Failure to prioritize security and train staff – not a shallow talent pool – is likely to blame for the cyber workforce shortage

For years, the cybersecurity industry and policy makers have engaged in a seemingly endless debate about the root causes of a global cybersecurity workforce crisis.

In the United States, businesses and governments have often found themselves competing and poaching the same pool of talent while engaging in a perpetual debate over why, with employers citing a lack of qualified candidates and workers blaming the job. gap on the lack of opportunities for entry level or new employees to break into the industry.

Now, a new study from a non-profit organization (ISC)2 drawing on responses to a survey of over 11,000 cybersecurity practitioners and policy makers offers a more or less decisive answer to the argument. The problem lies primarily with organizations not investing enough in developing their cybersecurity workforce, not a shortage of available talent.

“This analysis suggests that the issues with the greatest negative impact are those that organizations can effectively control: not prioritizing cybersecurity, not training staff enough, and not providing opportunities for growth and development. promotion. Being able to find qualified talent was actually the least impacting issue based on this analysis,” the report said.

According to the non-profit organization, there are around 4.7 million cybersecurity workers worldwide – an increase of 11% from the previous year and the highest on record, as concerns over Cyberattacks, ransomware and digital espionage have become a priority for governments and the private sector alike.

This figure actually significantly underestimates the level of interest in cybersecurity skills, as hundreds of thousands of jobs in the United States remain unfilled and the number of job openings worldwide (3.4 million ) is not much smaller than the cybersecurity workforce itself, yet growing at a steady rate. faster pace.

The end result is that seven out of ten organizations say they are understaffed for cybersecurity, with governments and the insurance, aerospace, education and transportation sectors being the most affected. This shortage has in turn reduced security teams and affected their ability to meet their organizational needs, resulted in slower update times, fewer training resources, and not enough time for security assessments and monitoring. Security.

According to the report, organizations without talent were more likely to rely heavily on automating processes, programs that train internal talent, implementing rotational job assignments, creating mentorship programs and outreach to non-traditional groups. However, the more popular initiatives adopted in many industries – such as outsourcing – actually tend to make them more likely to report significant shortages.

The urgent need for more cybersecurity workers has been a cause for reflection within an industry that remains largely white and male, with women making up less than a quarter of the workforce and minorities struggling to find viable career paths and break into the field. Many women continue to report harassment from a male colleague, while studies and anecdotes indicate that female students are not encouraged to pursue careers in IT or STEM fields at about the same rate as men.

“”I’ve had people tell me I don’t look like a hacker, I’ve had people tell me I only get on CNN because they want a token woman in the picture. ‘show,” Forrester senior analyst Allie Mellen told SC Media in September. “Those kind of comments… don’t feel right to me. It was very common, actually.

love work, not work

While other studies have shown that cybersecurity professionals are becoming burnt out in the face of a global pandemic, an endless barrage of new vulnerabilities, and heightened vigilance in the face of the digital fallout from the war in Ukraine, research from (ISC) 2 suggest that cybersecurity workers still enjoy their craft.

Seventy-five percent of respondents said they were “very satisfied” or “somewhat satisfied” with their jobs, and those who left their jobs were more likely to do so because they found a better-paying position or got a promotion. only for burnout, poor work. /life balance or an unhealthy work culture. Workers were also much more likely to blame organizational issues for their dissatisfaction with their jobs, while their passion for cybersecurity remained high.

The most important factor of poverty [employee experience] was the inability of organizations to listen to or value employee feedback. Cybersecurity professionals are passionate about their work, so while being overworked isn’t a positive thing, it’s not nearly as negative as feeling that their expertise and knowledge isn’t valued or in demand. Data shows that this impact is particularly felt among older workers who may feel that their experience has earned them the right to have a voice in the industry and their organizations. When these employees aren’t listened to, they don’t feel valued.

Following a trend that has engulfed many industries, the cybersecurity industry has seen a surge in telecommuting rates in the face of the COVID-19 pandemic, with a majority of the industry (55%) now saying they are doing their remote work. More than half of remote industry workers say they would look for another job if they were forced to come into the office, and remote work appears to have a beneficial impact on burnout.

“The shift to remote work has empowered people to proactively combat feelings of burnout that would otherwise weigh down their day-to-day experiences,” the report notes. “The traditional workday is now interrupted by non-work activities between tasks, such as physical exercise and the pursuit of hobbies and other passions after hours.”

Leave a Reply