According to recent estimates, there will be as many as 3.5 million unfilled positions in the cybersecurity industry by 2021 highlighting an acute cybersecurity talent shortage. Interestingly though, the security industry is fast-growing and is expected to be over a $101 billion opportunity by 2020, as per IDC. So what’s causing this cybersecurity talent shortage?
The Cybersecurity Talent Shortage
Security engineers are increasingly hard to find and command top salaries when available. Of course, this is great news for cyber criminals! They are doing everything they can to take advantage of this situation. The last three years have seen the highest and most damaging cybersecurity attacks on numerous businesses and governments around the world. The cybersecurity talent shortage definitely puts many organizations in a tight spot. These companies are at high risk of suffering a data breach that may take years to recover from.
According to the 2017 Global Information Security Workforce (GISW) Study, two-thirds of its nearly 20,000 respondents indicated that their organizations lack the number of cybersecurity professionals needed for today’s threat climate. If that data was shocking then digest this - according to Dark Reading’s report, only 14% of IT security managers feel there are currently enough cybersecurity professionals in the field with the needed skills to hunt down and respond to threats.
While those security experts that have specialized skills get quickly snatched up by large corporations, other companies need to tap into such expertise, if not internally, then externally.
Since this skills gap crisis along with the shortage of enough talent is not going away any time soon, we need to find solutions to this problem in new ways.
Humans are not the only answer
Humans are limited in their ability to process information in a certain about of time. This is where security solutions that use machine learning, AI, automation, etc. can handle millions of events in a single day. Products like Appknox can help discover and resolve security threats early on through a combination of steps powered by sophisticated algorithms.
The catch is that while the technology enables you to detect more threats faster than ever before, the alerts it produces still require investigation and analysis, and when more threats are detected more cybersecurity professionals are required to respond to and hunt down these threats.
So, find tools that can work in your existing infrastructure and that can work well without the need to expand your cybersecurity teams.
Don't just rely on technology
Yes, I actually said that. Solving this problem requires a different mindset and thought process. We cannot rely on technology alone. The talent crisis is real and we don't have the privilege to wait for a few years. There are companies and individuals who work with organizations to look at their people, processes, and technology in a holistic way which means organizations can discover ways to get more done without adding any more resources. Companies can't do everything themselves and this is where other security service providers can be of help.
Try new approaches to hiring
Companies that need to attract the right talent have to use new methods to get their attention. Here are some things you can do:
• Get better at outreach: Remember that hiring isn't limited to career fairs and recruiting programs. Get involved in community-building activities at the school, city, and national levels to start building your recruitment pool.
• Build a local cybersecurity ecosystem: Work together with universities, companies, and other security-focused groups to create an engaging cybersecurity ecosystem. Host cybersecurity events which can be a great way to attract young talent to come into your organization early.
• Train, train, train!: As soon as you have new hires onboard, make sure they receive the right kind of mentorship, support, and quality projects to ensure they learn and grow. You've put in a lot of effort to find these talented individuals. It's now up to you to ensure they stay, contributes beyond potential, and grow individually as well. Ensure you have a sizeable budget for continuous learning and improvement. Cybersecurity is an area that changes very fast and you don't want to let your workforce stay behind.
Non-tech could be your answer
Remember in the early days of the software business, companies didn't care if a programmer had studied computer science because even universities were far behind. The same is the case with cybersecurity. Many companies look for individuals to have an existing scholastic background which might be the bottleneck in hiring. Many individuals with a non-tech or non-cybersecurity background can do wonders with a little bit of handholding.
We hope some of the above tips can be useful for you to solve your cybersecurity problems. Always be on the lookout for talent and always make sure you spend well to keep them updated.