With the tech unemployment rate currently at 2 percent—low by historical standards—employers everywhere are scrambling to find the talent they need, especially in cybersecurity.
For example, Enterprise Strategy Group (ESG) reveals that 47 percent of organizations lack the right skills for security operations. In addition, CyberSeek, a joint initiative of the National Institute of Standards and Technology’s (NIST) Nice program, Lightcast and CompTIA, says there are about 1.1 million people employed in cybersecurity in the U.S., but there are still more than 663,000 positions available.
Because many companies lack the funds to hire what they need and are juggling multiple responsibilities, this skills gap is even wider, according to Sedric Louissaint, an MMA fighter and founder of cybersecurity training program Susos.co.
“Organizations are still finding ways to make cybersecurity budget cuts, even though [the positions] are required,” Louissaint said. “They need this head count.”
Companies should be more realistic about the types of talent that can help in cybersecurity, whether that is someone fresh out of college or coming from a boot camp program, Louissaint added: “They don't really want to take a chance on someone fresh and new… That hurts the job market because you have people coming out of college with these degrees, and some of them can't find employment, partly due to the lack of hands-on experience and practical skills.”
Because many companies can’t afford to hire cybersecurity professionals for high-salary positions, organizations are at higher risk for data breaches. In fact, the fast pace of technology and more complex cyber threats are flying past the development of talent in the cybersecurity field, according to Louissaint.
Tech companies are working on ways to attract more cybersecurity workers. Here are some ways that tech leaders can bridge the cybersecurity skills gap.
Invest in Education and Training
Investment in education and training can provide new technologists with the skills they need to compete for cybersecurity roles.
“I believe that companies should actively support and promote educational programs, workshops and seminars that focus on developing cybersecurity skills,” Louissaint said. “They can also collaborate with academic institutions and industry experts to ensure curricula stay up to date with the latest trends and technologies.”
For example, ThreatQuotient launched the ThreatQ Academy Online to provide continuous learning in cybersecurity and training on how to use the data-driven ThreatQ Platform. The program provides self-paced training in security and intelligence operations along with hands-on skills assessments. Participants are awarded a ThreatQ certificate upon completion.
Consider Capture-the-Flag Competitions
Capture-the-flag competitions are an effective way to develop cybersecurity skills in organizations.
Along with continuous learning programs, capture-the-flag competitions gamify cybersecurity training while keeping it engaging, competitive and interactive, according to Louissaint: “Participants develop hands-on experience in solving real-world cybersecurity challenges, fostering practical problem-solving skills and enhancing their understanding of various attack scenarios.”
In one effort, Mitre is conducting Capture the Flag competitions sponsored by Fortinet to hone skills and protect microelectronics and semiconductors from attacks.
Encourage Diversity and Inclusion
Prioritizing diversity and inclusion is an important way to address the cybersecurity skills gap with creative talent, Louissaint noted: “In my opinion, fostering a more inclusive work environment can help companies tap into a broader pool of talent, which will help bridge the skills gap… Encourage diverse hiring practices and create mentorship programs that support underrepresented groups in the field.”
For example, Microsoft is working with partners to bridge the gender gap in cybersecurity. In April, the company announced it is expanding access to cybersecurity skills for women and girls with its Ready4Cybersecurity program. With the initiative, Microsoft plans to skill and certify 100,000 young women and underrepresented youth in cybersecurity in Asia by 2025. The company will partner with nonprofits to provide training in underserved populations with a focus on young girls and women.
Support Development of Hard and Soft Skills
In addition to hard cybersecurity skills like threat detection and response, risk management, secure software development, cloud security and data privacy, bridging the cybersecurity skills gap also includes soft skills like critical thinking, according to Louissaint: “Cultivating soft skills such as critical thinking, adaptability and effective communication is crucial to ensure technologists can effectively collaborate and respond to evolving cyber threats.”
Tech leaders should organize ethical hacking and “hack the box” activities, which are a form of gamification to allow individuals to sharpen their security skills.
Provide Training on How to Address Cybersecurity Alerts
Cybersecurity professionals must respond to many alerts related to cybersecurity threats, and often employees lack the skills on how to respond to them, according to Louissaint: “They don't have the skills necessary to understand what information and metrics that should be captured and should be logged and analyzed to indicate certain risks.”
The U.S. Cybersecurity and Infrastructure Agency (CISA) publishes alerts on its website. Cybersecurity firms alert the agency when a cyber-criminal compromises a network. Tech professionals interested in cybersecurity should keep an eye on these (and other alerts), which will give them an idea of the latest threats.