Increasing Skills Shortage in Cyber Security

Cyber security is a people issue on both sides of the equation: insiders who may pose a threat (intentionally or not) and the professionals tasked with preventing threats. There is a dramatic shortage of skilled cyber security professionals.

Increasing Skills Shortage in Cyber Security

Studies indicate a gap of 3.5 million cyber security positions – jobs that companies are hiring for but unable to fill – by 2021.

In addition, in the wake of the recent Equifax breach, there’s been a sharp focus on credentials in the cyber security space after news broke that the company’s chief security officer has degrees in music. This news, in turn, elicited various viewpoints regarding the value of certificates and just what makes a talented security professional.

Agreement On Skill Shortage

There seems to be plenty of agreement that there is a shortage of qualified personnel to fill the many open cyber security positions.

  • “We’re as close as possible to our unemployment rate being zero,” said Sam Olyaei, senior research analyst, at Gartner Security & Risk Assessment Summit in National Harbor, MD. “If you’re a cyber security professional with any kind of skill set, you already have a job and multiple offers on the table.”
  • An intelligence official noted that to be effective in cyberspace, the United States needs about 30,000 people with specialized security skills—it currently has 1,000.

Differing Views On Path to Skill Attainment

Is a technical degree a prerequisite for a senior security position? There are differing viewpoints on this question.

And, if you’re looking for a combination of a cyber security degree and several years of experience, that could be a tricky pairing to find. Degree programs in security haven’t been around for very many years, making it impossible to have both the degree and the experience.

Addressing the Skills Gap

Here are a few recommendations on ways to address the cyber security skills gap.

  • Machine learning to prioritize and investigate, and managed services to help augment staff are a few of the recommendations from Jon Oltsik, CSO, principal analyst at Enterprise Strategy Group. He goes on to call for additional support: “The cyber security skills shortage is an existential threat that impacts all of us. As such, national governments need to do more.”
  • Training junior in-house staff and supporting staff in certification attainment are recommendations cited by many.
  • Automation is a recommendation suggested by most experts who comment on the security skill shortage. A publication from Deloitte University Press states that with the use of advanced analytics, automation, and artificial intelligence, it’s possible to “train the technology” to deliver key insights that optimize cyber professionals’ work, streamline operational processes, and improve security outcomes.

One automation solution organizations can use to supplement their security team’s effort is online monitoring software.  This category of software allows IT to listen for insider threats, monitor activity, and establish alerts for suspicious activity.

Marianna Noll

Marianna Noll

Marianna Noll is a Maryland-based writer with an interest in the impact that technology has on organizations and users. She writes about software, user adoption and engagement with software, and IT security.

You may also like...

2 Responses

  1. Jon Stitzel says:

    I can say that automation does indeed have the ability make our lives a bit easier in the cybersecurity field. Unfortunately, none of the companies I’ve worked for or with over the course of my 20-ish years in cybersecurity have really had the desire, staffing, or buy-in to get cybersecurity basics really nailed down. Increasing automation is great, but if you’re only automating broken processes, you’re still failing. It’s just not taking as long to get there.

    • Megan Thudium Megan Thudium says:

      Great perspective and insight Jon. We also agree that if the process is broken, it’s pointless to begin an automation process. This is where we believe auditing the system and improving is the first step. Thanks for starting the conversation.

Leave a Reply

Your email address will not be published. Required fields are marked *