The Cybersecurity Skills Gap Is Not Just A Numbers Game

Uploaded on 2024-01-15 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The cybersecurity skills gap has created an urgency, with governments globally looking to boost the workforce by attracting new entrants not just out of university but from all walks of life.

In the US, the White House unveiled its National Cyber Workforce and Education Strategy (NCWES) in July aimed at making it easier for citizens to enrol and qualify for a career in cyber security while in the UK the National Cyber Strategy sets out goals under Pillar 1, Objective 2 with training initiatives and recruitment from underrepresented groups.

It's clear to see why recruitment in the sector has become a national priority. The latest ISC2 Cybersecurity Workforce Study reveals that globally the workforce has increased 9% over the past year but the gap is growing faster, at 13% with 4 million vacancies, and that means that year-on-year we can expect it to become harder to fill those gaps.

But, crucially, it’s not just a shortage of workers that is causing the problem but a skills gap which means a mass recruitment drive is unlikely to provide an effective solution.

There’s a big difference between the two, with 67% reporting a workforce shortage versus 97% a skills gap, and the latter is much more critical. Over half of those questioned in the ISC2 survey (58%) said they could mitigate workforce shortages if they had sufficient skills across the rest of the team. This is no doubt due to the fact that automation is helping to ease workloads whereas there is substitution for skills, with those in short supply including cloud computing security (35%), artificial intelligence and machine learning (32%) and Zero Trust (29%). 

Experience Over Aptitude

It's this need for specific experience that is seeing the gap widen. The government’s Cyber security skills in the UK labour market 2023 found a third of jobs require a minimum of two to three years’ experience and 28% between four to six years’. Experience is rated above all else by prospective employers, according to the ISC2 report, effectively holding those vacancies open for longer. Plus hiring practices are proving hard to change, with only 51% changing their recruitment criteria to hire from non-security backgrounds.

Fundamentally, we have to focus training on those core skill areas that are the most in demand.

Organisations need to look to offer new recruits external professional development or the opportunity to study third-party certifications in these areas. Yet we’re seeing less not more training, with cost cutting measures seeing staff denied opportunities or being expected to meet the cost themselves. 

The ISACA State of Cybersecurity 2023 report reveals a drop of four percentage points to 28% with respect to employers reimbursing university tuition fees as well as a marginal drop in those paying certification fees. But even more stark is the contrast between those paying the initial fees (65%) versus those paying for the maintenance or renewal of those certifications (55%), which means cybersecurity professionals are consistently expected to pick up the tab on maintaining their qualifications at a time when the cost of living is rising.

Short Term Gains, Long Term Losses

Cutbacks are also exacerbating the skills gap. Those organisations that had laid off staff, for instance, were much more likely to be impacted by a significant skills gap in one or more areas, with 51% found to be in this position compared to 39% who did not lay off staff. In fact, reducing headcount was found to have a more detrimental effect on the skills gap than workforce shortages, perhaps due to morale and confidence in the business to support staff. 

This brings us on to the second biggest driver of the skills gap after sourcing people with the necessary skills: retaining talent.

Low wages, lack of promotion opportunities, and poor job development can all lead to higher attrition rates, making it much harder to keep hold of valuable staff. At organisations that did not offer a competitive salary, for instance, 58% of cybersecurity workers said there were skills gaps compared to 38% of those working at organisations where wages were competitive. 

What these figures all reveal is that solving the skills crisis is not just a numbers game. Attracting more recruits is all well and good but those doing the hiring also need to change their mindset and be more open to recruiting based on potential, not just experience, and from non-security backgrounds.

Training has to be focused on core skillsets which can add value rather than generic disciplines so that the security team can be lean but effective.

And investment in people needs to be sustained to help keep those skillsets relevant, reassure staff that their development is important to the organisation to encourage them to stay, and to avoid saddling staff with their own development costs which could harm the sector as a whole.

Jamal Elmellas is COO of Focus-on-Security

Image: Windows

You Might Also Read: 

Bridging The Cybersecurity Skills Gap With Efficiency:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Might AI Influence Big Elections In 2024?
Enormous Leak - Brazil’s Population Data Exposed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

Gurucul

Gurucul

Gurucul predictive security analytics protects against insider threats, account compromise and data exfiltration on-premises and in the cloud.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Gutsy

Gutsy

Gutsy uses process mining to help organizations visualize and analyze their complex security processes to understand how they actually run, based on observable event data.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.