The cybersecurity talent gap is a known quantity. Companies across the globe are feeling the strain as demand for security support, innovation and skills soar despite a shortage of incoming IT professionals.
As noted by a recent Capgemini study, there’s a 25 percent gap between demands for cyber talent and existing supply. In addition, a Cybersecurity Ventures report predicted a shortfall of 3.5 million cybersecurity professionals by 2021.
So what’s the secret for companies struggling to achieve security goals even as malicious actors get more aggressive? How can they bridge the gap and get back on track?
The Cybersecurity Talent Gap Is Growing
According to the Capgemini study, 68 percent of organizations reported a high demand for cybersecurity skills. Analytics and innovation also made the list at 64 and 61 percent, respectively, but have smaller gaps compared to the whopping 25 percent cybersecurity gap.
Specificity is also a concern. A recent PricewaterhouseCoopers (PwC) white paper noted that, while finding a cybersecurity generalist is often possible, it’s much more challenging to find experts capable of managing enterprise-specific or legacy technologies.
According to CSO Online, this isn’t all bad news, since the increasing recognition by enterprises (and specifically C-suites) that cybersecurity is a must-have rather than an afterthought marks a watershed moment for the industry. Jennifer Steffens, CEO of IOActive, put it simply: “Organizations are waking up to the critical importance of security.” The next step, she said, is recognizing that “the workforce shortage will grow unless organizations also wake up how they approach finding and retaining talent,” she told CSO Online.
Using Existing Talent
Now that companies recognize the importance of cybersecurity talent, how can they close the skills gap? The PwC paper noted that some tasks can be handled by outsourced security services, reducing the number of in-house professionals required. In fact, 62 percent of respondents to the firm’s “Global State of Information Security Survey 2018” said they’re now using managed services for access management and threat intelligence.
The caveat is that it’s not possible to move everything off-site, meaning enterprises need a new source of skills. One option is to increase the value of cybersecurity positions within the organization. This means giving chief information security officers (CISOs) a spot at the table and giving skilled professionals the autonomy they need to get their jobs done. This includes solid budgets for continual training and responsibilities that go beyond simple break-fix scenarios.
Closing the Gap With New Collar Workers
As noted by Help Net Security, it’s also possible to level up existing enterprise talent outside of the IT pipeline. This includes customer service, business development, sales, law and finance professionals. Here, situational abilities and a willingness to learn matter more than an idealized skill set.
These employees could even be easier to train than traditional IT professionals, since they don’t come with preconceived notions of how IT has always been done. Companies need to put out the word that they’re interested in training new security professionals, see who steps up and then support burgeoning careers.
Traditional hiring has a place here too. Partnerships with technical colleges and universities are worthwhile, but the numbers don’t lie: Finding enough talent requires thinking outside the box.
Organizations now recognize the value of cybersecurity talent, and they’re setting security goals to match. The problem is that the talent shortfall means missed targets and increasing distance between expectations and reality. The solution is to get innovative by leveraging outsourced skills, increasing the value of cybersecurity positions and tapping new talent pools to help close the distance.