The threat landscape is changing daily and the threats themselves are becoming significantly more complicated. Unfortunately, the number of qualified cybersecurity professionals is not keeping up.
In fact, a new study by ISACA and RSA Conference found that 6 in 10 cybersecurity team leaders say their staff can’t handle anything beyond simple incidents. Further, the same study found that it often takes more than six months to fill a cybersecurity position—and half the selected candidates do not have the necessary skills that make them job-ready.
These findings have been and continue to be cause for concern. These are the people responsible for protecting and defending their companies’ most valuable assets—their systems, their financial records and medical information, to name a few. It’s even more daunting when you look at the number of cybersecurity positions that remain unfilled—according to Cisco, that number now tops 1 million worldwide.
Addressing this problem is doable, though it will take some time. Here are five steps we must aggressively pursue to begin closing the cybersecurity skills gap to ensure that organizations have access to the competent, qualified skilled candidates they need:
1. Drive awareness of the cybersecurity career field
Students are exposed to a number of careers from a young age, but being a cybersecurity practitioner isn’t usually one of them. A recent survey by Raytheon indicates that 67 percent of men and 77 percent of women said no high school or secondary school teacher, guidance or career counselor ever mentioned the idea of a cybersecurity career. And when students are aware of the job—perhaps a family member or friend works in the profession—the role models they see in those positions are overwhelmingly men.
We need to equip guidance counselors and STEM teachers with more information on cybersecurity careers and the benefits they offer—from the impact cybersecurity professionals have on organizations to the roles they play in safeguarding infrastructure, data, people and society to the above-average salaries they can command. We need to ensure cybersecurity professionals—men and women—are at job fairs and career nights, and we need to communicate that a student does not have to be a technical genius to pursue this career. The best candidates, and the best professionals all possess a solid mix of business, communication and technical skills.
2. Help college students develop strong foundational cybersecurity knowledge
University programs need to be directly linked to the knowledge and skills that cybersecurity jobs require. Their courses should provide a strong foundation of cybersecurity knowledge in their courses, but they can’t stop there. Students must be given the opportunity to build hands-on skills, throughout their college careers.
3. Focus on skills-based training
Companies are looking for cyber professionals who don’t just know what a threat is, but also how to detect threats, mitigate their effects and use their skills to guard against future threats. They want proof of skills—the kind of skills that are best built in lab environments where individuals can respond to real threat scenarios. When you’re protecting the data for thousands, or perhaps millions, of individuals, “learning on the job” just won’t cut it anymore.
4. Invest in your cybersecurity workforce
To accomplish the shift from knowledge-based learning to skills-based training, organizations need to invest in their workforces. This type of training can be more expensive, but the outcome is exactly what companies are seeking—experienced cybersecurity pros.
Companies also need to invest in retaining their workforces. Studies show substantially more women leaving the field early than men, and this is a real problem we need to address.
5. Open additional pathways to cybersecurity careers
Four-year degrees in cybersecurity or related fields are excellent. However, we need to open additional pathways to industry in order to widen the talent pipeline. This might include a shorter technical school program or investing in training to bring staff from unrelated business units into the cybersecurity function. Whatever the answer, it is implementable—and, given the current skills gap, not a subject many should find debatable.
The U.S. Bureau of Labor Statistics says the demand for cybersecurity professionals will grow by 53 percent through 2018. Industry, governments, academia and nonprofits need to work together and aggressively focus on meeting this need.
One thing is for sure—there has never been a better time to be a cybersecurity professional.