How to Overcome the Great Security Skills Shortage
One of the biggest challenges facing cybersecurity leaders today is finding and retaining experienced and talented professionals for their teams. The skills gap, fueled by the simple fact that demand continues to outpace supply, has been an issue for years and shows no signs of going away any time soon.
Research shows that the skills shortage is real and is having a broad impact. A 2021 report by the Information Systems Security Association and industry research firm Enterprise Strategy Group noted that the cybersecurity skills crisis was continuing on a downward, multi-year trend of bad to worse. The report, which was based on a survey of 489 cybersecurity professionals worldwide, found that the security talent shortage had affected more than half of the organizations queried.
The top impacts of the skills gap included a growing workload for cybersecurity teams, unfilled open job openings, and a high rate of burnout among security staffers, according to the report. A large majority of the organizations surveyed (95%) said the security skills shortage and associated effects had not improved over the previous few years, and 44% indicated that it had gotten worse.
Another report, the 2021 (ISC)2 Cybersecurity Workforce Study by the International Information System Security Certification Consortium (ISC)², a non-profit organization that specializes in training and certifications for cybersecurity professionals, showed that the global cybersecurity workforce needs to grow by 65% to effectively defend organizations’ critical assets.
Building the talent pool
So, what can cybersecurity leaders and teams do to acquire the skills they need? One possibility is to train current technology employees in cybersecurity disciplines, either internally or externally through local colleges and universities or certification programs. Participants in the (ISC)2 study placed by far the greatest emphasis on developing and retaining existing staff, with 42% of respondents citing that as having the greatest effect on shrinking the cybersecurity workforce gap.
Another important strategy is to encourage non-technology people to consider career switches and become cybersecurity professionals. Or you can tap into the growing pool of security workers coming from other fields. Given the demand for these skills and the attractive pay that typically goes with them, these career moves might be of interest to people who were involved in completely different types of work.
Clearly, there is a trend toward people moving into security careers. The (ISC)2 study noted that pathways to cybersecurity are changing: While an IT background remains the single most common route taken toward security, that is giving way to a variety of entry points. Slightly more than half of cybersecurity professionals got their start outside of IT, with 17% transitioning from unrelated career fields, 15% gaining access through cybersecurity education, and 15% exploring cybersecurity concepts on their own.
People interested in cybersecurity roles should not need to rely on a lengthy checklist of technical skills, degrees and certifications, the study said. Instead, the security profession should active look for other valuable, non-technical talents that new entrants can bring to the table.
This added dimension of recruiting has the potential to significantly expand the talent pool for cybersecurity and increase the diversity of potential job candidates, the report said.
Widening the search
Another potential source of cybersecurity talent is former members of the military. These individuals in many cases have strong technical, operational, and security backgrounds and can fit nicely into cybersecurity programs.
Organizations might find they have more success attracting security professionals if they make the workplace more appealing. That includes offering various models such as hybrid or remote work, offering in-house or outside learning programs, and giving people the opportunity to work on innovative, challenging projects.
Finding and retaining the necessary cybersecurity skills is difficult, especially since so many organizations are going after many of the same skills. But that doesn’t mean it is impossible. And with many organizations undergoing digital transformations, having sufficient security expertise is vital.Even if organizations can attract top security talent to their employee bases, they’ll need to ensure they’ve got the right tools in place to empower security practitioners to threat hunt with real-time endpoint data from a single pane of glass. Learn how Tanium can help.