THE SKILLS GAP
According to the Forbes’ article “One Million Cybersecurity Job Openings In 2016”, the cybersecurity market is expected to grow from $75 billion in 2015 to $170 billion by 2020. It’s no secret there is a prevalent skills gap in this industry. The CSIS (Center for Strategic and International Studies) published a study in 2016 which revealed that 82% of security professionals report a shortage of cybersecurity skills in their organizations.
Sources including Cybersecurity Ventures and Security Magazine have predicted close to 1.5 million unfilled cybersecurity positions globally by 2020. This tremendous amount of growth means the skills gap may eventually close as organizations catch up with the market expansion. However, the current situation and challenge demands CISOs to strategically work within their own organizations, as well as with the industry to find talent.
CISOs and security leadership struggle to fill open job postings due to lack of skilled applicants. When polled, 34.5% of security managers cited lack of security expertise as a key reason to why they could not fill open positions. Cybersecurity professionals, when hiring, are unsure of what skills or qualifications are most important when looking to recruit employees (451 Research study). The CSIS study showed that 77% of security professionals believe education programs are not fully preparing or urging students to enter the cybersecurity industry. These statistics on why the skills shortage exists imply the challenge of unfilled positions is one of a lack of education and knowledge regarding the industry.
HOW TO MAKE STRIDES AS AN INDUSTRY
As an industry, it is key to take a step back and understand the root cause of the challenge we are facing. The cybersecurity workforce lacks a diverse array of professionals. According to a 2017 study “The Global Information Security Workforce” conducted by the Executive Women’s Forum, only 11% of cybersecurity professionals are women. The industry must encourage more women to enter careers related to STEM (science, technology, engineering and math). Integrating more women in the industry will not only lower unfilled positions, but potentially add a stronger variety of traits including different skillsets and problem solving approaches.
Many CISOs we interview for this magazine believe their greatest accomplishments are when they influence and make an impact on young people interested in entering the field. Some encourage internships with high school and college students at their organizations. Others host students for educational cybersecurity days or teach at local colleges and universities. A large amount of CISOs who teach use this as a way to give back, but also to recruit future team members.
PROMOTING AND GROWING
To retain a strong, quality workforce, many CISOs invest heavily in a core group of team members. These professionals aspire to grow within the organization and seek to take on more leadership roles. Promoting cybersecurity job openings amongst other departments within an organization may be key to attaining additional talent.
Many CISOs agree they can teach cybersecurity skills to anyone, but the soft, business skills are what they look for in candidates. When this is the case, looking outside of professionals with cybersecurity backgrounds may prove beneficial. Employers may consider hiring lawyers, accountants, or HR professionals who can bring other core business functions to a technology position.
In conclusion, the skills gap is a fundamental and persistent challenge that is continuously growing. Industries and organizations must work together to: promote cybersecurity careers by way of internship and training opportunities for students, encourage women to work in the STEM field, develop talent from within and look outside of traditional tech fields to procure talent.
Forbes, “One Million Cybersecurity Job Openings in 2016”
CSIS, “Hacking the Skills Shortage” 2016 Study
Security Magazine, “How Cybersecurity Education Aims to Fill the Talent Gap”
VentureBeat, “Digital organizations face a huge cybersecurity skills gap”
Executive Women’s Forum 2017 Cybersecurity Workforce Study