The lack of cybersecurity skills is a global challenge. In regions like the Middle East, North Africa, and Latin America, there is a pressing need to address this issue, especially as organizations rapidly embrace digital transformation.
Due to the fast-paced growth of cyber threats, there is a need for a new generation of qualified young individuals capable of defending against cyberattacks.
New research from the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) indicates no end in sight. This year, 71% of security pros say their organization has been impacted by the global cybersecurity skills shortage – up from 57% in 2021. What type of impact? Of those reporting that their organization has been impacted:
- Sixty-one percent claim the skills shortage has led to increasing workloads for existing staff. Now, there’s a good idea: Ask overworked employees to do even more. What could go wrong?
- Forty-nine percent claim the skills shortage causes new jobs to remain open for weeks or months. I find that this is especially true in smaller organizations, those in remote areas, and those in the public sector, but even large and well-resourced organizations report difficulties in filling jobs.
- Forty-three percent claim the skills shortage has led to high burn-out and/or attrition rate among cybersecurity staff. The skills shortage is sort of a self-fulfilling prophesy. Organizations are short-staffed or lack advanced skills. So, they push their employees to do more with less. Employees burn out and seek greener pastures, creating new job openings that go unfilled and lead to more work for existing staff. Not good.
- Thirty-nine percent claim the skills shortage has led to an inability to learn or use security technologies to their full potential. I call this the “Microsoft Word” phenomenon. We all use Word (or something similar), but most of us use less than 10% of its functionality. Why? Because we never have the time to learn more. Fine, we muddle through with Word, but this minimalist behavior is unacceptable when organizations spend thousands on technical security controls, only to learn the basics, and remain at risk. CISOs should find this situation totally intolerable.
- Thirty percent claim that the skills shortage has led their organizations to hire and train junior employees rather than experienced candidates. This strategy is okay if you invest wisely on internship, mentoring, and training programs to create a cybersecurity center of excellence. In fact, organizations that do so will find it much easier to recruit and hire as word of these progressive programs gets out within the cybersecurity diaspora. If the training is shoddy, junior employees will be quickly overwhelmed.
Urgent Need for a New Generation with Cybersecurity Skills
1. Cybersecurity Analysts and Researchers: Key Players in Cybersecurity:
Security analysts and researchers will play a crucial role in monitoring and analyzing security events and incidents. With the increasing size and complexity of electronic threats, organizations will continue to depend on skilled experts in this field to detect and effectively mitigate risks.
2. Cloud Security Specialists: Ensuring Secure Cloud Environments:
The role of cloud security experts is centered on securing cloud environments. This involves designing robust security infrastructures, implementing them, establishing secure access controls and encryption mechanisms, monitoring threats, and responding to security incidents.
3. Security Vulnerability Researchers:
Security vulnerability researchers play a vital role in cybersecurity by identifying weaknesses in software and hardware systems. They analyze and test these vulnerabilities, using a variety of methods, including manual testing and automated scanning tools, to uncover potential exploits or weaknesses in systems.
4. Incident Response Specialists:
The demand for skilled incident response specialists is increasing with the rise of sophisticated cyberattacks.