The world’s largest non-profit association of certified cybersecurity professionals, (ISC) 2 estimates we have grown by 7,000 cybersecurity professionals over the same period last year and today, more than four million people working in the field of cybersecurity around the world. And the shortage remains. The workforce gap is widening everywhere, including the Asia-Pacific region, where there is a shortage of nearly 1.5 million cybersecurity professionals, having the lowest talent gap. Elsewhere in the world, demand outstrips supply.
What happens when companies can’t find highly qualified cybersecurity experts? Increased risk. While many companies seek to adopt technology to increase automation and fill the gaps caused by this shortage, problems sometimes remain with finding the right talent. there are still many challenges. Follow 2021 (ISC) 2 Cybersecurity Workforce StudyThe shortage of cybersecurity professionals has had significant real-world consequences for many companies, including problems with:
- System misconfigured (32%)
- Insufficient time for proper risk assessment and management (30%)
- Too much lag time to patch critical systems (29%)
- Good understanding of procedures and processes (28%)
- Inability to stay up to date on active threats against corporate networks (27%)
- Urgent deployment (27%)
A fully staffed company with cybersecurity experts who can identify, detect, and resolve data breaches and ransomware attacks is better protected.
Several factors contribute to the current global shortage, but solutions exist for those interested in the field to develop their skills and increase their employability.
Closing the cybersecurity workforce gap
Organizations have many opportunities to close the cybersecurity gap, starting with reducing the time it takes to fill new cybersecurity positions. For example, ISACA State of Cybersecurity 2021 The report shows that 16% of respondents say it takes six months or more to fill a position. An average of 50% of hiring managers surveyed also said they don’t trust qualified candidates.
Developing people skills has become an essential part of these roles. Employers expect their employees to provide soft skills, including well-developed communication, knowledge sharing, and problem-solving skills. Candidates also need to have good communication skills, adaptability, flexibility and empathy. As we’ve seen over the past two years, each of these accomplishments is critical to short- and long-term success, building relationships within the company, the team, and internal and external stakeholders. other than.
ISACA reported in State of Cybersecurity 2022, Global Updates on Workforce Efforts, Resources, and Cyber Activity that 60% of respondents indicated a challenge with retaining cybersecurity professionals – up from 53% in 2021. These professionals leave for a variety of reasons:
- 59% are employed by other companies.
- 48% receive poor financial incentives through salary or bonuses (or both).
- 47% perceive opportunities for career growth or advancement as limited.
- 45% experience high levels of work-related stress.
- 34% indicated lack of management support.
But even these statistics don’t detract from the finding that, in general, cybersecurity officers are satisfied – and engaged – with their jobs. For example, the (ISC) 2 report found that 77% of respondents said they were “satisfied” or “extremely satisfied” with their work. Challenges remain for organizations in recognizing the value of these employees and providing appropriate compensation, career development opportunities and adequate support.
Training, improving skills and improving professional skills in cybersecurity
The most important technical skills a cybersecurity professional can have today include cloud security, data analysis, and programming. But cybersecurity professionals slowly grow into proficiency — and cramming 30 credit hours of cybersecurity classes into 12 months or paying $20K for a certificate from a local community college isn’t always realistic.
Higher education institutions have been working to add certifications to address the knowledge gap. However, employers want to see experience, not just the right combination of courses and certifications. Certifications are great for resume building and getting your foot in the door. But with the rapidly changing security landscape, there is no substitute for training camps, apprenticeships and real work experience.
It takes time to increase capacity and develop in-depth knowledge. While companies and colleges have taken steps to create opportunities to upskill and deepen knowledge, cybersecurity professionals must play an active role in their development. For starters, they can:
- Think about the depth and breadth of their experience and expertise gained through education and previous work experience.
- Identify where they have made an impact based on past performance.
- Reflect on their motivation and comfort level based on current experience and contributions.
- Identify other opportunities to add value through additional training.
Cybersecurity officers are ready to embrace opportunities to expand, learn, and acquire new skills that are essential for the current and future safety and security of all organizations. Organizations can also proactively retrain and upskill their existing cybersecurity workforce.
For example, even if finding – and hiring – a full-time industry expert is a challenge, companies can partner with an expert on a contract basis, as needed to help train employees. their current cybersecurity officer. These experts bring in-depth knowledge and understanding of the entire security ecosystem, know its weaknesses and strengths, and can predict future trends. This knowledgebase provides information on the type of cybersecurity training modules they design and deliver.
Internal training in cybersecurity can range from refresher courses to breaking news. These trainings may include classroom lectures, guest speakers, and hands-on, on-site training in which experienced staff members provide guidance as participants identify and mitigate problems Realistic security threats.
Another approach, involving cooperation with higher education institutions and mutually beneficial, is to develop internship programmes. Internships allow organizations to cultivate and nurture relationships with senior students and recent graduates. Well-designed internships include comprehensive hands-on training, learning and mentoring towards a long-term career and future career development.
It’s rare that a day or a week goes by without a reputable organization hosting webinars and online events about cybersecurity. Organizations should encourage employees to attend these events where relevant.
Continuous change requires continuous learning
Unlike some other industries, cybersecurity requires a commitment to continuous learning. The technical skills that got you the job today may not keep you there a year from now. Trends change. Technology development. Cybercriminals find new ways to break into previously secured systems. Cybersecurity professionals need to keep up.
The way we work remains dynamic. Many of us work remotely or in hybrid environments – approaches that require additional security when employees use corporate and home networks. As more and more companies embrace digitization, new security holes will continue to emerge. Cloud solutions continue to evolve, with 94% of businesses rely on the cloudincluding 69% using a hybrid cloud solution, 91% using a public cloud and 72% using a private solution.
The cybersecurity field needs more – not less – experts. Closing the gap requires a multi-pronged approach, from increasing training for existing employees to promoting career paths within companies and encouraging colleges, universities, and trade schools to include including certification and internship programs. In the meantime, reduce manual, repetitive workloads with highly automated and easily integrated solutions to maximize the teams you already have.
As a serial entrepreneur and global CEO, Valimail CEO Alexander García-Tobar has served as CEO at two companies before and has run global sales teams for three. has IPO. He has held executive and analyst positions at leading research firms such as The Boston Consulting Group and Forrester Research along with Silicon Valley startups such as ValiCert, Sygate and SyncTV.