Strategies for Tech Leaders to Bridge the Cybersecurity Skills Gap
Jun 02, 2023With the tech unemployment rate at a historically low 2 percent, companies across industries are facing a significant challenge in finding the cybersecurity talent they need. Enterprise Strategy Group (ESG) reports that 47 percent of organizations lack the necessary skills for security operations. Furthermore, CyberSeek, a joint initiative by the National Institute of Standards and Technology (NIST), Lightcast, and CompTIA, reveals that while there are approximately 1.1 million people employed in cybersecurity in the U.S., there are still over 663,000 unfilled positions.
The skills gap in cybersecurity is further widened by budget constraints faced by many organizations, leading to a struggle to hire the right talent. Sedric Louissaint, founder of the cybersecurity training program Susos.co, emphasizes the need for organizations to be realistic in their expectations of the talent pool. Whether it's individuals fresh out of college or those who have completed boot camp programs, companies need to consider candidates with potential and provide opportunities for hands-on experience and practical skills development.
The repercussions of the talent shortage are significant, as companies unable to afford high-salary cybersecurity professionals are at a higher risk of data breaches. The rapidly evolving technology landscape and increasingly complex cyber threats have outpaced the development of cybersecurity talent.
To address the skills gap and foster a strong cybersecurity workforce, tech companies should consider the following strategies:
-
Invest in Education and Training: Companies should actively support and promote educational programs, workshops, and seminars focused on developing cybersecurity skills. Collaboration with academic institutions and industry experts ensures that curricula remain up to date with the latest trends and technologies. For instance, ThreatQuotient's ThreatQ Academy Online offers self-paced training and hands-on skills assessments, providing participants with a ThreatQ certificate upon completion.
-
Encourage Capture-the-Flag Competitions: Capture-the-flag competitions offer an engaging and competitive environment for developing cybersecurity skills. These events simulate real-world cybersecurity challenges and enhance participants' problem-solving abilities. Mitre conducts Capture the Flag competitions sponsored by Fortinet to improve skills and protect microelectronics and semiconductors from attacks.
-
Foster Diversity and Inclusion: Prioritizing diversity and inclusion helps tap into a broader pool of creative talent. By encouraging diverse hiring practices and creating mentorship programs, companies can bridge the skills gap and ensure equal opportunities for underrepresented groups. Microsoft's Ready4Cybersecurity program aims to bridge the gender gap in cybersecurity by providing training and certification to 100,000 young women and underrepresented youth in Asia by 2025.
-
Support Development of Hard and Soft Skills: In addition to technical cybersecurity skills, cultivating soft skills like critical thinking, adaptability, and effective communication is crucial. Tech leaders can organize ethical hacking activities and "hack the box" challenges to allow individuals to sharpen their security skills and enhance collaboration in response to evolving cyber threats.
-
Provide Training on Addressing Cybersecurity Alerts: Many employees lack the skills to respond effectively to cybersecurity alerts. Companies should offer training on understanding and analyzing information and metrics related to risks and network compromises. Staying updated on alerts published by organizations like the U.S. Cybersecurity and Infrastructure Agency (CISA) provides valuable insights into the latest threats and vulnerabilities.
By implementing these strategies, tech leaders can bridge the cybersecurity skills gap, nurture a talented workforce, and better protect organizations from evolving cyber threats. Emphasizing education, embracing diversity, and fostering a culture of continuous learning will contribute to a stronger cybersecurity ecosystem for Black Heights and the industry as a whole.