Closing the CyberSecurity Skills Gap
According to a recent ESG report, only 35% of cybersecurity professionals have a well-defined career path and plan to get to the next level. 56% of those surveyed indicated their employers do not provide sufficient training to keep up-to-date with threats to business and IT, whilst 46% say they are solicited by recruiters to consider other jobs at least weekly.
James Lyne, global head of security at Sophos, said: “We constantly hear from every enterprise and government, ‘we need more people, and more skilled people, in information security’. It is one of the fundamental and major issues for this country, and for many others.” He attributes the widely-reported skills gap in the UK cyber security industry to employers unwilling to develop junior talent. Could a potential solution lie in internships? James continues: “Too many employers are chasing the same small band of experienced cyber-professionals. At the moment every job spec you see is written with five or 10 years’ experience and they’re hiring the same people, not increasing the talent pool.”
Over in the US, the Commerce Secretary Penny Pritzker has suggested bold steps to tackle Washington’s cybersecurity shortages – currently estimated at 200,000 professionals. Her proposed solutions include debt forgiveness for graduates of certified tuition programs and cybersecurity apprenticeships within civilian agencies.
Professional services firm KPMG have started to recognise that recruiting based on key attributes rather than specific qualifications can lead to fruitful diversity within the cyber landscape. Head of CyberSecurity, Martin Jordan, has said he wants to see more history graduates, architects and actuary professionals filling the gap. Manager Lucy Chaplin explains their hiring strategy in more depth: “Cyber is now more than hacking; which is why we can recruit from more diverse backgrounds. Managing business risk, known as Governance, Risk and Compliance, is becoming more central to cybersecurity. And the skills required for this area, such as building bridges between different departments and diffusing emotions, are soft skills that people from non-technical backgrounds often have in abundance”
If they are to do anything to start reversing the trend of high staff turnover within the cybersecurity industry, CISOs, in conjunction with HR, must address the perceived lack of career development and training opportunities, as well as improving relations between traditional IT departments and cybersecurity teams.