This is the time of year when students around the world head back to school. Many entering their final year of high school and those in college or at universities are thinking about courses of study that hold promising career opportunities, excitement, and challenge.
Most of us who read SecurityWeek hope that news of the global cybersecurity skills shortage has reached these students and will inspire them to pursue this ever-expanding field rife with job opportunities. But we must do more than hope; we need to actively participate in cultivating a talent pipeline while taking steps to bridge the resource gap in the interim. Otherwise the dearth of cybersecurity professionals, estimated at more than a million worldwide, will continue to grow.
A new labor market report by Burning Glass, Job Market Intelligence: Cybersecurity Jobs, 2015, finds that job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall and take longer to fill. The professional services, finance, and manufacturing/defense sectors have the greatest number of openings. Finding qualified candidates for positions that require a security clearance or a combination of IT security skills and industry knowledge, for example in finance or healthcare, takes even longer.
A long-term view
Employers and IT security vendors must also collaborate with colleges and universities to help close the talent gap. Providing scholarships, funding specific programs to support hybrid study, offering expertise in the classroom, and creating internships, are just a few ways to help accelerate the number of trained graduates who will enter the job market a few years from now. Not only that, given our insights and knowledge of the attack techniques being used, the latest technologies and strategies to deal with threats, and where the biggest competency gaps lie, we can help ensure that programs are relevant and designed to address real-world challenges. True, it’s a longer-term approach to dealing with the skills shortage, but it’s one that will pay dividends in the future. As investment guru Warren Buffet once said, “Someone’s sitting in the shade today because someone planted a tree a long time ago.”
But as any wise investor knows, you need to balance long-term strategic goals with immediate needs. So while you’re collaborating with various colleges and universities, how can you address the talent gap you face today? Attackers aren’t sitting idle and neither can you.
Short-term action
The good news is that technologies are advancing through integration and automation to help address the skills gap. The irony is that while these technologies exist, the worsening shortage of security talent has hampered the ability of many organizations to monitor these developments and embrace them. As a result, most organizations continue to be mired in complexity and fragmentation with too many disparate security technologies that can’t – and don’t – interoperate. But it doesn’t have to be this way.
With an integrated approach to threat defense, that uses telemetry to correlate and analyze data from these disparate systems, you can gain visibility into what “looks bad” in a single place. You can add context based on local and global data-driven threat intelligence. And you can apply controls using analysis and automation for systemic response to detected threats. Security services can supplement in-house security teams so that every business, regardless of their in-house resources, has the opportunity to further improve security outcomes. These services can help assess and manage the people, process, and technology components of information risk holistically and across technologies to improve security outcomes.
The global cybersecurity skills shortage isn’t going away any time soon. But by attacking it on multiple fronts we can proactively work to address it. Savvy students should consider this exploding and exciting field of study that embraces a wider and wider range of skill sets. Academia, government, and industry should continue to partner to ensure educational programs are relevant and available. And organizations should identify how to use integration, automation, and security services to compensate for a lack of resources today.