The information security industry’s ability to protect organizations depends on attracting and retaining talented individuals with the necessary skills to combat new threats and risks. We’ll be addressing this at Infosecurity Europe 2019 with FutureSec – a new program of sessions and events focused on the development of people, skills and careers.
The skills shortage needs urgent attention and resources. Almost a third (30%) of respondents to our latest social media poll said that a lack of skills was their biggest challenge to recruiting cyber and information security talent. Worryingly, more than half (52%) believe this is putting their business at increased risk of cyber-attacks.
Cybersecurity is a demanding profession, and the required skillset is diverse, with a mix of technical and business capabilities needed to effectively support both the evolving digital business and legacy systems. Communication, negotiation and leadership skills are increasingly needed to cooperate and engage with the rest of the enterprise.
“Multidisciplinary individuals are hardest to find, but they’re critical to ensuring that small- to mid-size security functions are well balanced and can meet all the requirements placed upon them,” says David Boda, group head of information security at Camelot. “In addition to core infosec skills, individuals will have a level of skill in one or more of coding, privacy, data science, DevOps, SysOps or psychology, or have strong business acumen.”
Nigel Stanley, chief technology officer and global head of OT cybersecurity at TÜV Rheinland, says the talent gap is even more marked in the world of operational technology (OT). “This domain is huge, covering everything from autonomous vehicles through to power stations and ships at sea,” he says. “Alongside cybersecurity expertise I’m looking for good fundamental engineering knowledge, coupled with an x-factor that enables a team member to look beyond first impressions and really understand what’s going on. I’m also looking for passion and enthusiasm for the subject – and no endless list of industry certificates can provide that.”
Inadequate education and training are a root cause of the skills shortage, but information security also tends to be underrated as a career path. In our social media poll, however, 26% of respondents cited a lack of interest in careers in the industry as a barrier to recruitment, with 46% saying they find it difficult to encourage talent into the sector.
Cybersecurity can make for an interesting and fulfilling career choice. As an industry, we need to work together to implement strategies and initiatives that will inspire and entice the next generation of professionals. Today, however, there remains a gulf in terms of supply and demand, with recent research highlighting that there will be as many as 3.5 million unfilled positions in the industry by 2021.
Paul McKay, senior analyst with Forrester Research Inc, believes we can widen the talent pool by being more inclusive: “We’re overly focused on recruiting technical graduates. We need to look at those with different backgrounds and target them with specific programs and apprenticeships to allow a vocational route into the industry. We also need to engage under-represented groups including women, who still make up only 11% of the cybersecurity workforce. This needs to happen in schools, and employers should encourage their employees to support this type of outreach.”
The skills shortage in cybersecurity is not solely an industry issue – the protection of businesses, infrastructure and lives from risks and threats depends on developing a sustainable pipeline of talented professionals. At Infosecurity Europe 2019 there are a number of sessions dedicated to building knowledge and capabilities within the information and cybersecurity community, including Strategy Talks and Tech Talks, the Information Security Exchange, a Women in Cybersecurity event and Security Workshops.
The Infosecurity Europe Twitter poll, which attracted 9763 responses across three questions, was conducted during the week 15 March 15 2019. The press release announcing the results can be read here: https://www.infosecurityeurope.com/RXUK/RXUK_Infosec/2019/Documents/Infosec-skills shortage.pdf?v=636888708029618571
