Updated: Feb 7
Our appreciation to Dr. Mutlu, School of IT Professor, for sparking this discussion.
The need for protection against cyberattacks is increasing as technology is becoming critical for organizations, from the U.S. government to mom-and-pop businesses. Hostile actors are improving persistent and sophisticated cybercrime strategies faster than ever. Increased cyber risk has rendered organizations and businesses more susceptible to more destructive and less predictable cybercrime. It is undeniable that the Covid-19 global pandemic forced the workforce to shift away from the office, which resulted in an expanded environment for potential cybercrime attacks.
The market statistics show that demand for cyber security workers is greater than supply, creating a significant cyber workforce gap and resulting in exposure to more destructive attacks than ever.
Fortinet, a global leader in cyber security services, published a global research report in 2022. The report states that “Worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness. While the surveys reveal that 67% of respondents agree that the skills shortage creates additional cyber risks for their organization, 60% of organizations struggle to recruit cybersecurity talent, and 52% struggle to retain it.”
The 2022 annual Cybersecurity Workforce Study by (ISC)², The International Information System Security Certification Consortium, highlights the critical value of calculating a global workforce estimate and a gap in the field of cybersecurity. Despite adding 464,000 more jobs to 4.7 million of the existing headcount in the previous year, the growing demand in the global cybersecurity workforce is only expanding the worldwide gap of 3.4 million cybersecurity workers.
While the modern cybersecurity landscape is facing increasingly complicated threats due to the staffing shortage reported by organizations, it is essential to identify and improve the key data entry points contributing to the current skills shortage and what organizations can do to mitigate them.
The most negatively impactful issues to the skills shortage are internal factors–lack of prioritizing cybersecurity, training staff, and offering opportunities for growth or promotion–which organizations can take steps to address. Surprisingly, being unable to hire or recruit qualified employees was the least impactful challenge based on the (ISC)² analysis.
Organizations with initiatives to foster internal talent – rotating job assignments, participating in mentorship programs, and encouraging employees outside of cybersecurity to join the field – are more likely to minimize the skills deficit. Additionally, investment in integrating automation for time-consuming, repeatable tasks allows workers to dedicate resources to advanced-level tasks, reducing staffing shortage issues without requiring additional staff.
In Infosecurity Magazine, author James Coker reviewed the (ISC)² report. He noted that internal factors impacting skills shortage included struggling to keep up with turnover/attrition (33%), not paying a competitive wage (31%), not having the budget (28%), not offering opportunities for growth/promotion for security staff (24%), and not putting enough resources into training non-security IT staff to become security staff (23%).
Organizations are demonstrating new approaches to the hiring process to bridge the skills gap, such as collaboration with HR on finding a middle ground when requiring exclusive certifications and years of experience for cyber roles. Supporting candidates by offering compensation for certification programs and exams remains a worthwhile tool for widening the talent pool and bringing greater accessibility to cybersecurity jobs.
Furthermore, the White House National Cyber Workforce and Education Summit called organizations to action to capitalize on the benefits of the digital domain. Cisco, Fortinet, and (ISC)² are among the organizations that announced free, entry-level cyber security training.
In an effort to fill the talent gap, Elastic N.V., a company that delivers search-powered solutions, encourages all employees to "come as they are” by advocating for advocating for diversity, equity, and inclusion in the industry.
The demand for cybersecurity professionals remains unmet as new graduates are unable to meet the requirements to secure a position due to insufficient technical skills and hands-on experience. Although the combination of soft and technical skills has been conventionally preferred in cybersecurity roles, cybersecurity HRs are shifting their approach. HR professionals now seek those with the desired behavioral attributes and the cognitive aptitude to acquire the required technical skills.
Universities are restructuring the curricula to prevent skills shortages caused by the inadequate foundation in math and science, which are strongly linked to problem-solving skills. Further, universities are taking initiatives to connect students with professors and professionals who advance the industry, which provides remarkable opportunities for students trying to break into the field.
In partnership with academia, “Big Tech is hacking the global skills shortage,” reported Cybercrime magazine. Microsoft recently launched “a national campaign with U.S. community colleges to help skill and recruit into the cybersecurity workforce 250,000 people by 2025, representing half of the country’s workforce shortage.“
In contrast to business, government, and academia, students and new graduates are still raising questions about the future of cybersecurity jobs in the face of increased digitization. It looks like some questions are going to be left unanswered for a little longer regarding the potential benefits and implementation cost of artificial intelligence in cybersecurity are still being researched.
Busra Nur Arapoglu
Master of Science in Cyber Security