JOIN USFortifying Kent D Thomas explains why there is an urgent and dire need for more cybersecurity professionals in the age of digitisation.
The age of digitisation and mobilisation is fast accelerating, and so is the fear of vulnerability to having personal and sensitive information being hacked. The changing trends in mobile usage, social media and rapidly expanding connectivity, coupled with increasingly sophisticated technology, has led to the rise of a new breed of professionals in cybersecurity, to tackle the problem at hand.
Some of the recent cyber attacks brought to light the sophistication of technology used by the hackers and the seriousness of the problem. The subject now has the attention and heed of the C-Suite executives, directors of enterprises of all sizes and national and international leaders. Even the US President Barack Obama and Indian Prime Minister Narendra Modi were recently heard sounding the alarm about the threat of cyber terrorism and cyber warfare.
Cybersecurity could be simply understood as an act of protecting information and systems from major cyber threats, such as cyber terrorism, cyber warfare and cyber espionage. In order to counter this threat, cybersecurity strategy and operations have emerged as a major challenge to governments, given the shortage of skilled experts in the field. Cybersecurity is just as serious a concern to private enterprise too, given the threat to intellectual property and privately-held critical infrastructure.
Shortage of skilled professionals
Currently, various organisations complain about the lack of skilled professionals in the field. According to ISACA’s Global Cybersecurity Status Report, 2015, 86 per cent of respondents believed that there is a cybersecurity skills shortage, globally. As many as 92 per cent of organisations hiring a cybersecurity professional this year said it would be difficult to find skilled candidates. As per the findings of the survey, close to half (46 per cent) of the respondents expected their organisation to face a cyber attack in 2015 and 83 per cent believed that cyber attacks are one of the top three threats faced by organisations today.
One of the main reasons contributing to this shortage is the lack of college-educated candidates for entry-level positions. Various reputed academic institutions have stepped forward to bridge this gap, and are preparing job-ready candidates in an attempt to make up for the shortage. However, the demand for these students is such that it could take a while before gap could be filled.
Another factor which can’t go unnoticed is that conventionally, the task of protecting the digital integrity of any organisation was assigned to the IT team, assuming that they would be able to tackle the problem, just like any other. However, the ageing workforce’s technology and training needs often went unnoticed, leaving them crippled when it was time to counter a cyber threat. On the other hand, the technology used by the hackers are consistently becoming more complex and refined, which puts the spotlight back on the need for constant upskilling and upgrading, not just of the human resources, but of the technology too.
Bridging the gap
To plug the short term gaps, businesses normally would consider poaching security talent rather than creating it. However, to create a more sustainable solution to the problem at hand, the focus should be on education, upskilling and outreach, or a combination of the three, as is appropriate.
When we talk of education, though CISSP, CISA, CASP, CLAS and ISO27001 are the most sought after security professional qualifications, it must be noted that many reputed academic institutions have are offering equally competitive graduate courses in cybersecurity, certified or supported by renowned IT companies, with a curriculum heavily focused on experiential learning.
However, considering the magnitude of threat, much more needs to be done to create professionals who can not only defend the attacks, but also develop new technical and creative tactics to secure the digital entities that they safeguard. For instance, countries globally must encourage creation of research-based organisations to educate and develop the necessary skills of the next-gen security professionals.
Besides education, some of the options which the companies can explore for their existing talent pool are investing in cross-organisational cyber awareness skills and training, organising forums/competitions for best-practice-sharing etc. Alternatively, companies could also explore outsourcing their cybersecurity needs to a team of technical experts as part of managed services agreements.
Opportunities galore
Experts in cybersecurity are among the most sought-after professionals in the IT sector, with demand for workers in the field outpacing other IT jobs by a wide margin, both in the public and private sectors. Burning Glass Technologies recently reported that the demand for cybersecurity professionals has grown more than 3.5 times faster than the demand for other IT jobs over the past five years and more than 12 times faster than the demand for all other non-IT jobs. Current staffing shortages are estimated between 20,000 and 40,000 and are expected to continue for years to come.
Cyberspace includes a country’s national defence, critical infrastructure, industries, communications, transportation, commerce and personal lives, globally and these inter-relationships will only deepen with time. Given the nature of the threats and vulnerabilities inherent in a networked, cyber-connected world, the scope of the field of cybersecurity will never be constrained.
All businesses want candidates who have the right skills and knowledge to address cybersecurity incidents from their first day on the job. While it may take some time until the new breed of cyber security professionals to fill in the talent gap, businesses should take account of their internal skills and support professional staff to acquire the knowledge and experience to manage cyber threats.
Businesses, government and the education and skill department should work together to re-skill existing experts and aspirants who display an interest in transitioning their careers. The time has come to reshape cybersecurity training and ongoing professional development to better equip ourselves to counter cyber threat.
(The author is assistant vice-president for International Programmes, Missouri State University)