There are thousands of companies looking to hire security professionals, all at the same time, which has led to not just consistently rising salaries but also a significant crunch in the available cybersecurity skills and talent in the market.
The world of cybersecurity is always changing. There are new threats, new risks and new vulnerabilities emerging every day. These data breaches cost most companies $1.25 million to over $8 million on average and this shortage has severe implications for any company struggling through it. Then there’s the financial incentive for cyberattacks. Healthcare records have been reported to sell for almost $150 per record.
That’s part of why it’s so essential to hire skilled cybersecurity experts. However, unfortunately, most companies are finding it challenging to meet that requirement. There aren’t enough people to fill the available cybersecurity roles. According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs by 2021.
Another report estimated that the US cybersecurity workforce would grow by 62% in the coming years to meet the business demands for skills. Globally, the numbers are even more daunting. The group calculated that the global cybersecurity workforce needs to grow by 145% to eliminate the skills gap.
Companies Are Struggling With Finding CyberSecurity Skills And Talent
Companies may not be able to find adequate qualified people to help create an intelligent cybersecurity and privacy program. The challenge has become apparent in the last five to ten years with a sharp increase in cyberattacks, all the way from ransomware to zero-day malware to now sneaky crypto-mining attacks.
Not only have cyberattacks risen in frequency and intensity, but also cybersecurity has now become a board-level challenge, and senior-level executives have understood that cybersecurity is a core enterprise issue which cannot be taken lightly and therefore most of them have begun putting more funds behind it. There are thousands of companies looking to hire cybersecurity professionals, all at the same time, which has led to not just consistently rising salaries but also a significant crunch in the available skills and talent in the market.
Technical debt in the software code leaves tech products and services vulnerable to attacks. And if there is a crunch of quality talented and competent security experts, it will force the companies to use IT/Network teams, which doesn’t help much when it comes to securing sensitive enterprise data given there are tens of security-specific tools which are used to ensure ideal network and data security. Many companies accept they are lagging in providing an adequate level of cybersecurity training also.
Who’s Qualified, Who’s Not To Match The Attacks?
The issue of security skills does exist based on educational qualification, and there is another perspective to look at it. Security engineers with college degrees are already rare in the skills market, but a formal cybersecurity education is not stunting the talent pool.
There are thousands and thousands of ethical hackers all over the world who are not being hired into traditional full-time roles just because they may not have the conventional engineering degrees despite having better hands-on skills than many enterprises IT security managers. This is because a typical job role of an ethical hacker consistently requires him/her to participate in hackathons and bounty programs to look for security bugs. So, the lack of formal education should not stop companies from slowing down recruits to the cybersecurity skills pool.
But, do typical college degrees help offer adequate cybersecurity courses for the next generation of security professionals? According to experts, only a small number of colleges in the US offer cyber security-specific courses for undergraduates. That’s just the US which still has the best availability of talent and skills in security. The situation is probably worse here in India. Experts say the solution, therefore, lies in ethical hacking education which caters to developing a hands-on approach to preventing attacks.
Also, how do you train people on new threats? For example, many IoT-based endpoint attacks —Advanced Persistent Threat (APT), or even zero-day attacks are unique, and the previously unknown technical nature and their solutions are not cognizant to anyone until the attack happens.
This requires constant learning and relearning, which traditional degrees won’t give. On the other hand, specialised courses can undoubtedly tackle the issue given the syllabus is continuously optimised. New education tools are cropping up outside of the traditional classroom, offering free coursework designed by ethical hackers for the growing cybersecurity talent and skills pool.