The Cybersecurity Skills Gap Is Not Just A Numbers Game

Uploaded on 2024-01-15 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

The cybersecurity skills gap has created an urgency, with governments globally looking to boost the workforce by attracting new entrants not just out of university but from all walks of life.

In the US, the White House unveiled its National Cyber Workforce and Education Strategy (NCWES) in July aimed at making it easier for citizens to enrol and qualify for a career in cyber security while in the UK the National Cyber Strategy sets out goals under Pillar 1, Objective 2 with training initiatives and recruitment from underrepresented groups.

It's clear to see why recruitment in the sector has become a national priority. The latest ISC2 Cybersecurity Workforce Study reveals that globally the workforce has increased 9% over the past year but the gap is growing faster, at 13% with 4 million vacancies, and that means that year-on-year we can expect it to become harder to fill those gaps.

But, crucially, it’s not just a shortage of workers that is causing the problem but a skills gap which means a mass recruitment drive is unlikely to provide an effective solution.

There’s a big difference between the two, with 67% reporting a workforce shortage versus 97% a skills gap, and the latter is much more critical. Over half of those questioned in the ISC2 survey (58%) said they could mitigate workforce shortages if they had sufficient skills across the rest of the team. This is no doubt due to the fact that automation is helping to ease workloads whereas there is substitution for skills, with those in short supply including cloud computing security (35%), artificial intelligence and machine learning (32%) and Zero Trust (29%). 

Experience Over Aptitude

It's this need for specific experience that is seeing the gap widen. The government’s Cyber security skills in the UK labour market 2023 found a third of jobs require a minimum of two to three years’ experience and 28% between four to six years’. Experience is rated above all else by prospective employers, according to the ISC2 report, effectively holding those vacancies open for longer. Plus hiring practices are proving hard to change, with only 51% changing their recruitment criteria to hire from non-security backgrounds.

Fundamentally, we have to focus training on those core skill areas that are the most in demand.

Organisations need to look to offer new recruits external professional development or the opportunity to study third-party certifications in these areas. Yet we’re seeing less not more training, with cost cutting measures seeing staff denied opportunities or being expected to meet the cost themselves. 

The ISACA State of Cybersecurity 2023 report reveals a drop of four percentage points to 28% with respect to employers reimbursing university tuition fees as well as a marginal drop in those paying certification fees. But even more stark is the contrast between those paying the initial fees (65%) versus those paying for the maintenance or renewal of those certifications (55%), which means cybersecurity professionals are consistently expected to pick up the tab on maintaining their qualifications at a time when the cost of living is rising.

Short Term Gains, Long Term Losses

Cutbacks are also exacerbating the skills gap. Those organisations that had laid off staff, for instance, were much more likely to be impacted by a significant skills gap in one or more areas, with 51% found to be in this position compared to 39% who did not lay off staff. In fact, reducing headcount was found to have a more detrimental effect on the skills gap than workforce shortages, perhaps due to morale and confidence in the business to support staff. 

This brings us on to the second biggest driver of the skills gap after sourcing people with the necessary skills: retaining talent.

Low wages, lack of promotion opportunities, and poor job development can all lead to higher attrition rates, making it much harder to keep hold of valuable staff. At organisations that did not offer a competitive salary, for instance, 58% of cybersecurity workers said there were skills gaps compared to 38% of those working at organisations where wages were competitive. 

What these figures all reveal is that solving the skills crisis is not just a numbers game. Attracting more recruits is all well and good but those doing the hiring also need to change their mindset and be more open to recruiting based on potential, not just experience, and from non-security backgrounds.

Training has to be focused on core skillsets which can add value rather than generic disciplines so that the security team can be lean but effective.

And investment in people needs to be sustained to help keep those skillsets relevant, reassure staff that their development is important to the organisation to encourage them to stay, and to avoid saddling staff with their own development costs which could harm the sector as a whole.

Jamal Elmellas is COO of Focus-on-Security

Image: Windows

You Might Also Read: 

Bridging The Cybersecurity Skills Gap With Efficiency:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Might AI Influence Big Elections In 2024?
Enormous Leak - Brazil’s Population Data Exposed »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Mimecast

Mimecast

Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365 including archiving, continuity and security.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

S21sec

S21sec

S21Sec, Cyber Solutions by Thales, is a leading European cybersecurity pure player, with security experts in Spain and Portugal and an Iberian SOC.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Inception Cyber

Inception Cyber

Inception Cyber, the inventors of intent-based security, is leading the next generation of threat prevention for an increasingly AI-driven world.

InstaSecure

InstaSecure

InstaSecure’s Preventive Cloud Controls accelerate alert remediation and strengthen cloud configurations. Set your controls once and prevent current and future risks.