The World’s Largest Nonprofit Association of Certified Cyber Security Professionals, (ISC) 2, estimates that we have an YOY increase of 7,000 cyber security professionals, and currently, four million people worldwide work in cyber security. And yet deficits remain. The workforce gap is widening, including in the Asia-Pacific region, where there are fewer than 1.5 million cybersecurity professionals. In other parts of the world, demand outstrips supply.
What happens when companies can’t find highly qualified cyber security professionals? Increased risk. While many companies are looking to adopt technology to enhance automation and bridge the gap caused by this headcount, problems sometimes remain because finding relevant talent still presents challenges. According to the 2021 (ISC) 2 Cyber Security Workforce study, the lack of cyber security professionals has had significant, real-world consequences for many companies, including:
- Misconfigured Systems (32%)
- Not enough time for proper risk assessment and management (30%)
- Too late to patch critical systems (29%)
- Monitoring of procedures and processes (28%)
- Inability to keep up with active threats against company networks (27%)
- Rushed assignments (27%)
The company is well-protected, fully staffed with cybersecurity professionals who can identify, expose and resolve data breaches and ransomware attacks.
Several factors contribute to the current global shortage, but solutions exist for people interested in entering the field to develop their skills and increase their rental potential.
Closing the Cyber Security Workforce Gap
Organizations have multiple opportunities to close the cybersecurity gap by reducing the time it takes to fill new cybersecurity positions. For example, the ISACA State of Cyber Security 2021 report states that 16% of respondents take six or more months to fill a position. The average 50% of hiring managers surveyed said they do not believe the applicant is well-qualified.
See: Mobile Device Security Policy (Tech Republic Premium)
Human skill development is an essential part of these roles. Employers expect their employees to train soft skills, including well-developed communication, sharing, knowledge transfer and problem-solving skills. Candidates also need good interpersonal skills, adaptability, flexibility and compassion. As we have seen over the past two years, each of these proficiencies is critical to building relationships among companies, teams and other internal and external stakeholders.
ISACA reported in its Cyber Security 2022, Global Update on Workforce Effects, Resources and Cyber Operations that 60% of respondents indicated the challenge of retaining cyber security professionals – up from 53% in 2021. These professionals are leaving for a variety of reasons:
- 59% are hired by other companies.
- 48% receive poor financial incentives through salary or bonus (or both).
- 47% see limited opportunities for professional development or promotion.
- 45% experience high levels of work-related stress.
- 34% indicated lack of management support.
But these statistics do not, in general, discount the finding that cybersecurity employees are satisfied – and engaged – with their jobs. The (ISC) 2 report found that, for example, 77% of respondents reported being “satisfied” or “extremely satisfied” with their jobs. The challenge remains for organizations to acknowledge the value of these employees and to provide appropriate compensation, professional growth opportunities and adequate support.
Training, skills and resilience cyber security pros
These are the key technical skills that cybersecurity professionals can have today, including cloud security, data analysis and programming. But cybersecurity professionals gradually develop proficiency – and filling 30 credit hours of cybersecurity classes in 12 months or paying $ 20K for certification from a local community college is not always practical.
Higher education institutions are working on adding certifications to address the knowledge gap. However, employers want to see the experience, not just the right combination of courses and certificates. Certifications are great for building a resume and getting a foot in the door. But given the fast-changing security landscape, boot camps, apprenticeships and real-life work experience are no substitute.
It takes time to build capacity and develop deep knowledge. While companies and colleges have taken steps to provide opportunities to enhance and deepen knowledge, cyber security professionals must play an active role in their development. To get started, they can:
- Think about the depth and breadth of their experiences and expertise through education and past work experience.
- Identify where they have impacted based on past competencies to implement.
- Reflect on their motivations and comfort level based on current experience and contributions.
- Identify other opportunities to add more value through additional training.
Cybersecurity employees who willingly accept opportunities to expand, learn and acquire new skills are vital to the security and security of all organizations. Organizations can take initiatives to enhance their resilience and skills to their existing cyber security workforce.
For example, although it can be challenging to find and hire full-time industry experts, companies can partner with experts on a contract basis to train their current cybersecurity employees. These experts bring a deep knowledge and understanding of the entire security ecosystem, know its weaknesses and strengths, and predict future trends. This reservoir of knowledge reveals that they design and deliver the type of cyber security training modules.
Internal cyber security training can range from refresher courses to new information. These training may include in-classroom lectures, guest speakers and hands-on job training, where participants are guided by experienced employees to identify and mitigate real security threats.
Another way to partner with higher education institutions and benefit all parties is to develop internship programs. Internships allow organizations to develop and nurture relationships with top students and recent graduates. Well-designed internships include comprehensive training, learning and mentoring visually towards long-term careers and future professional growth.
It is rare that a day or week passes without some reputable organization hosting cyber security webinars and online events. Organizations should encourage employees to attend these events when relevant.
Continuous change requires continuous learning
Unlike some other industries, cyber security requires a commitment to continuous learning. The technical skills you got today may not help you stay one year from now. Trends change. Technology is evolving. Cybercriminals find new ways to infiltrate past secure systems. Cybersecurity professionals must move on.
How we work remains dynamic. Most of us work in remote or hybrid environments – methods that require extra security as employees use corporate and home networks. As more companies embrace digitization, new security vulnerabilities continue to emerge. Cloud solutions continue to grow, with 94% of enterprises relying on the cloud, including 69% using hybrid cloud solutions, 91% using public cloud and 72% using private.
The cyber security sector needs more – not less – professionals. Closing the gap requires a multi-pronged approach, from enhancing training to current employers to promoting career paths in companies and encouraging colleges, universities and business schools to add certification programs and internships. In the meantime, reduce manual, repetitive workloads with highly automated solutions and integrate easily to maximize the teams you already have.
Series Entrepreneur and Global Executive, Valimale CEO Alexander Garcia-Tober is the CEO of two previous companies and runs global sales teams for three companies that went to IPO. He has held analyst and executive positions at leading research companies, The Boston Consulting Group and Forrester Research, as well as Silicon Valley startups such as Valisert, Sigate and SyncTV.