The shortage of cybersecurity specialists remains at a high level as the cyber attack complexity increases from year to year.
At a global level, the labor market fails to meet the demand for qualified staff because technological solutions and security practices must keep pace not only with current Cloud and Internet of Things (IoT) technologies but also with emerging technologies, concepts and ideas.
A McAfee infographic indicates that 82% of the organizations report a shortage of cybersecurity skills, more than any other area in IT. Moreover, a survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) asked 437 cybersecurity professionals about the impact of the cybersecurity skills shortage and this is what they reported:
To address these problems, companies like IBM are addressing the cybersecurity skill shortage by creating new collar jobs that require the candidates to learn complementary skills in addition to their degrees or career fields. A cybersecurity expert needs to have the following traits: strong analytical and problem-solving skills, curiosity, open-mindness, strong ethics and the ability to understand risks. Incorporating practical learning into academic programs would better allow cybersecurity professionals to apply these traits in preparation for real world jobs.
Any profession requires a constant commitment to IT security, and the level of knowledge needed to simply maintain the status quo is very high. The process of learning and acquiring new technologies is ongoing. As new vulnerabilities appear, trained personnel must find new technological solutions to manage new threats.
The ISACA study, “State of Cyber Security 2017: Workforce Trends and Challenges”, says that 27% of the U.S. enterprises are unable to fill open cybersecurity positions and 32% of the enterprises worldwide report that the time it takes to fill cybersecurity and information security positions is typically more than 6 months. Cisco says that there are 1 million unfilled cybersecurity jobs worldwide, while Michael Brown, CEO of Symantec, predicts that by 2019 the number will be 1.5 million.
There are multiple reasons why the ideal candidate is so difficult to find. The requirements needed to become a computer security specialist are numerous and consist not only of technical knowledge but also of knowing applicable regulations and law.
Professionals are required to get certifications, but most of all, they need experience. ISACA reports that 55% of enterprises believe experience is the most important qualification for a cybersecurity candidate.
These professional requirements, combined with increasingly complex computer threats from criminals who use sophisticated technology and tactics, may also be a reason why the labor market has failed to meet the need for specialists.
If your company doesn’t have a cybersecurity expert and you aren’t even sure how to go about hiring someone for your security needs, partner with a company that specializes in cybersecurity (also known as a threat intelligence vendor). Companies such as Anomali, Flashpoint, and ThreatConnect can help you build your threat intelligence program. Be sure the partner you choose offers training and will teach you how to take an active role in planning your cybersecurity but then deploy the plan you both agree on, with no worries on your end. Also, make sure your Internet provider, the host for your website, and any companies whose software tools you license (or subscribe to) guarantee security from their end.
Another option for companies looking for a cybersecurity specialist is to train one employee who shows the most talent to become a cybersecurity specialist. This is because he or she is already familiar with the company’s systems and needs and is most likely more adaptable than a possible new employee. This employee needs to be trained in subjects like cybersecurity, IT governance, data privacy and protection, security audits, penetration testing, vulnerability assessment and much more. Make sure you choose an expert training company to train this employee.
When hiring cybersecurity specialists, write the job description together with your IT Security Manager. Such a technical and complex job requires a deep understanding of the job requirements, and often an HR Manager doesn’t know how to advertise or screen for this type of job. Focus on the experience of the candidate, and, if you have a good training program in place, invest in that person’s certification. Your best candidates will be well-rounded technicians who can act as cybersecurity diplomats, talking to executives in normal (not techie) words when they address cybersecurity issues.
All in all, make sure your cybersecurity professionals have a high level of commitment to security and IT and technology. These qualities will bring many benefits to your company. You can use eSkill pre-employment skills tests for testing hard skills and the behavior skills needed for tech and software jobs, or you can customize the tests with your own questions on cybersecurity expertise.
Companies that understand the significance and consequences of the global cybersecurity skills shortage will prosper financially while delivering value to the market. Is your company affected by the cybersecurity skills shortage? What do you do about it?