Posted: 3 Min ReadExpert Perspectives

Four Ways to Address the Industry’s Talent and Skills Shortage

It’s time for the security industry to tackle its biggest challenge, one that will only get more acute as companies embrace digital transformation

Imagine going into a middle-sized town or city in Europe – say Blackburn, Brest, Dijon, Heidelberg, Leverkusen or Norwich – and finding every home deserted. Every shop empty.  That image represents the distressing talent shortfall in the cyber security industry across the EMEA. 

According to the 2018 (ISC) Cybersecurity Workforce Study, the talent shortfall in the region stands at 142,000 people – the same amount as a mid-sized European town. The huge gap between supply and demand should concern everyone who is concerned about safeguarding data.

A lack of security talent hinders companies as they embrace digital transformation, move to the cloud, and deploy advanced analytics to understand their customers better. Less obvious is the devastating effect the talent shortfall is having on the current ranks of cyber security professionals. They are overworked, stressed out, and too consumed with day-to-day activities to keep their own skills up to date.

Have a Skills Edge

Exclusive research from Symantec indicates how significant the problem is. We asked the opinions of more than 3,000 senior cyber security decision makers across the France, Germany and the UK. Almost half (48%) now believe that attackers have a raw skills advantage over defenders.

Burdened with the daily demands of keeping ahead of attackers, cyber security professionals have little time for their own skills development.  This is one reason delegates at Symantec’s CISO Forum felt much of the current base of cyber security professionals, who have anywhere from one to three decades of experience, find the rise of cloud and mobility such a challenge to deal with.

Cyber security professionals are fed up with the stress and never-ending workdays. Some 64% are considering leaving their current job. Some 63% are thinking about leaving the industry altogether.

This, of course, could exacerbate the talent shortage. However, I have an additional concern. These highly skilled security experts love technology and security, but hate working in a “make it through the day” corporate environment.  It is conceivable some of these cyber security professionals could go to “the dark side” and become hackers themselves.

Cyber security professionals are fed up with the stress and never-ending workdays. Some 64% are considering leaving their current job. Some 63% are thinking about leaving the industry altogether.

Adopt a New Approach to Security

To address the talent/skills gap, companies need to be creative and think in new ways. Here are four key steps:

Evangelize to Young People. Even as we ponder the current generation of cyber security professionals, we must prepare the next one.  As an industry, we must evangelize and sell the idea of going into cyber security to young people.  For example, I sit on the board of directors of TeenTech, a non-profit that helps young teenagers see the wide range of career possibilities in Science, Engineering, Technology, and Math (STEM).

Cast the Talent Net Wider. We must make a stronger effort to recruit people from diverse backgrounds. The Cybersecurity Workforce Study found only 24 percent of the workforce is female. Having a workforce made up largely of middle-aged white men provides a narrow perspective that exposes a company to social engineering attacks. This homogeneity of the profession is a concern, but it is also an opportunity. We have large groups to recruit from that have mostly been untapped. Think too about those looking for a career change, especially those from a profession that brings relevant skills.

Think Beyond Technology. Remember that cyber security is as much a social science as a technology endeavor.  At the Symantec CISO Forum, one delegate told about the benefits of hiring a psychologist into the security team who suggested initiatives such as praising those that raised a potential threat. The phishing simulation click rate at the delegate’s company dropped from 27 percent to 8 percent in just 12 months.  By realizing most cyber security tasks are not technical in nature, we can fortify our ranks with new kinds of professionals.

Eliminate Routine Chores.  We need new approaches to reduce the mundane tasks that consume cyber security professionals and make their workday dreary and less productive. Cyber security has become enormously complex and can often contain more than 100 different point solutions from a huge mix of vendors. Using a cyber security platform to integrate those solutions can improve security and reduce the manual efforts required to manage it. In the same way, an integrated security platform can reduce the volume of false alerts. Using AI, machine learning and other new tools frees cyber security professionals to handle tasks that are more important and rewarding. It also reduces the pressure on companies to immediately recruit more cyber security professionals.

As the talent/skills gap grows, we must be as creative as the attackers who confront us – both in our tools and recruitment strategies. For more on this topic, please look at a new Symantec’s new report “High Alert: Skills Crisis.” It is required reading for anyone who wants to keep their data safe, and their cyber security professionals up-to-date in their skills and happy in their jobs.

You might also enjoy
Feature Stories4 Min Read

How Companies Compensate for the Security-Worker Shortfall

Organizations are turning to alternatives, ranging from training initiatives to employing fractional CISOs

About the Author

Darren Thomson

Darren Thomson, CTO and VP of Technology, EMEA

Darren Thomson is CTO and VP of Technology, EMEA, with overall technical responsibility for our strategic propositions,currently responsible for the development and delivery of IT Risk Management, Mobile and Cloud Computing & IoT programs to our major clients.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.