It starts at the university level and spreads outward. As we reported just last month, students are continuing to graduate with computer science degrees from top universities, but with little knowledge of cybersecurity. For the most part, cybersecurity courses continue to be offered as electives rather than required classes, which leads to employers and recruiters continuing to battle a widening security skills gap.
There are plenty of reports out there that point to this growing skills gap but one of the most jaw-dropping was the 2017 Frost & Sullivan (ISC)2 Global Information Security Workforce Study, which reported that by 2022 there will be a global shortfall of cybersecurity workers of 1.8 million people. This wouldn’t be so concerning if there were any sign of a reduction in breaches, ransomware, and phishing scams in five years’ time, but that’s simply not the case.
So what’s the hiring process like when there is such a skills shortage? Well according to ISACA’s Cybersecurity Nexus survey, 40% of the organizations surveyed report receiving fewer than five applications for cybersecurity positions, with one in four organizations spending up to six months or longer trying to fill a position. This statistic is from today – imagine what it will be in 2022.
What are the skills needed?
Like any industry, the cybersecurity industry is looking for individuals with the right education, certifications, experience, and specific training to fill a position. Not only that, but creativity is often cited as a desired trait as well. Hackers are constantly developing new methods to worm into organizations and extract the information they want. Security professionals often need to be one step ahead of the competition, not only needing to think quickly about how to patch flaws, but predict what, or who, may attack in the future.
So how can this problem begin to be alleviated?
Education will be a large component. As schools develop more courses in cybersecurity, students will have more options to educate and prepare themselves for a booming industry. And as we called out in last month’s security education blog, there was little improvement between 2016 and 2017. Considering the growing need in the cybersecurity space, it won’t be difficult to position a career in security as highly sought after and stable.
Automation will help overtaxed cybersecurity professionals unify teams. We’re starting to see a cultural shift in security practices. Security and compliance practices have become front page news again and again as high-profile breaches happen. This unfortunate trend is driving the need for smart professionals who understand automation practices and believe in baking security into development process from the start. An understanding of cybersecurity is still needed, but each breach brings with it an organization who is willing to invest in better training for security professionals, and better tools to catch and reduce weaknesses.
Lastly, various security certifications will help individuals who seek a career in cybersecurity who may not have had the ability to study it in school. Sure organizations would love to hire someone with previous experience successfully defending organizations against the great wide web; but as cybersecurity jobs continue to grow and students continue to graduate without the proper knowledge, I imagine a certification will catch the eye of a hiring manager who has searched for months to find the right hire, only to receive an application or two for the position.