Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

On the 12th Day of Christmas, the Industry Predicted…a Skills Gap Challenge

All good things must come to an end, and so is true for our 12 Days of Christmas prediction series. So far we’ve taken a look at the future landscape of IoT, AI, GDPR compliance and cloud vendor compromise (to list just a few) and we are going to close with taking a peak at the landscape of the ‘skills gap’ as we head into the new year.

The skills gap has been one of the biggest talking points across the cybersecurity world in 2016, with the industry apparently struggling to locate and hire enough talented security professionals to fill the plethora of roles available within cybersecurity. This is supported by research this year from firms like (ISC)2 which suggests that there will be a deficit of 1.5 million unfulfilled jobs in cyber globally by 2020.

Looking forward, experts have had their say on what they expect the cybersecurity skills scene to be like in 2017, with (ISC)2’s Adrian Davis envisaging another challenging 12 months for the industry.

“We expect to see a greater emphasis on understanding and implementing resilience, incident management and business impact of cyber risk from all security professionals,” he told Infosecurity. “There will be a continuing skills shortage, especially of individuals who can link business and security together, and of individuals who can build GDPR compliance. So, 2017 will be another tough year.”

These were sentiments echoed by Dr Bob Nowill, chair of the Cyber Security Challenge UK, who said that, in the short-term, we will continue to face skills shortages to meet the new demands posed by evolving threats in cybersecurity.

Yet it should be noted that 2016 was a year in which some significant steps were made with the intention of tackling the cyber skills gap, both Davis and Nowill added, including the launch of the EPQ in Cyber Security, the continued inclusion of cyber into UK computing science degrees and the UK Government’s commitment to make cyber a Chartered profession.

“The skills landscape will continue to evolve, shaped in part by the new National Cyber Security Strategy and NCSC and DCMS initiatives which we support at The Cyber Security Challenge UK,” said Nowill. “2017 will be an exciting year particularly for new programs such as the new Cyber Security EPQ and via QUFARO as they start to have impact, while school curriculum changes in STEM and Computer Science will see more cybersecurity concepts being introduced at a younger age and to students coming through the system."

“However, to improve our position, we need to stop over-specifying positions, recruit more junior staff and recruit from outside the ‘usual’, tech-oriented, pools,” Davis continued. “We also need to stand up and tell people about what we do, why it is important and the opportunities open to bright, problem-oriented, communicative people.”

This was an issue also recently explored by James Jardine, CEO and principal consultant at Jardine Software, who in his article ‘5 Mistakes to Avoid to Hire Qualified Application Security Talent’ argued that whilst it’s clear filling the skills deficit will continue to be a challenge for organizations into 2017, companies have the power to rise to it if they gain a better understanding of the recruitment/employment process and avoid making some key mistakes when looking for the right candidate, which he defines as:

•    Not understanding your current needs
•    Ignoring existing resources
•    Not sharing the workload
•    Not defining the role
•    Overly broad job requirements

Clearly the industry has a busy year ahead as it works to close the skills gap that has been such a problem over the last few years. However, I do feel that the message is starting to get through and that 2017 could be the year we really start to see some positive changes have a noticeable impact.

Well, that’s it for our 12 Days of Christmas predictions series. We hope you’ve found them as interesting and enjoyable as we have and that they’ve helped give you a glimpse of what you can expect to see as we head into 2017.

All that remains for me to say both personally and behalf of all of the Infosecurity team is a huge thank you for reading our content this year and for all of your continued support, it means a lot! We wish you all a very happy Christmas and a fantastic New Year – and we’ll see you in 2017!

>> On the First Day of Christmas, the Industry Predicted...More Ransomware

>> On the Second Day of Christmas, the Industry Predicted…Poor Routine IT Practices

>> On the Third Day of Christmas, the Industry Predicted…More Political Disruption

>> On the Fourth Day of Christmas, the Industry Predicted…CIOs to Reclaim Ownership of Data Initiatives

>> On the Fifth Day of Christmas, the Industry Predicted…More Social Media Attacks

>> On the Seventh Day of Christmas, the Industry Predicted…More Mention of AI

>> On the Eighth Day of Christmas, the Industry Predicted…Attackers Making Money

>> On the Ninth Day of Christmas, the Industry Predicted…GDPR Compliance

>> On the Tenth Day of Christmas, the Industry Predicted…Cloud Vendor Compromise

>> On the 11th Day of Christmas, the Industry Predicted…Better Security Collaboration

What’s Hot on Infosecurity Magazine?