The IT security workforce gap is widening – Security Boulevard
Continuing information security skills shortage, with an estimated shortage of 3.4 million cybersecurity workers worldwide, is putting greater pressure than ever before, according to a study by (ICS)2 on security professionals and organisations.
The investigation out of 11,779 global practitioners and decision-makers revealed that 70% felt their organization did not have enough cybersecurity staff to be effective.
More than half of employees in organizations with workforce shortages said they believe staffing shortages put their organization at “moderate” or “extreme” risk of a cyberattack.
Due to understaffing, IT security professionals have encountered problems including a lack of time for process assessment and monitoring and slow patching of critical systems.
The study also indicated that it was not necessarily difficult to find qualified talent, but rather that insufficient training and promotion opportunities were the most important factor fueling staff shortages.
Dave Gerry, COO at outsourced cybersecurity specialist Bugcrowd, explained that attracting good candidates has always been at the heart of any business.
“Finding senior talent, whether in cybersecurity or another function, requires a combination of attractive compensation, career growth, flexibility to work anywhere, and a mission that employees want to support” , did he declare. By creating opportunities for career growth and rallying around a mission to help customers and the wider digital community defend against cyberattacks, employees feel empowered to improve and do advance the community at large.
“Bugcrowd has always taken the approach of finding talent from non-traditional and diverse backgrounds, providing them with the necessary training and empowerment, compensating them well with additional equity incentives and giving them the means to do what needs to be done,” said Gerry. “It has allowed us to continue to build a world-class team in a highly competitive market.”
He added that for years the industry was led to believe there was a significant gap between the number of jobs open and the qualified candidates to fill those jobs.
“Although this is partially true, it does not give an accurate view of the current state of the market,” he explained.
From his perspective, employers need to take a more active approach to recruiting from non-traditional settings, which, in turn, greatly expands the pool of candidates, from just formal graduates to individuals who, with the right training, have incredibly high potential. .
“Furthermore, it provides the opportunity for people from diverse backgrounds who otherwise could not receive formal training to break into the cybersecurity industry, providing opportunities for income, career and wealth creation. they might not otherwise have access to,” says Gerry.
Darren Guccione, CEO and co-founder of Keeper Security, a provider of zero-trust, zero-knowledge cybersecurity software, said business leaders face the challenge of finding the cybersecurity talent needed to ensure the security of their organizations as they balance distributed remote workforces and a growing number of endpoints with a threat landscape that continues to expand.
“This imbalance between the need to protect public and private sector organizations and trained cybersecurity professionals presents a bold opportunity for students to pursue a career in a massive industry,” he said.
Guccione explained that beyond compensation, Keeper Security is looking for people who are passionate about the profession and the desired skills.
“We are committed to developing global talent with the goal of helping our team members become the best versions of themselves and thrive in their profession,” he said. “Cybercriminals aren’t waiting for industry to fill the cybersecurity workforce gap.”
Therefore, he said, colleges, universities and technical organizations should develop, invest in and implement state-of-the-art cybersecurity programs.
John Bambenek, principal threat hunter at Netenrich, a SaaS security and operations analytics company, pointed out that ultimately threat research does not scale with technology.
“You just need more humans to do more,” he said. “It also inspires me to focus on developing young researchers, which benefits the industry and the landscape as a whole anyway.”
He said he always preferred to do what he called “hiring Rolodex” when he could because hiring is one of the most miserable jobs for managers.
“Once I have people on the doorstep, I try to encourage professional development as much as possible and I continue to try to steer the work towards their current interests,” he says. “Basic engagement with staff at the human level also helps beyond just shoveling JIRA tickets.”
Bambenek also noted that many organizations rely on automation or machine learning to try to fill the talent gap.
For example, SOAR, in addition to solving the security problem, allows organizations to do much of the incident response work automatically instead of relying on humans to do it.
“We’re seeing automation that doesn’t work and new security issues that automation isn’t quite ready to solve yet, but there’s a lot of promise for new tools and technologies to make humans more productive than they are. are today,” he said.