The Industry Continues to Face Talent-Related Challenges Part One [Weekly Cybersecurity Brief]

Although the challenges facing the cybersecurity industry are constantly evolving, there is one that has remained steady – the talent shortage. As we have covered before, organizations have struggled to fill or retain their cybersecurity teams. And while varying causes and solutions have been analyzed, there is a new batch of stories and studies exploring why this issue persists.

In an article for Dark Reading, author Pam Baker explains that factors such as the sheer amount of cybersecurity positions available coupled with other trends like the Great Resignation continue to drive the shortage that plagues the industry. Another element is the amount of perceived skill limitation. However, Justine Fox, of Mastercard’s NuData Security, tells Dark Reading that if someone is interested in a career in cybersecurity, they should just apply. Fox points out that many technological skills can get you in the door of the field and being in the position will help you to sharpen the rest. Some other suggestions included in the article for those intrigued by but unsure if they are qualified to join the cybersecurity community are to seek out opportunities like apprenticeships, mentorships and participating in an open-source project. The article also lays out recommendations on the hiring end, emphasizing maintaining an open mind and flexibility beyond traditional requirements.

On top of bringing in new talent, retaining talent has also proven to be difficult within cybersecurity. ISACA’s new report, “State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations,” surveyed more than 2,000 cybersecurity professionals globally to gather insight on the top contributors to this challenge. According to Security Magazine, 60% of respondents reported difficulties retaining qualified cybersecurity professionals, which is a 7% increase from 2021. The leading reasons included employees being recruited by other companies, salary discrepancies, lack of advancement opportunities, high-stress, and underwhelming management support. Such a position for the industry is concerning, especially when considering the growing threat landscape. The report also concluded that 43% of survey participants stated that their organization is experiencing more cyberattacks, an increase from 2021.

While companies’ awareness of the importance of cybersecurity grows, they also need to grow the importance that they are placing on a well-rounded cybersecurity team. That not only includes creating opportunities for new and established talent, but also involving them in the decision-making process. Of financial services, enterprise firms, infrastructure providers, public sector organizations and government entities recently included in another survey, 93% reported having “a cybersecurity manager who reports directly to the board,” according to ZDNet. However, the level at which they are incorporated is not the same for all, which may be causing many to fall behind in executing proper cybersecurity measures. Based on the report, there is a correlation between involving the perspective of the cybersecurity manager more in the executive suite and having more resources set aside for cybersecurity and enhancing cyber defense practices.

We would be amiss if we didn’t mention the need for greater diversity and equity as well. If the field expands its diversity and equity efforts, much of the talent shortage would be resolved. Plus, it would help to add another $30B to the U.S. economy. Return next week for Part Two of this brief in which we focus on the diversity and equity side of talent shortage.

Key Takeaways:

“Companies Going to Greater Lengths to Hire Cybersecurity Staff” – Pam Baker, Dark Reading
https://www.darkreading.com/edge-articles/accelerating-onto-the-on-ramp-for-cybersecurity-jobs

  • The sheer amount of cybersecurity positions available coupled with other trends like the Great Resignation continue to drive the talent shortage that plagues the industry.
  • Another element is the amount of perceived skill limitation.
  • Some suggestions included in the article for those intrigued by but unsure if they are qualified to join the cybersecurity community are to seek out opportunities like apprenticeships, mentorships and participating in an open-source project.

“Top reasons why cybersecurity professionals leave their jobs” – Security Magazine

https://www.securitymagazine.com/articles/97350-highest-cybersecurity-retention-difficulties-in-years

  • In its survey of more than 2,000 global cybersecurity professionals, ISACA’s new report, “State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations,” found that 60% of respondents reported difficulties retaining qualified cybersecurity professionals, which is a 7% increase from 2021.
  • The leading reasons included employees being recruited by other companies, salary discrepancies, lack of advancement opportunities, high-stress, and underwhelming management support.
  • The report also concluded that 43% of survey participants stated that their organization is experiencing more cyberattacks, an increase from 2021.

“Cybersecurity managers with a direct line to executive boards set the tone for investment: Study” – Charlie Osborne, ZDNet

https://www.zdnet.com/article/cybersecurity-managers-with-a-direct-line-to-executive-boards-set-the-tone-for-investment-study/

  • Of financial services, enterprise firms, infrastructure providers, public sector organizations and government entities recently included in a survey, 93% reported having “a cybersecurity manager who reports directly to the board,” according to ZDNet.
  • However, the level at which they are incorporated is not the same for all.
  • Based on the report, there is a correlation between involving the perspective of the cybersecurity manager more in the executive suite and having more resources set aside for cybersecurity and enhancing cyber defense practices.
Share