Talent shortages continue to pose problems for organizations wanting to strengthen their cybersecurity postures. With new threat actors entering the fray all the time and deploying increasingly sophisticated attack techniques, it’s a struggle to cope with the deluge of threats. Defense-in-depth requires a combination of security tools and skilled personnel — this article offers several strategies and solutions for addressing the persistent cybersecurity talent shortage.
It’s not easy to acquire the technical skills necessary to help defend businesses and governments against sophisticated cyber threats. Often, candidates need at least a four-year degree in computer science or a related field. On top of this, even entry-level positions require some type of certification demonstrating technical cybersecurity expertise.
The result of these relatively high barriers to entry is a chronic cybersecurity talent shortage that doesn’t seem to be getting any better. The statistics paint a worrying picture about the current state of this talent shortage:
● As of December 2021, a job-tracking database from the U.S. Commerce Department shows almost 600,000 unfilled cybersecurity positions.
● A 2021 study of cybersecurity professionals found that 57% of respondents worked at organizations directly impacted by the cybersecurity talent shortage.
These numbers are particularly concerning in light of increased cybersecurity risks. Incidents like The Colonial Pipeline breach and the Accellion supply chain attack continue to make media headlines. Remote and hybrid workforces increase the attack surface for adversaries. No organization, no matter its size or industry, can afford to give threat actors a head start by trying to defend against attacks with limited security skills.
There is no single solution to address the dearth of cybersecurity talent. The answer lies in a combination of several strategies that can help reduce the burden on existing security teams in the short term and provide a consistent stream of skilled security personnel in the future.
Drive Cyber Awareness Early
There’s a strong argument for introducing cybersecurity concepts and career paths to people far earlier in life than is the current norm. One compelling survey of 4,000 Millennials aged 18-26 found that 67% of men and 77% of women said no high school teacher or career counselor ever mentioned the idea of a cybersecurity career to them. While this is undoubtedly an alarming finding, it also demonstrates a good opportunity to drive cyber awareness far earlier in young peoples’ lives.
As digital transformation further shapes the way businesses operate and how societies function, future workforces need to understand the pressing need to secure digital information from an early age. At an elementary school level, educational programs can teach young children about basic cybersecurity concepts. It’s important to frame this awareness in a way that resonates with younger kids without instilling fear in them about interacting with technology.
When children transition through high school, guidance counselors and STEM subject teachers should take concerted efforts to introduce cybersecurity as a viable and rewarding career path. Aside from its above-average salary, cybersecurity employees play a genuinely important role in safeguarding the digital assets, systems and applications that make modern society tick. Communicating the society-wide importance of cybersecurity from an early age increases the likelihood that students will opt for it as a career path, which will help to plug talent shortages over the medium to long term.
Offer Upskilling and Re-Skilling Opportunities
Demand for cybersecurity skills far outstrips supply, but what if there was a way to increase supply without competing for a narrow pool of graduates with formal cybersecurity education? Companies willing to look beyond technical cybersecurity skills and consider digitally literate candidates demonstrating other core cybersecurity competencies stand a better chance of closing their skills gaps. These core competencies include:
● Critical thinking
● Analytical skills
● Clear communication
There is a far larger pool of candidates both within existing workforces and in the wider labor market with these skills than those with specific technical cybersecurity skills. This large pool of candidates has excellent potential for re-skilling or upskilling to cybersecurity roles. Technical skills are teachable through structured training programs; public and private sector investments in such programs are likely to bear fruit by vastly improving cybersecurity at organizations from startups to enterprises.
Tool Consolidation and Integration
An often-overlooked element that worsens talent shortages in cybersecurity is the problem of security tool sprawl. The average enterprise has 29 security monitoring tools in place and 42% of security teams cite a lack of integration as the primary reason they don’t use many of these tools. A slew of siloed, poorly integrated security tools leads to alert fatigue caused by analysts flitting between multiple different consoles just to figure out what’s happening on their company’s network.
With so many attacks inundating organizations daily, minimizing headaches for existing security teams is an important way to ease difficulties caused by cybersecurity skills gaps. Tool consolidation and integration enables existing teams to become more productive and efficient in monitoring the security posture of your network. A notable example of tool consolidation and integration is Secure Access Services Edge (SASE), which is a new framework combining security and networking capabilities in one cloud-delivered console.
Leverage Managed Services
Businesses need to start addressing their cybersecurity talent shortages today. Managed security services providers (MSSPs) enable organizations to leverage ready-made, cost-effective cybersecurity expertise. The infusion of talent from MSSPs without the time-consuming need to locate, train and recruit cybersecurity employees is somewhat of a saving grace in the current threat landscape.
MSSPs typically offer a range of different security services for businesses to choose from, such as:
● Managed detection and response to accelerate and streamline incident detection and mitigation
● Monitoring and managing the endpoint devices connected to your network
● Consulting services to help tailor security technologies and strategies to unique business requirements
An MSSP uses economies of scale to provide security services to multiple customers. By outsourcing some of your security needs to a team of highly trained cybersecurity professionals, your organization can quickly close existing skills gaps and reduce the burden on in-house security teams.
With reports and surveys continually highlighting cybersecurity talent shortages, most organizations and governments are aware of the problem. Acknowledging the challenge is just the first step — taking action in light of the available strategies and solutions is critical.
At Nuspire, our security expertise quickly extends your in-house security skills through a range of managed services. Contact us today to start closing your organization’s cybersecurity skills gaps.