What can we do about the growing cyber security talent gap?
A look at the cyber security talent gap. We ponder some of the solutions to the growing demand for companies to keep their digital domains safe.
Data breaches have serious consequences. Whether you’re a government organisation, a major international corporation, or even a tech giant like Yahoo or Facebook, no one seems safe from the threats lurking in cyberspace. Of course, not all data breaches will make national headlines, but they still have a severe impact on the organisations involved. Scarcely a week goes by without news of another major hack or data loss, resulting in lawsuits, reputation damage, loss of confidence and fines that can run into the hundreds of millions.
The quest for the security skills holy grail
As our world increasingly revolves around technology, data and the internet, the question of how we keep this data safe and secure is becoming more and more important. However, the answers to those questions are getting harder and harder to find. Most companies find recruiting and hiring the talented cybersecurity professionals they need to be a highly challenging task, with such skills now in huge demand. Industry headlines such as ‘Is the Cybersecurity Skills Shortage Getting Worse?’ ‘The Cybersecurity Skills Shortage is getting worse’ and ‘The Cybersecurity Talent Gap is now a National Crisis’ paint a bleak and alarming picture. Meanwhile, between half and two-thirds of organisations are reporting a problematic shortage of cybersecurity specialists, whilst some estimates suggest that there may be up to 3.5 million unfilled positions in the industry by 2021. Just to make matters worse, it’s not just the people themselves that are in short supply, but also certain skills within the profession. Some organisations that have skilled cybersecurity staff still report shortages when it comes to advanced skills like cloud security, threat intelligence and security investigations. So even if you find the ‘Holy Grail’ and manage to hire a talented cybersecurity professional, your problems still might not be over.
The cold, hard truth is that the people we’re looking for just don’t exist – certainly not in anything like the numbers that we need. At the moment, we’re trying to find individuals who, amongst other things, are experts in very specific technical skills, have the imagination to think of new threats that may emerge, are collaborative, have great management and analytical skills, the adaptability to respond to a rapidly changing threat landscape and have a passion for constant learning and self-improvement. As one recent article notes:
"the quickest solution would be for one person to be able to do the work of five."
The obvious problem is that these sorts of people are rare – where they exist at all – and this will probably always be the case. It simply isn’t realistic to base our response to this threat on looking for them, and it may be a mistake even to try. Indeed, as the team at Forbes have argued:
Could collaboration be the key?
So what is the answer? Well, we need to think very differently about how we hire and recruit to meet this challenge. For one thing, it may not be just about hiring new staff. There is now so much education and training available outside the classroom that some experts believe we should look within our companies for the answer, and upskill our existing workers to help meet the demand. If we do decide we need to bring people in, then we need to think a bit more broadly about the skills we want them to have, and be prepared to be flexible about specific qualifications. It has been estimated that about 30 per cent of cybersecurity professionals did not have an IT background when they came to the field. So, given the necessary technical skills can be learnt, if someone is "smart, collaborative and likes to solve problems it might make sense to consider their potential." Other suggestions include working with other companies and organisations, or ‘dipping into’ the vast pool of ‘ethical hackers’ who won’t be hired into traditional full-time roles, but who we can collaborate with through online platforms to supplement the work of our own security teams.
The key thing here – which underpins all of these possible solutions – is collaboration. Above all we need to start working together, and thinking cooperatively if we’re going to meet this challenge. We need to stop thinking of cybersecurity as the responsibility of a few people, designated to a specific individual or even team. Instead it must be seen holistically – as the responsibility of everyone within our organisation, as something to be embedded within our culture. This requires a big culture shift. We’re used to working as individuals – whether as people or as organisations – in competition with each other to gain an advantage in the market. But this thinking may be outdated for the digital age. Instead, when it comes to cybersecurity, it may be better to think of the internet not as a competitive market-place, but as part of a ‘digital commons’ that we all share and are all responsible for. It won’t be easy, but there’s no use in clinging to yesterday’s answers if we want to tackle the challenges of tomorrow.
Author -David Selway
Sign up to our bi-monthly newsletter for more insights, news, light reads and trends from the team here.