The cybersecurity talent shortage crisis

13334048894_db638d5080_k

Cyber-threats and data breaches are growing in number and severity, botnets are enlisting new conscripts at a chaotic pace, cryptoransomware attacks are raking in millions for malicious hackers… and we are hard-pressed and ill-prepared to face the challenges that lie ahead. The widening gap of cybersecurity talent is at the heart of this crisis. There’s currently a 1 million shortage of skilled workers in the cybersecurity sector. According to (ISC)2, that number will rise to 1.5 million by 2020 – Cisco’s Annual Security Report says we’ll reach the 1.5 million threshold by 2019. A study led by ISACA shows that most organizations are having trouble find cybersecurity talent to fill their IT security vacancies.

An argument that helps in understanding the cybersecurity talent gap is offered by Ira Winkler, President of Secure Mentem, in a ComputerWorld op-ed. In the article, Winkler rightly argues that the shortage of cybersecurity talent is rooted in the fact that companies and agencies are looking in the wrong places. Winkler proposes that instead of perceiving security as a standalone discipline, it should be considered as a discipline within the computer field.

Most companies require hard-to-obtain certifications for their security posts. In the U.S. alone there are currently around 50,000 jobs that require CISSP-certified professionals, but the actual number of people who can fill those posts are not even near that number. However, many prominent security professionals have entered the field without a cybersecurity degree or any security-specific training, because they had already acquired the needed basis through their practice of other disciplines such as programming or network administration.

And fact of the matter is that most security incidents and cyber-attacks do not take place through highly sophisticated methods, but are rather as a result of badly implemented security policies within organizations or the general lack of awareness among employees which lead to different forms of social engineering attacks such as phishing and the distribution of malware. Remedying this situation does not require too much domain-specific knowledge. Organizations and firms only need to look for cybersecurity talent among the more experienced members of their staff.

Different initiatives and programs, sponsored by government agencies and the private sector, have been launched to help deal with the security talent shortage problems. Some of them involve using gaming concepts and competition to find cybersecurity talent among professionals in other IT and programming sectors, and to attract the young, tech-savvy masses into considering this as a career by informing them about the industry’s dire need and the rewarding job opportunities that are available in the domain. Examples of cybersecurity competition include UK’s Cyber Security Challenge, and CyberPatriot in the U.S.

Another approach that is worth mentioning is efforts being made to raise awareness at the average employee and executive levels about cybersecurity issues. Human errors account for a huge number of security incidents, and organizations should try to improve security by making turning their employees in their biggest security assets. Some of the nice trends we’re seeing in this area is again the use of gaming concepts, such as PwC’s Game of Threats, which allows senior executives and board members deal with real-world cybersecurity situations from a higher perspective in a game. Data Guardian has also come up with a nice gaming concept, called Data Defender, which actually turns cybersecurity measures and practices into a game which rewards employees for their good behavior and penalizes them for policy breaches.

Bug bounty programs might also help in both finding cybersecurity talents and preventing discovered security holes from being put to malicious use. Tech firms have been using this type of approach for years, and more recently the Pentagon announced its own bug bounty program, inviting white hat hackers to find security gaps in its networks and reap the rewards.

And finally, the improvement of AI and advances in machine learning technologies might help somewhat in dealing with security threats and filling the cybersecurity talent gap. We’re still not quite there, but we’re getting close. Though I do admit that I’m reluctant to see humans giving up their jobs to robots.

The cybersecurity talent shortage is real and serious, and we need to think about it and deal with it today. Tomorrow might be too late.

23 comments on “The cybersecurity talent shortage crisis

  1. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  2. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  3. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  4. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  5. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  6. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  7. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  8. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  9. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  10. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  11. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  12. […] vertus, ten išplėsti kibernetinis saugumas talentas atotrūkis laisvoms pareigybėms užimti. Mes niekada atrodo pakankamai įrankių, kaip elgtis su naujomis […]

    Like

  13. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  14. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  15. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  16. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  17. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  18. […] the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that […]

    Like

  19. […] the yearly growth of data breaches in number, size, severity and complexity. On the other hand, there arent enough cybersecurity experts to deal with the mounting cyber-threats that are endangering individuals, companies, organizations […]

    Like

  20. […] to high rates of undetected attacks and delayed responses. Moreover, were faced with a serious shortage of security experts, and the talent gap continues to widen at a worrying […]

    Like

  21. […] the security talent, or they dont have time and are too focused on functionality to care about the security of their website. This results in corporate websites going into production with severe security holes. Hackers have […]

    Like

  22. […] the security talent, or they dont have time and are too focused on functionality to care about the security of their website. This results in corporate websites going into production with severe security holes. Hackers have […]

    Like

  23. […] experts would offer a temporary reprieve, but the cybersecurity industry is already dealing with a widening talent gap, and organizations and firms are hard-pressed to fill vacant security […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s