The cybersecurity skills shortage continues to turn into reality, getting worse slowly – creativity and diversity can fixing this.
The role of digital innovation initiatives has added to the skills shortage, expanding the
organizations’ IT ecosystems—and therefore expanding their attack surface. This has pushed the need for specialized talent to protect these investments further. In other words, while the number of cybersecurity professionals is multiplying, the demand is increasing even faster. Midsize, as well as small businesses, bear the brunt of the existing skills gap, as large organizations with brand equity often outbid them to acquire talent.
The smaller organizations are increasingly tempting targets for evolving cybercriminals—often as an option to infiltrate their large enterprise partners and customers. Regardless of the huge impact on each organization, it is evident that no single solution can be adequate to bridge the skills gap. Organizations need to be creative while designing a multifaceted approach to staffing an increasingly critical function.
According to the latest survey by Fortinet on the Widespread Impact from Cybersecurity Skills Shortage, technology-focused certification can help bridge the gap. Considering today’s alarming skills gap means that organizations should expand their recruitment efforts beyond existing cybersecurity traditional talent pools and workers to include individuals with specialized certifications. Technology-focused certifications are a tool that can assist workers in other professions to develop cybersecurity skills relatively quickly. The survey confirmed the 81% of respondents had earned certifications themselves, and 85% report that others on their team have certifications.
Fortinet’s survey clearly indicates that the cybersecurity skills shortage has a tangible negative impact on a wide range of organizations. Each firm needs to respond to the crisis according to its own risk tolerance and priorities, but it is obvious that no single approach is ever going to be adequate. On the demand side, each dollar spent on technology that makes cybersecurity professionals more productive, saving dollars on additional hiring needs.
These steps can include the establishment of a security architecture that is integrated from end to end—across multiple clouds, data centers, to Internet-of-Things (IoT) devices at the specific network edge. The use of AI to perform less complex security processes also can be instrumental in slowing down the growth of the required headcount of the cybersecurity team.
On the supply side, efforts to recruit people from non-traditional talent pools will pay dividends in diversifying the skills and perspectives of the team, as well as add to the total number of cybersecurity workers in the field.
Certification programs can give candidates the knowledge to perform critical security tasks.
Veterans are one group that can potentially provide highly qualified candidates who can then hit the ground running in many cases. Over time, individual companies can also address their own skills shortages by being thoughtful about employee retention.
Companies that pay above-average salaries and take steps to make them healthy and affirming places to work will see comparatively less turnover—and less of a cyber-security skills shortage over time. Whatever the specific efforts are taken by individual organizations, the cybersecurity skills shortage is not going away anytime soon. Companies that deal most effectively with the crisis will take a multifaceted, strategic approach— and this will pay dividends in increased security and higher profitability.