Addressing the Cyber Security Talent Gap
In our current digital dependent society, where technology changes quickly and threats are ahead of the most common Security Controls, Security professionals play a fundamental role securing our most valuable asset, our data. Moreover, from the enterprise point of view, customer and company data represent the most valuable commodity requiring strict controls and well-defined policies.
In this regard, the shortage of Cyber Security professionals is not clear among the different actors in our business, some indicated that is between 1 to 3 million globally [1], others indicated more than 3 million [2], or 1.8 million [3], and all of them agree that the number is growing every year.
Something clear in those statistics is that the number of Security professionals required by the market is just increasing in time. Accepting the fact, what could be the possible solutions to this problem? Many are proposed, like: investing in early talent, creating your own talent pool proposed by CISCO [4] or the Hitachi approach [5], among others.
Currently, institutions like Homeland Security are providing free access educational tools to teachers and students, these tools can be easily integrated into a much wider spectrum courses, e.g. IT University Courses/Curriculum [6]. The latter represents a slight problem. Few Academic Institutions have Cyber Security/Information Security formal programs in their current offer. Moreover, IT professors with Cyber Security/Information Security specialization are few compared to other more popular courses/careers.
I think that specific changes have to happen in order to improve the talent that decides to go to a Cyber Security Career, some of them are:
- Encourage academic institutions to adopt material already available like the one provided by Homeland Security and include them in the Cyber Security curriculum, another valuable source of information is SANS which provides a series of videos in their Youtube channel that could be used as a reference.
- Slowly make efforts towards the image improvement of Cyber Security professionals, in which due to different characters portrayed in the TV or movies, make us look like people that could not interact with society and having serious communication problems with it, where in reality, Cyber Security is much more than technical knowledge alone, it requires a series of soft skills in order to correctly communicate and translate the different Security requirements to senior managers, either in Enterprise size companies smaller companies.
- Promote, either from the private or public sector or together, the participation of students in Cyber Security related events, like Hackathons. Those experiences could create interest among students to pursue a Cyber Security career.
- Enterprise size companies and big companies, which uses different specific Security tools to protect their infrastructure, could get talent from another IT areas interested into a career shift. The big advantage of this strategy is to collect multidisciplinary talent that could provide a different point of view regarding security strategies and policies, improving the general security posture of the company.
Private and public institutions need to work together to find a common ground to solve this talent gap problem since its jeopardize our information in general spite of being private or public.
References
[1] https://gblogs.cisco.com/ch-tech/closing-the-cyber-security-talent-gap/?doing_wp_cron=1530863459.5774390697479248046875
[2] https://www.darkreading.com/careers-and-people/bridging-the-cybersecurity-talent-gap/a/d-id/1331858
[3] https://www.scmagazineuk.com/skills-security-fighting-shortage-closing-gap/article/1473363
[4] https://gblogs.cisco.com/ch-tech/closing-the-cyber-security-talent-gap/
[5] https://www.hitachi-systems-security.com/blog/talent-shortage-in-cybersecurity/
[6] https://www.dhs.gov/education-cybersecurity-careers
.jpg)
.jpg)
.jpg)
.jpg)