Zero percent. As noted by a recent Cybersecurity Ventures report, that’s the new number for cybersecurity unemployment. In fact, there are two available jobs for every qualified candidate, and with 1 million positions still open, companies are getting desperate.
Gary Hayslip, CISO for the city of San Diego, told CSO Online that they’re “trying to hire a unicorn” by writing job descriptions with huge skill lists that most security professionals simply don’t have. But what’s the real-world impact of this cybersecurity talent shortage? More importantly, how can companies reverse the trend?
Volume, Velocity and Variety
Cybersecurity is impacted by the three V’s: volume, variety and velocity. The volume of cyberattacks is rapidly increasing as more zero-day vulnerabilities are discovered, exploit kits become online commodities and cybercriminals broaden their targets.
Threats are also ramping up in terms of speed and type. Cloud resources and the wealth of data shared online make it easier than ever for malicious actors to discover security weak spots and create new attack vectors.
As noted by Marc van Zadelhoff, general manager of IBM Security, this translates to a “skills crisis in security,” even if the industry is able to fill every open job in the next few years. This isn’t good news, but it’s not entirely hopeless, either.
Addressing the Cybersecurity Talent Shortage
So how do companies address the cybersecurity talent shortage when traditional candidate pools are effectively dried up? One option is better training.
Schools such as the University of Warwick now offer a business-focused postgraduate module in enterprise cybersecurity that students — most likely security pros already working in the industry — can take part time to help close the skills gap. However, this is a downstream solution that only starts paying off after a few years and doesn’t address the issue of sheer numbers.
Another way to help bridge the gap, according to Computerworld, is by ramping up the number of women in IT security. This means abandoning notions of the ideal unicorn — often a seasoned male IT professional with a host of credentials — and instead choosing to innovate by encouraging both men and women to pursue cybersecurity careers even if their primary tech specialty lies somewhere else.
SC Magazine pointed out that it’s possible to make better use of existing IT professionals to help solve the skills gap. For example, many teams spend much of their time reporting or manually entering data rather than dealing with security issues.
What’s more, when basic cybersecurity hygiene isn’t up to par, even security specialists are put to work solving basic problems. Meanwhile, security teams are often forced to fight fires rather than move forward due to the overwhelming number of security alerts they deal with on a daily basis.
No Quick Fix
Changing the paradigm means opting for automation where possible, leveraging data analytics to help clean up the IT environment, and finding a balance between reactive and proactive security to let security pros improve overall cybersecurity health.
The cybersecurity talent shortage has arrived, and it poses real problems for IT. While there’s no quick fix, efforts like improved education, innovative hiring and investment in existing IT teams can help limit the impact of zero unemployment and absent unicorns.