Cyber Security Skills Gap Becoming Increasingly Worrisome



Dan Gunderman
10/31/2017

Cyber security’s increasing demand and notable skills shortage are going in opposite directions.

While estimates vary about the exact size of the skills gap, most industry insiders maintain that the number could hover around 3.5 million jobs come 2021. A joint report from Cybersecurity Ventures and the Herjavec Group reported that statistic earlier this year.

There are many contradictions in reporting this shortage, mostly because there are myriad jobs available – which are accompanied by high salaries. One aspect enterprise professionals have discerned, however, is that these positions will likely not be filled at the pace required to sustain optimal network defense and information security.

Robert Herjavec, recognizable for his role on the entrepreneurial ABC show “Shark Tank,” told TechRepublic that there are not enough security professionals to go around, especially in a dynamic field with multifaceted threats.

Another wedge driven into this issue is the time it takes to gain credentials and, likewise, valuable on-the-job experience.

See related: Six Traits Of A Great CISO

Similarly, what it partially comes down to, Herjavec said, is optics. Movies and other forms of entertainment depict cyber security as a sort of Bond-esque undertaking, when in reality the work can be straightforward, demanding and even repetitious.

Like any other industry, what many CIOs and CISOs search for in a candidate is base-level knowledge, along with passion, communication skills, etc. Nonetheless, that base-level infrastructure knowledge skews a bit differently for cyber security – insofar as highly technical skills.

Herjavec praised a potential candidate’s ability to communicate effectively – about all relevant software and protocols, and to all different audiences, including the C-suite.

The gap also comes in a year with a far-reaching data breach at Equifax, an incident which found cyber criminals accessing close to 150 million sensitive data records. More than 200,000 consumer credit card credentials were also reportedly lifted in the attack.

Senior Research Analyst at Gartner Security and Risk Assessment Summit, Sam Olyaei, publicly stated, “We’re as close as possible to our unemployment rate being zero. If you’re a cyber security professional with any kind of skill set, you already have a job and multiple offers on the table.”

Another industry debate circles back to credentials: Does one need a degree from an esteemed institution to handle an enterprise’s cyber security?

For instance, debate swirled after Equifax’s CEO, Richard Smith, was questioned over the credentials of his chief security officer – who had a degree in music, but had also acquired senior security experience to boot.

See related: Managing The Intersection Of Cyber Security And IoT

The same report suggests that some firms hire based on merit and experience rather than a hard-and-fast rule on technical degrees.

While cyber security is certainly an ever-changing field requiring base-level knowledge, a distinct tech savviness, communication skills and commitment – in the very least – it is also paramount to the day-to-day operations of an enterprise.

Far from static, it requires its practitioners to essentially be both thought leaders and administrators. Credentialing aside, the demand for this brand of IT professionals is on a meteoric rise – something analysts do not foresee slowing down.

That means, then, that the field finds itself at something of a crossroads. If it wants to double down on its security efforts as digital transformations continue within enterprises, it will need to both hire and nurture qualified candidates.

Solutions to the staffing issue could then boil down to training junior-level staff, over time, to ascend to those sought-after security positions. If a company is severely understaffed while its network capabilities expand, automation software could help augment the work being done by those security folks already in place.

Conversely, perhaps a three- to four-year hard public relations campaign for cyber security professionals is in order!