speed and scale previously unimagined, so upskilling your workforce is a completely different ballgame these days.

Cyber-security is a complex career field with extraordinarily challenging problems, but with a diverse pool of experiences and ideas, we stand a much greater chance of successfully defending our assets.

Harvard Business Review:

You Migh Also Read:

How AI Will Solve The Skills Shortage:

Are Employees Your Weakest Link When It Comes To Security?:

Cyber Skills Gap Grows Along With Threats:

 

 

« EU Nations Expand Their Cyber Defences
The Difference Between Cyberspace & The Internet »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.