Trying to fill a cybersecurity position? Chances are you are having difficulty finding a candidate, let alone a qualified one. With 3.5 million cybersecurity job vacancies expected by 2021, the quick demand for cybersecurity professionals has had industries scrambling to catch up.
To counter the worldwide shortage, many governments have collaborated with educational institutions to develop and integrate cybersecurity curriculum in K-12 institutions and colleges. With the overall goal of engaging and offering younger generations educational cybersecurity resources, the hope is that they will further pursue it as a profession.
However, while educational programs do provide the foundational skills and theory for a profession in security, education alone does not promise for the output of high-quality cybersecurity professionals. Academia often struggles to keep up with the evolving cybersecurity landscape, and employers often note that the technical and soft skills learnt in education programs lack real-world application. Therefore, government and educational intervention may not be enough to counter the cyber talent shortage. Rather, corporate training opportunities must also be included in the equation.
Big technology firms acknowledge the importance of industry training in closing the cyber talent shortage and developing world-class cyber professionals. For example, over the next four years, IBM will be investing a large part of one billion dollars to cybersecurity-specific skills training and development for the US workforce. The initiative involves funding high school students in STEM fields to earn an associate’s degree free of charge as well as offering opportunities to intern at IBM during their academic careers and work at the company upon graduation.
Verizon has taken a similar stance on closing the cyber skills gap with corporate training but has decided to invest in its own employees. Applying its philosophy of using non-traditional routes such as classes with certifications and on-the-job training, it has announced a large-scale employee training initiative for 2,000 people in cybersecurity. The initiative will involve a self-paced, online cybersecurity course based on role (i.e. wireless sales, product, and security sales), and will emphasize connections between cybersecurity and business operations.
The NICE Cybersecurity Workforce Framework (NCWF) is a cybersecurity workforce guide that provides employers, educators, and students a list of baseline skill standards for cybersecurity roles across all industry verticals. With the overall aim of increasing awareness of the knowledge, skills, and abilities (KSAs) that are valued and in-demand of common cyber roles, it is hoped that the framework will improve communication on how to identify, recruit, develop, and retain cybersecurity talent.
Several resources exist for employees wanting to enhance their skill sets in cybersecurity. Resources like Cybrary, the SANS Institute, and eLearnSecurity offer a range of security training at varying proficiencies. Be sure to also check out government resources online.
Deloitte Canada suggests that using a human-centric framework focused on soft skills can enable businesses to move past the talent shortage. Having developed a list of seven personas that represent the faces of cybersecurity (e.g. strategist, advisor, sleuth, defender, scientist, hacker, firefighter), with each associated with a list of transferable capabilities, Deloitte believes that people matching these personas can be molded into security roles to fill the talent void.
The cybersecurity talent shortage is only expected to widen in future years and employers must be cognizant that government and educational efforts alone will not be enough to close the cyber talent gap and develop world-class cybersecurity professionals. To prepare for the challenges ahead, employers should investigate whether they are able to offer cybersecurity training opportunities for students and in-house employees.