Closing the Cybersecurity Talent Gap
October 20, 2018 | Cyber Security
According to Harvard Business Review, by 2020, about 1.5 million positions will remain vacant in the cybersecurity industry.
In the growing digital world, this shortage of cybersecurity experts will have grave consequences not only for businesses, but the entire socio-economic landscape.
On one end, security engineers are hard to find, and even if available, seek higher remunerations. On the other end, cybercriminals have nothing to lose, and are carrying on with ramping up attacks; utilizing increasingly sophisticated tools and methods. What is making their task easier is the fact that cybersecurity department in most enterprises is under-staffed and can do little to detect, prevent, and respond to cyberattacks. At some point of time in the future, these enterprises will suffer such a devastating data breach that it will take years to recover.
The ESG report states that the shortage of cybersecurity skills has gone up from 45% in 2017 to 51% in 2018. In the same report, 63% cybersecurity professionals admitted to feeling that they are not receiving adequate training from their employers.
What is the Reason of this crisis?
Digital transformation has propagated the utilization of web and cloud applications and services extensively. Also emerging technologies like Internet of Things (IoT), Blockchain, Big Data, etc have come into the picture. The demand for professional expertise in these technologies is at an all-time high, and IT companies are finding it difficult to close their positions satisfactorily. In such a scenario, the inclination amongst individuals towards an esoteric discipline like cybersecurity is low.
The cybersecurity field as a whole is relatively in its youth, and is constantly growing and evolving. Academic institutions either do not have cybersecurity in their course curriculums, or what is being taught there has already become obsolete and is no more relevant. Latest threats and lack of industry experience makes fresh graduates ineffective for this industry.
In a study conducted by Global Information Security Workforce (GISW), out of 20,000 respondents, two-thirds lacked the minimum number of cybersecurity professionals required for the current threat scenario.
Technology training to the rescue
There are three aspects imperative for any technical professional – communication skills, analytical skills, and technical skills. The two former skills must be the priority of every hiring manager. Technical skills can be acquired with time and experience.
According to the 2017 GISW study, about 33% cybersecurity executives came into the industry from a non-technical background.
This means, three out of every ten cybersecurity professional had been absorbed from non-IT careers.
Technology training, therefore, plays a vital role here. Enterprises seeking cybersecurity professionals must understand the fact that a motivated, smart, and dedicated team player will easily acquire the technical expertise through individual online training or corporate training thus transforming him into an excellent fit for the organization. With effective technology training, companies will be able to broaden their range of potential candidates who will bridge the gap plaguing cybersecurity industry.
An alternative solution with emerging technologies
It is a natural human tendency to find alternative solutions wherever they can be found. Many organizations have found an alternative in emerging technologies like Machine Learning and AI, and Big Data to close the talent gap in cybersecurity. A Machine Learning-based security system would be able to handle tremendously large security events compared to humans. But the alerts that it will produce will, nevertheless, require human investigation and analysis to conclude their validity. Thus, we come to the same point of glitch again but this time with some significant light through the tunnel.
Blending Technology Training with Other Emerging Technologies
When one person is expected to do the work of five, four persons’ work must be carried out by the machines.
But that ‘one’ person must be incredibly talented to guide themselves, along with channeling the AI-based machine effectively. Cybersecurity training blended with other emerging technologies can be the perfect answer to the question of widening skills gap. Organizations must be outcome-focused and take a holistic approach to deal with people, processes, and technology. Rather than simply adding more resources, getting the best out of the existing security resources through corporate training will help companies to build a robust security system to combat disastrous cybersecurity breaches.
When all the others ventured to find the magic sword; someone, somewhere whetted their own sword and won the battle for everyone.