Bridging the widening cybersecurity workforce and skills gap

As the world becomes increasingly digital, users and organizations continue to face a greater number of, and more-destructive cyber attacks, including physical damage perpetrated by highly funded rogue nation-states and cybercriminals for personal or political gains.

To secure its digital assets and critical infrastructure from the growing digital risks and vulnerabilities, organizations hire highly-skilled cybersecurity professionals in different roles such as Cyber Defense Analyst, Consultant, Secure Software Assessor, Systems Security Analyst, Vulnerability Assessment Analyst, Security Administrator, among others.

However, there exists a significant gap between available qualified cybersecurity professionals and the number needed to defend organizations, owing to increasing demand and also the lack of skilled experts and resources.  

According to the 2019 (ISC)² Cybersecurity Workforce Study, the cybersecurity workforce needs to grow by 145 percent to close the skills gap and better defend organizations worldwide. The United States, one of the most technologically advanced countries in the world also faces a shortage of 498,480 skilled cybersecurity professionals.

Why Cybersecurity workforce gap exists?

Here is why the industry is facing a crisis in staffing.

Cybersecurity curricula

Academic institutions lack an effective cybersecurity curriculum to keep up with technological advances, limiting opportunities for students interested in pursuing a career in the cybersecurity domain. Cybersecurity education programs lay more emphasis on theory-based learning instead of hands-on work experience that makes it difficult for cybersecurity graduates to meet the expectations of employers.

Gender stereotypes

The cybersecurity industry is also grappling with the issue of gender diversity which means workplaces are missing out on the productive potential of nearly half the talent. The traditional perception that women are not suitable for technology-based roles is also aggravating the crisis. Even if women manage to enter the workforce, they face pay inequities.

Lack of skilled/experienced staff

When it comes to building a better cybersecurity workforce, organizations deal with a number of challenges. Organizations look for professionals with previous cybersecurity work experience and knowledge of advanced cybersecurity risks and evolving technologies like artificial intelligence, the Internet of Things and machine learning. Lack of critical hands-on skills and product experience prevents companies from hiring cyber professionals.

Lack of awareness among organizations

A majority of organizations are unaware of their cybersecurity workforce needs including job roles, specialized knowledge, and skillsets security professionals should hold in pace with evolving cybersecurity risks.

How can the industry fill the talent shortage?

Cyber risk has been identified as the top-most corporate perils for 2020 and beyond, according to a report based on the insight of more than 2,700 risk management experts from 102 countries and territories. In view of the emerging risks, there is a growing need for highly trained cybersecurity professionals who can provide real-world solutions to critical organizational challenges.

To build the next generation of cyber talent and close the existing workforce gap, industry stakeholders need to consider the following approaches.

New collar approach

According to tech giant IBM, tapping professionals who may not have a traditional college degree in the relevant field but do have the needed technical skills and aptitudes may help fill the talent gap.

Global think tank CSIS (Center for Strategic and International Studies) also recommends employers to hire cybersecurity applicants with non-traditional backgrounds to address critical workforce needs.

More diversity 

Just 24 percent of the cybersecurity industry is female today. Hiring based on talent and not gender will help organizations fix the cyber skills gap at scale. The rapidly growing industry has a pressing need for diverse talents which can't be achieved without women's participation.

A diverse workforce makes for better products, fewer failures, and higher productivity. Multiple studies in the recent past have drawn the same conclusion that diverse teams outperform homogenous teams.

Early education

Academic institutions along with policymakers and industry experts should develop cybersecurity curricula and educational tools to prepare the next generation of cyber-literate workforce. With cybersecurity career awareness resources and hands-on learning environment, students can turn their interests into a lucrative career option.

Career advancement opportunities

Considering the fact that the cybersecurity landscape is dynamic, organizations should train and develop existing team members to enhance their security stance and help close the drastic gap. Internal re-training and up-skilling programs will help organizations draw from existing talent pools to fill workforce shortages.

Certification programs

Current professionals and those looking to make their career in cybersecurity must take dedicated training and certification programs that will help them build the necessary knowledge skills, and abilities to address real-world cybersecurity challenges. There are a plethora of certification programs available for learners such as the Certified CISO (CCISO), CompTIA Security+, Cisco Certified Network Associate Security (CCNA), Information Systems Security Architecture Professional (CISSP-ISSAP), GCIH (GIAC Certified Incident Handler), among others.

In conclusion, increased investment and collaboration between governments, policy-makers, private players and other stakeholders can help address the ongoing shortage of talent in the cybersecurity industry.

(Disclaimer: The opinions expressed are the personal views of the author. The facts and opinions appearing in the article do not reflect the views of Devdiscourse and Devdiscourse does not claim any responsibility for the same.)