Most organizations describe worker shortage as a top concern
The cybersecurity skills gap is continuing to widen, with a new report indicating that the world has well under half the number of cybersecurity professionals that it needs.
According to the US-based security certification organization (ISC)², the current cybersecurity workforce amounts to 2.8 million individuals – but there’s a need for 4.07 million more.
Across EMEA, there's a current shortfall of 291,000 cyber skilled workers, and in the US, the figure is a considerable 498,480.
“This year’s study has shown that there are particular shortages in functions such as forensics and penetration testing, with both showing a pronounced gap between current and ideal staffing levels,” Deshini Newman, managing director of EMEA for (ISC)², tells The Daily Swig.
“However, it’s also clear that, given the highly distributed nature of cybersecurity roles and skills, that there are gaps in all areas.”
This is good news for some cybersecurity professionals, who can command an average salary of $90,000 in North America – but less of a gain for organizations, two thirds of which, are reporting a shortage of cybersecurity staff. Most organizations describe this shortage as a top job concern.
Strategies for dealing with the shortfall
(ISC)² suggests several ways in which organizations can attract and retain suitable talent. These include highlighting training and professional development opportunities that can contribute to career advancement.
It also recommends widening the net as far as possible by not being overly restrictive about qualifications.
Organizations should consider hiring recent college graduates who have tangential degrees to cybersecurity, or try attracting seasoned consultants and contractors into full-time roles, for instance.
“Backgrounds that can make excellent cybersecurity professionals can include data scientists – these individuals are adept at working with AI and machine learning technologies, parsing through vast volumes of data to identify outliers that can drive forward threat hunts and security incident investigations,” Chris Schueler, senior vice president of managed security services at Trustwave, tells The Daily Swig.
“We’re also seeing people from military and law enforcement backgrounds make a career switch into cybersecurity.
“These people are often skilled threat hunters, experienced in building criminal profiles and establishing modus operandi.”
Finally, says (ISC)², organizations should strengthen their talent pool from within by further developing existing IT professionals with transferable skills.
Which candidates are most in demand?
“A lot of companies, when they are looking for security engineers, are now more keen on finding candidates with some sort of scripting and/or programming background – Python, Java, PowerShell, Bash, etc,” says Nicholas Milano, a cybersecurity consultant at specialist recruitment firm Barclay Simpson.
“One of the best things candidates can do for themselves to help them in the future is to go for some sort of cloud certification – AWS, Azure – and learn some sort of programming, Python being the most desired.”
With the (ISC)² report revealing that only 30% of cybersecurity professionals are women, one way to attract high-quality staff is to work to improve diversity.
“There is no question that we need more initiatives, such as mentoring in the workplace and highlighting role models to encourage more women to enter the sector and to progress,” says Newman.
“We need more flexibility in workplaces to meet the challenges of balancing life in a predominantly male environment. We also need hiring managers to commit to hiring on merit, and to consider workplace balance, when choosing between candidates of equal competence for a role.”