Skills Shortage: What To Do?
Is The Cyber Security Industry Doing Enough To Solve Its Skills Shortage Problem?
Cyber security professionals worldwide feel ill-equipped to manage the ever-evolving threat landscape they have to face on a daily basis – they need help. But where are the people they need to hire? The cyber security’s workforce gap has become the top concern for professionals in the industry, outranking what were once more common ones, such as lack of budget and time.
In 2017, studies predicted that the global cyber security workforce gap would reach 1.8 million by 2022. But by October 2018, the actual global number reported was already a staggering 2.9 million. Things are much worst, much sooner… But is the cyber security industry doing enough to help solve this problem?
Kaspersky Lab’s 2018 Cyber Skills Report noted that 80% of Italian businesses find it difficult to recruit IT security professionals. Meanwhile, a surprisingly high number of youngsters in the country use their digital savviness to exacerbate cyber crime, rather than prevent it.
25% of young adults surveyed by Kaspersky in Italy know someone who is currently undertaking potentially illegal cyber activities –such as malicious hacking. The underlying message here is that there is a pool of highly-skilled people who are either not being considered for the job openings, don’t know about them, or aren’t interested. Without incentive or support from the security industry, young talents might be wasted in the dark web or somewhere else far away from the offices of cyber security solutions providers.
71% of young people globally aren’t aware of any IT security graduate opportunities or internships. And yet, they are expected to have substantial experience before applying for most job openings in cyber security. Organisations need to develop more entry doors through which new cyber security workers– be them young students or professionals changing career paths- can develop their skills through practice.
But when it comes to preparing the future generations of cyber security professionals, the majority of Italian IT professionals attribute that responsibility to the higher education sector (38%). Perhaps it is time for both sectors to work closer together – such as through research collaborations, by having industry experts consulting on course materials, or by counting on more organisations to offer internships for current students. Partnering up with educational institutions, the cyber security industry can ensure that theory and practical learning are living up to the industry’s expectations and demands.
There seems to be a chronic asymmetry between what IT security hiring managers are seeking and what those attempting to enter the industry can offer.
Other industry numbers, found by the GISWS study, point to paradoxical trends: 92% of the industry’s hiring managers say past experience in security is important. However, it is not uncommon for cyber security workers to arrive at their jobs via unconventional paths – 87% of them, globally, migrated from another career into cyber security and often rise to become key decision makers in their organisations (globally, 33% of cyber security executives and C-suite professionals fit this category).
Research also shows that the preferred recruitment sources among hiring managers is their social and professional networks, but it is unlikely that these include very diverse individuals – or so we are led to believe: nearly 90% of the industry’s current global workforce is male and the majority arrive in information security with a computer science or engineering background.
Cyber security can’t afford to be a man’s world anymore. It is a fair conclusion that women, representing nearly half of the world population but only about 10% of this industry’s workforce, could potentially narrow down the workforce gap if they felt more encouraged to venture into the industry. For this and other solutions to really take off, new recruitment practices are needed – particularly ones that move away from prioritising existing experience in the field.
More opportunities that support diversity and professional development will help address underrepresentation in the industry (of gender, age and race) – And when this happens, the workforce gap will also improve.
Rather than attributing separate responsibilities to different sectors of society, solving a problem of this scale requires coordinated efforts from the cyber security industry, education systems and the government – all of which are affected by poor cyber safety and should hurry to collaborate on solutions.
Written by Paula Magal for ItaliaSec – the Cyber Security Summit returning to Rome on May 14th-15th 2019. Follow ItaliaSec’s Newsroom for more content like this & to learn more about the summit.