Growing skills gap will tax defenders, warns recruitment firm

The cyber skills shortage is getting worse, according to a new report from recruitment firm Outsource.

Since 2014, says Outsource, the number of organizations reporting a problematic security skills shortage has more than doubled, from 23% to 51%.

“We have seen the demand for SOC [security operations center] and IR [incident response] resources go from 7.5% of our roles in August 2017 to 2018, to 17% of our requirements in the last 12 months, as just one example of a market that is becoming more in demand,” Rosie Anderson, the company’s UK cybersecurity director, tells The Daily Swig.

“As the market matures and the threats change, the demand is only going to increase.”

As a result, pay in the industry is high: Outsource cites median salaries of £50,000 ($62,400) for SOC analysts, rising to £180,000-plus ($225,000) for cybersecurity directors or CISOs.

However, says Anderson, “The demand is for experienced cyber resources, which means we keep moving the top tier of talent around – the average time in post for a pen tester is 12 months. This isn’t sustainable, and isn’t going to positively impact the shortage.”

She urges businesses to take and train junior candidates, maybe cross-skilling candidates from other industries.

Attracting overseas candidates to the UK, she says, is tricky, given the closure of the HSMP [Highly Skilled Migrant Programme] visa.

“The government has done a great job of putting together some strategies to solve the skills shortage, but it’s a bit of a rush to the finish line as our infrastructure grows faster than we can secure,” she says.

“We’re already behind a very young industry, so there can be a miscommunication between business and government with what skills are needed as part of the CSIIF [Cyber Skills Immediate Impact Fund].”

Outsource says it’s receiving more requests for diverse shortlists from its clients – as well as questions on how to address the gender pay gap.

“However, there are a lot of businesses that understand that diversity is a great initiative, but still struggle to justify making a change to their hiring structure, or the need for experienced resources,” Anderson says, adding how companies need to the benefits that training different sources of talent can bring.

“I would urge anyone who is hiring to challenge their thinking – yes, for a CISO to lead your security strategy you may need someone that has done this before, but if you have a supportive and established team, you can look at candidates with transferable skills, who have a real passion for joining this industry, and can bring a different way of thinking to your business.”

RELATED Trump signs executive order pledging to strengthen cybersecurity workforce