The Cybersecurity Talent Shortage

Vendors AND companies have a huge role to play in closing it, the gap is too large for any one sector to superhuman their way through it. As of now, numerous reports show that we are in a talent drought when it comes down to Information Security, Cybersecurity, InfoSec, or whichever buzzword you want to attribute to it. According to the Bureau of Labor Statistics, there is a staggering 28% growth spike on the horizon. There remain about 1.8 million unfilled positions nationwide and just over 3 million vacant positions worldwide. This gap is only expected to grow as time goes on. Given this information, the insufficiency of cyber skills is a significant risk for many organizations, one that can no longer be overlooked.

Start the FREE Intro to IT and Cybersecurity Course >>

The shortage is affecting current security operations teams. It is leaving them overworked, understaffed, causing unsafe cybersecurity practices, and leading to more careless errors in our networks and security resources.Knowing that our cybersecurity workers are under a massive amount of pressure, its no wonder that the Ponemon Institutes’¹ research shows that 70% of data loss attributes to misconfigured cloud storage, servers, networks, and human error. Misconfiguration is now just as common as a security attack. Data Breaches that connect with these lapses have increased over 400% over the last year. How do we combat this trend, and how do we begin fixing the issue?We can begin to combat the shortage by overhauling our current training programs to now include the general population. What this means is to keep a focus on expanding the technical skills needed, and to begin training everybody on necessary awareness. The most basic attacks frequently prey on the general workplace since most workers don’t typically know what to look for. Attacks such as phishing emails, spearfishing, and other social engineering attacks and techniques are often the beginning of an event. This failure is not one that can attribute to any one person or team. It is a failure in understanding that cybersecurity is everyone’s job, no matter the role they are playing in the organization.We must also begin looking at the overall population in relating to the numbers of workers. Students, career changers, and returning workers are creating a vast talent pool that brings a more holistic view of cybersecurity. These workers are being overlooked for one reason or another. A good friend once said that “it is not the job seeker unwilling, its the person hiring afraid to pull the trigger and see the jump.” This overlook is making the current issue worse and creates an irreversible loss with talent that can be valuable. 

 Both company and vendor-led organizations can implement the idea of a comprehensive strategy. This plan can be accomplished by involving all workers, pulling from unconventional talent pools, and designing programs. This way, workers will not have to seek out a plan or learn from an attack. We can then start tackling the shortage of skills, as well as in the workforce. Reference:1. https://www.ibm.com/security/data-breach