The cybersecurity workforce shortage is not hypothetical: According to the ISC(2) cyber-certification group, the size of the current workforce leaves a significant gap between the number of cybersecurity professionals working in the field (around 800,000 in the U.S.) and the number needed to keep organizations safe.
“In the U.S., the cybersecurity workforce gap is nearly 500,000,” according to the group’s annual cybersecurity workforce study. “By combining our U.S. cybersecurity workforce estimates and this gap data, we can calculate that the cybersecurity workforce needs to grow by 62 percent in order to meet the demands of U.S. businesses today.”
And globally, there’s a gap of 4.07 million workers, meaning the global workforce needs to grow by 145 percent.
Attracting Talent to the Field
It’s no secret that the threat landscape is expanding as businesses move to the cloud, embrace mobile and ramp up their use of the internet of things and connected devices. As a result, security is a top priority for businesses. In fact, 63 percent of respondents in a Wall Street Journal survey of 900 executives said that hiring cybersecurity workers is on their to-list for 2020.
So how do we fill these open positions when well-suited candidates are few and far between?
Since skilled cyber-candidates are not applying in droves to open positions, businesses are left with a few choices, and none of them are particularly cost-effective or operationally easy. For instance, organizations can train promising individuals –those with an adjacent skill set in, say, DevOps or general IT, or even “green” candidates with innate talent but no experience.
Relying on a pipeline of students coming out of universities with computer science, IT and engineering degrees has been the traditional route, but going forward, this won’t cut it – there are, quite simply, not enough of them going into cybersecurity to address the short- and long-term workforce demands.
As a result, many organizations are embarking on long-term plans to attract new pools of candidates to the field, such as
- setting up programs to raise interest from groups, such as women in STEM and Millennial gamers
- sourcing overseas talent through work visa programs
- providing opportunities for at-risk student population through inner-city youth programs
Essentially, expanding the workforce with these approaches will mean increasing awareness of cybersecurity opportunities within new segments, and a potential cultural shift.
“Secondary factors of this approach require candidates have an intense personal interest [and are] open to coaching and mentoring,” according to research from an inter-collegiate research team, “Identifying a Psychometric Profile for Vulnerability Assessment Professionals Talent Identification to Support Career Assessment.”
In Search of a Rare Skill Set
The research paper found that organizations are looking to fill four main job descriptions:
- Cybersecurity Defense Analyst,
- Cybersecurity Defense Infrastructure Responder
- Cybersecurity Incident Responder
- Cybersecurity Vulnerability Assessment Analyst
As if that search isn’t challenging enough, the researchers noted that it’s not just technical training that makes someone successful in these roles. “Cybersecurity requires professionals with strong communication and team skills to work across departments and disciplines,” according to the paper. In a quantitative study, the academic team uncovered that high-performing cybersecurity professionals will score well across verbal, numerical, abstraction, mechanical/electrical and organizing skill metrics. So, it’s not just about having a head for coding.
The Wall Street Journal survey supports this claim with 92 percent of respondents saying soft skills are “equally” as important as hard skills when it comes to hiring cybersecurity workers.
This means companies should be on the hunt for two profiles:
- computer science and engineering majors with high verbal aptitudes
- high-verbal majors such as business or liberal arts with an aptitude for IT
“Capitalizing on these attributes could expand recruitment to departments outside of computer science, IT and engineering to find individuals with strong soft skills who could be nurtured into a variety of cybersecurity roles,” according to the paper.
Managed Services Address the Gap
Given the challenges in attracting the amount of cybersecurity talent needed to keep organizations safe, managed services and outsourcing are emerging as a key strategy to shore up cyber teams. Businesses of all sizes can benefit from a managed security platform-as-a-service approach, which can offer 24/7 advanced security without the cost or complexity of building and operating their own platform.
Managed security is delivered from a central security operations center (SOC), staffed by analysts with expertise and certifications who act as an extension of a company’s cyberdefense team. This approach allows businesses to outsource cybersecurity talent to complement their own (whether that’s some or none) to gain the complex mix of skills required to support a truly comprehensive security program.
Ready to Boost Your Cybersecurity Team in 2020?
Contact High Wire Networks to learn more about our Overwatch managed security platform today!
Abbe Gunnink: 630-635-6717 abbe.gunnink@highwirenetworks.com
Leave a Reply