If you work in a cybersecurity team, you will be under much pressure these days. According to the latest industry reports, the ongoing pandemic has further widened the demand-supply gap for cybersecurity talent. But this shortage was a challenge long before the pandemic emerged last year. The cybersecurity skills gap now numbers more than 4 million unfilled jobs. In the CISO MAG “Confidence in Hiring” survey, 68.96% of respondents say they are slightly understaffed (37.93%) or severely understaffed (31.03%). Per the (ISC)2 “Cybersecurity Workforce Study, 2020” around 22% of respondents reported a significant shortage of dedicated cybersecurity staff, and 42% reported a slight shortage.
While the supply side hasn’t kept up, the frequency of cyberattacks on organizations increases at an alarming rate as adversaries get bolder and take advantage of the situation. That puts tremendous pressure on the CISOs and their organizations as they struggle to find the right people for the job. “For cybersecurity leaders, the challenge of recruiting and retaining the best technical and business professionals is a constant worry. The security workforce shortage remains substantial. There is continued high demand for cybersecurity professionals and an ongoing shortage of talent,” says Prashant Bhatkal, Security Software Sales Leader, IBM Technology Sales, India/South Asia.
CISOs are confronted with the challenge of finding the right talent from thousands of job applications and resumes that reach their Inboxes every week. As Zoom CISO Jason Lee tells us, “During the pandemic, it has been much more difficult to hire. There is much competition for cybersecurity experience. It is difficult to find and recruit the right people when there are so many positions open out there.”
Concurring with Lee’s views, Dick Wilkinson, Chief Technology Officer, New Mexico Judicial Information Division says, “Organizations struggle to identify the skills they desire in security professionals. Within an IT department security is still mysterious. The skills of implementing controls and responding to minor incidents happen in the shadows. That can make it hard to evaluate what kind of person with what skills will be right for this new job. Anticipating the skills to match near future threats or security trends is even harder.”
Attrition rates are high in the industry, as cybersecurity specialists are in high demand and easily wooed by higher pay packages with fancy perks. And the candidates that are fresh out of university lack other skills that are more aligned to business, leadership, and communication. What good then are fancy degrees and certifications when one cannot communicate risks and articulate the impact of the threat in business terms? Certifications are not too difficult to acquire, given the mushrooming of online training institutions, many of which offer inadequate training that is not aligned to industry requirements…To read the full story, subscribe to CISO MAG.
This story first appeared in the May 2021 issue of CISO MAG.
About the Author
Brian Pereirais the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).