Cybersecurity is a mission-critical priority for organisations. But the cyber profession continues to face a major challenge: a substantial talent gap. There are not enough qualified individuals to fill millions of open positions globally. The cyber workforce gap is so big that a 2019 (ISC)2 study estimates it has grown to nearly four million job openings. That same study reports the population of cyber workers would have to grow 145 percent to meet global demand. Staggering numbers, with no overnight solution.
Some organisations are using tools such as artificial intelligence (AI) and robotic process automation (RPA) to automate tasks and reduce the amount of routine work for cyber teams. Additionally, managed security services providers (MSSPs) enable companies to outsource cybersecurity functions, which can also alleviate pressure from short-staffed cyber professionals.
These near-term steps are just one piece of the puzzle; companies can’t automate and outsource their way out of such a large cyber talent gap. There will always be a need for internal cyber talent focussed on the most critical aspects of an organisation’s business. Therefore steps should be taken to alleviate the talent shortage over the long-term. Ultimately, that should lead companies to a common goal of creating a cyber-culture that people want to join and where they want to stay.
The industry perception of cyber culture has been beset by stereotypes, including the notion that cyber teams are made up of young, hoodie-wearing males, typing away at highly technical work in dark basements.
This perception needs to change because it’s simply not accurate. The reality today is that cyber is at the center of the business universe. It’s fundamental to the sustainable success of all organisations. Without adequate cybersecurity and privacy controls, organisations cannot properly function in today’s climate. Cybersecurity and privacy lay at the foundation of every well-organised company and serve as business enablers and proper implementation can serve as a way to project trust to customers.
Privacy regulations such as the General Data Protection Regulation, California Consumer Privacy Act and the Health Insurance Portability and Accountability Act have also broadened the skillsets modern cyber teams require – skills that traditionally trained cyber professionals may not have. Modern cyber teams often require individuals with regulatory and legal expertise. Additionally, intimate knowledge of business processes enables cyber teams to effectively implement compliant processes around how regulated data is discovered, collected, shared and stored.
As privacy’s role becomes an important part of so many domains, a broader expertise is required to build trust, ensure ethics, protect data, implement AI and much more. Together, security and privacy form modern cyber. Therefore, security and privacy need to be effectively addressed in order to reduce the severity of business risks associated with data breaches and regulatory violations.
Solving the talent gap begins with recasting cyber as a “career in business,” not a “career in the basement.” This will attract a more diverse pool of professionals, which will strengthen cyber operations and cyber culture.
The cyber talent gap can’t be solved overnight. It takes time to change cyber culture in such a way that the profession will attract a broader range of professionals. Fortunately, there are fundamental steps organisations can take to improve long-term stability and staffing for cyber, including: