Home / Assessments / Recruiting / The Cybersecurity Skills Shortage: How to Staff for Information Technology Security Amidst a Skills Shortage

The Cybersecurity Skills Shortage: How to Staff for Information Technology Security Amidst a Skills Shortage

Posted by Eric Friedman

cybersecurity

The shortage of cybersecurity specialists remains at a high level as the cyber attack complexity increases from year to year.

At a global level, the labor market fails to meet the demand for qualified staff because technological solutions and security practices must keep pace not only with current Cloud and Internet of Things (IoT) technologies but also with emerging technologies, concepts and ideas.

A McAfee infographic indicates that 82% of the organizations report a shortage of cybersecurity skills, more than any other area in IT. Moreover, a survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) asked 437 cybersecurity professionals about the impact of the cybersecurity skills shortage and this is what they reported:

    • 54% say it increased the workload of their existing cybersecurity staff.
    • 35% say that their organization had to hire and train junior staff because they could not find workers with the appropriate level of experience necessary.
    • 35% say that the shortage has created a situation whereby the info security team hasn’t had time to learn the security technologies to their full potential.

To address these problems, companies like IBM are addressing the cybersecurity skill shortage by creating new collar jobs that require the candidates to learn complementary skills in addition to their degrees or career fields. A cybersecurity expert needs to have the following traits: strong analytical and problem-solving skills, curiosity, open-mindness, strong ethics and the ability to understand risks. Incorporating practical learning into academic programs would better allow cybersecurity professionals to apply these traits in preparation for real world jobs.

Any profession requires a constant commitment to IT security, and the level of knowledge needed to simply maintain the status quo is very high. The process of learning and acquiring new technologies is ongoing. As new vulnerabilities appear, trained personnel must find new technological solutions to manage new threats.

The ISACA study,  “State of Cyber Security 2017: Workforce Trends and Challenges”,  says that 27% of the U.S. enterprises are unable to fill open cybersecurity positions and 32% of the enterprises worldwide report that the time it takes to fill cybersecurity and information security positions is typically more than 6 months. Cisco says that there are 1 million unfilled cybersecurity jobs worldwide, while Michael Brown, CEO of Symantec, predicts that by 2019 the number will be 1.5 million.

There are multiple reasons why the ideal candidate is so difficult to find. The requirements needed to become a computer security specialist are numerous and consist not only of technical knowledge but also of knowing applicable regulations and law.

Professionals are required to get certifications, but most of all, they need experience. ISACA reports that 55% of enterprises believe experience is the most important qualification for a cybersecurity candidate.

These professional requirements, combined with increasingly complex computer threats from criminals who use sophisticated technology and tactics, may also be a reason why the labor market has failed to meet the need for specialists.

How to minimize the cybersecurity skills shortage

Recommendation 1 – Use Outside Experts

If your company doesn’t have a cybersecurity expert and you aren’t even sure how to go about hiring someone for your security needs, partner with a company that specializes in cybersecurity (also known as a threat intelligence vendor). Companies such as Anomali, Flashpoint, and ThreatConnect can help you build your threat intelligence program. Be sure the partner you choose offers training and will teach you how to take an active role in planning your cybersecurity but then deploy the plan you both agree on, with no worries on your end. Also, make sure your Internet provider, the host for your website, and any companies whose software tools you license (or subscribe to) guarantee security from their end.

Recommendation 2 – Train junior in-house staff

Another option for companies looking for a cybersecurity specialist is to train one employee who shows the most talent to become a cybersecurity specialist. This is because he or she is already familiar with the company’s systems and needs and is most likely more adaptable than a possible new employee. This employee needs to be trained in subjects like cybersecurity, IT governance, data privacy and protection, security audits, penetration testing, vulnerability assessment and much more. Make sure you choose an expert training company to train this employee.

Recommendation 3 – IT and HR should work in orchestration

When hiring cybersecurity specialists, write the job description together with your IT Security Manager. Such a technical and complex job requires a deep understanding of the job requirements, and often an HR Manager doesn’t know how to advertise or screen for this type of job. Focus on the experience of the candidate, and, if you have a good training program in place, invest in that person’s certification. Your best candidates will be well-rounded technicians who can act as cybersecurity diplomats, talking to executives in normal (not techie) words when they address cybersecurity issues.

All in all, make sure your cybersecurity professionals have a high level of commitment to security and IT and technology. These qualities will bring many benefits to your company. You can use eSkill pre-employment skills tests for testing hard skills and the behavior skills needed for tech and software jobs, or you can customize the tests with your own questions on cybersecurity expertise.

Companies that understand the significance and consequences of the global cybersecurity skills shortage will prosper financially while delivering value to the market. Is your company affected by the cybersecurity skills shortage? What do you do about it?

About Eric Friedman

Author

Eric Friedman is the founder and CEO of eSkill Corporation, a leading provider of Web-based skills testing for pre-employment and training. With academic degrees in Psychology and Business, and experience with both mature and expansion-stage company growth, Eric has focused on how best to hire and motivate team members to be the best they can be for their companies.

4 COMMENTS Join the discussion
  • Maria July, 11, 2017

    I believe the best way to build cybersecurity skills is to learn by doing. Hands-on experience and professional certifications are a lot more important than a degree.

  • Kelly S. July, 11, 2017

    Cybersecurity is a people-intensive, highly skilled discipline, so it’s safe to assume that the lack of qualified professionals is a root cause of the perpetual wave of security attacks and data breaches.

  • Tom H. July, 11, 2017

    The federal and state governments in the U.S. need to fund and mandate educational technology and curricular programs that would encourage students in public schools, community colleges, and state schools to take courses in cybersecurity.

  • Chris July, 11, 2017

    This is the number one thing companies in infrastructure and finance are dealing with today, Cyber Security. Hiring of Chief Information Security Officers are at an all time high. Great article and insights here.

ADD YOUR COMMENT

Guest July, 11, 2017