A DROP IN CYBERSECURITY SKILLS
Vince Lombardo, CyberSecurity, RoundTower
An increasingly complex security landscape mixed with an ever-growing threat environment is pushing many businesses to search for internal resources to fill the security skills gaps in their workforce.
Along with the additional demands placed on internal technical teams, companies now must cope with changes among compliance and regulation requirements, such as the EU General Data Protection Regulation (GDPR). Creating what some are calling the 'perfect storm,' numerous companies are finding it difficult to find and recruit the right skills/resources to satisfy these growing demands.
It has been estimated that there are over one million unfilled cybersecurity jobs worldwide! A recent ISC2 survey shows that there has been a 20% increase in the number of vacant cybersecurity jobs since 2015 and expects to see a rise of 1.8m worldwide by 2022.
The absence of dedicated resources keeping pace with the growing number of threats means that many businesses will be forced to outsource some, if not all, aspects of their cybersecurity strategy. This skills gap is now leaving major security holes that could potentially expose organizations to unnecessary risks.
Along with the strict new standards around data protection and hefty fines, many in-house security teams are scrambling to cope with new regulatory challenges at a time when they are incredibly under-resourced.
When it comes to recruitment, maybe you're looking in all the wrong places. Sure, you will need a security team that includes specialists in digital forensics, compliance, incident response, analytics, and threat intelligence…but don't ignore the growing amount of people looking to apply their skills to a new career in cybersecurity.
The aforementioned ISC2 report revealed a 30% increase in employees who have successfully launched new careers in cybersecurity after holding a non-technical job in accounting, marketing, or business. Showcasing people with good business and communication skills can also make meaningful contributions to an IT team.
I understand that it might not be an excellent choice to take Tom from accounting and place him directly in the security bullpen. Security is one of the essential branches of your IT department: they are charged with protecting both the employees and the company’s valuable data, meaning someone like Tom will have to have to earn his place on the team. Taking an accountant from crunching numbers to crunching data logs may take a lot of hands-on training. But on the other hand, Tom is used to following policies and staying up-to-date on complex regulations.
Also, keep in mind that many IT professionals are well-educated graduates who do NOT possess a bachelor's degree in Information Technology or Computer Science and may not have a degree at all. The support and services side of the industry is famously recognized for their apprentice-like training. Teaching the latest recruit about every intersection of the businesses infrastructure while endorsing vendor certification programs based on their environment.
When it comes to hiring someone for a cybersecurity role you should be looking for someone that has been taught to think vs. taught what to think. The potential candidate must possess that same thirst for knowledge and have a passion for technology. The threat landscape is dynamic, and it's going to take a dynamic individual or team to keep up.
The truth is that there is an overwhelming need for recruits and the only way we're going to fill this gap is by encouraging people to consider a career in information security. We also need to fix the disconnect between what upper management expects and what a new team member requires for a successful career in IT security.
Of course, there's always the option to outsource these skills to avoid the cost of recruitment, management, and training. Not to mention the cost savings you will gain by not having to maintain and renew certifications – often quite demanding within a cybersecurity role.
Good idea, but an augmented approach will allow you the flexibility with the mixture of an end-to-end cybersecurity services provider and residency. Keeping confidential and business-critical data under wraps but also empower the in-house cybersecurity team to sharpen their skills. This method buys you more time while we help you find the right candidate to close the gap.
Unfortunately, the skills gap in the industry is affecting everyone, and we do not have the resources to fill all security roles. The problem isn't going to fix itself overnight, but there’s never been a more critical time to make this a career of choice.