At the RSA Conference, Jobs Still Key to The Cybersecurity Crisis
This week at the RSA Security conference in San Francisco, an estimated 20,000 professionals came to survey the cybersecurity landscape. The irony is that more professionals are needed to plug the gaps in the cybersecurity labor crisis.
As attack vectors, threats, and data infiltration hit new highs, the cybersecurity industry is struggling with an ongoing job crisis, lacking skilled workers to fill vacancies – with an estimated 2.7 million jobs unfilled, according to the (ISC)² Cybersecurity Workforce Study.
With some 400 vendors also attending RSA this week, touting their latest cybersecurity wares ranging from firewalls and Secure Access Service Edge (SASE) to extended detection and response (XDR), the question might not be about what technology to use – but how to staff it?
Trellix, an XDR company conducted new research into the cybersecurity talent shortage. Among the key findings, 85% of those surveyed believe the workforce shortage is impacting their organizations’ abilities to secure increasingly complex information systems and networks. Of the current workforce, 30% plan to change professions in the future.
Jobs and Automation are the Key
The lack of a sufficient number of cybersecurity professionals looms large as the industry struggles to battle ever-increasing threats. This is due to a variety of issues, including a wider range of connected devices and applications, the expansion of cloud services, and the ramping up of digital hostilities with wars and state-sponsored cyber-terror.
“You have trends in hybrid work, digital transformation, and the move to the cloud,” Jesper Trolle, CEO of software distributor Exclusive Networks, told me in an interview this week. “These three things together are massively increasing the attack vectors. The perpetrators have more access to tools.”
Trolle is part of a partnership with NightDragon, an investment and advisory firm focused on the cybersecurity, safety, security, and privacy industries. They have helped back NextGen Cyber Talent, a nonprofit organization dedicated to increasing diversity and inclusion in the cybersecurity industry, to fund education initiatives for cybersecurity training. They are raising $1 million to help fund one year of community college courses.
Experts say that in the United States, at least, education systems are not set to train professionals for the cybersecurity industry. Herein lies a huge opportunity — especially for underserved populations in technology such as minorities and women.
Dave DeWalt, Founder & Managing Director of NightDragon and a cybersecurity industry veteran, says that the jobs crisis is a key element of the cybersecurity industry’s challenge.
“What has happened is you have had a permanent cyber talent storm. We have seen an incredible shortage of talent for the market we have to serve. Only the top companies can afford the talent. That leaves an iceberg like effect where most of the companies can’t hire cyber talent. “
According to the Trellix survey, 94% of respondents said their companies could be doing more to encourage community mentoring programs.
CISOs Speak up on the Challenge
Other participants in the NextGen Cyber Talent program pointed to this need as the industry fights an ongoing talent and job crisis.
“There are an estimated 2.7 million unfilled cybersecurity positions,” said Krishnan Chellakarai, Founder and Co-Chairman of NextGen Cyber Talent and CISO of Gilead Sciences, in a statement. “These vacancies create a significant challenge as security teams everywhere struggle to hire talent to monitor and remediate cyberattacks, as well as develop new technology to combat today’s latest threats.”
Other industry experts say that many organizations are suffering from a burned staff out staff that is struggling to keep up in understaffed environments.
“As the impact of the pandemic on security teams gradually fades, our 2022 Voice of the CISO report uncovered a pressing issue,” said Lucia Milica, CISO, Proofpoint, in a an email to Futuriom. “As workers leave their jobs or opt out of returning to the workforce, security teams are now managing a host of challenges in stopping data loss and insider threats, said Milica. “This, coupled with the pressing need for talent to create and develop products and solutions that enable companies to stay ahead of cyber-criminals compounds risk, as demand far outpaces the available workforce.”
Milica says that the programs such as NextGen Cyber Talent are on the right track, giving people the opportunity to find well-paid jobs in the industry.
The bottom line is that as cybersecurity software and automation proliferate, we still need more humans to guide strategy and implementation. Until the industry finds a way to plug the cybersecurity job crisis, most organizations will struggle to combat the ongoing rise in cyberthreats.