How to deal with the next cybersecurity talent shortage in A/NZ

Australia’s recent budget ushers in the country’s largest cybersecurity spending, with $10 billion pledged to see electronic spy agency Australian Signals Directory (ASD) double in size and increase its ability to launch cyber operations offensives.

This is great news for the IT industry, but the expansion will likely lead to massive demand for cybersecurity jobs.

Already, the increase in cybersecurity incidents has more than doubled the demand for cybersecurity professionals. Some sources claim that around 3.5 million cybersecurity jobs are likely to remain unfilled globally between 2022 and 2025.

Given the impact of cybersecurity incidents and the number of vacancies, why is it so difficult to recruit cybersecurity professionals?

So let’s dissect the problem of rarity.

At first glance, it seems that there are not enough qualified professionals to meet all the requirements of the position. But let’s dig deeper. At the end of 2021, there were an estimated 1,053,468 cybersecurity professionals employed and 597,767 job vacancies. Organizations often look for the following four cybersecurity roles:

1. Cloud Security: Focuses on implementing and managing critical asset security in cloud environments.

2. Analysis and security investigation: Focuses on in-depth analysis of threat intelligence and security event artifacts for proactive investigations.

3. Application Security: Focuses on developing and configuring mobile and web application code using secure coding best practices and monitoring.

4. Security Orchestration and Automation: Focuses on machine operations to help prioritize and drive process standardization for cybersecurity operations.

It can be difficult to find a suitable candidate with the right mix of skills, certifications (depending on your industry) and experience. Practitioners who have the opportunity to raise their skill levels and deploy creative solutions are sought after by some of the world’s top employers who can afford to offer higher salaries and other benefits, making it difficult to competition for small organizations. It also leaves these smaller organizations struggling to fill available roles due to budget and resource constraints.

But it’s also true that employers’ expectations can be unrealistic. Although many data and statistics show the scarcity of skilled labor in the cybersecurity industry, the hiring process is also to blame. Hiring managers and recruiters often miss collaborative opportunities to set realistic expectations, understand the technical discipline required, and post tailored job descriptions to the right candidates.

Organizations should consider skills acquired through personal activities and not just years of work experience. Additionally, organizations prefer candidates with overpotential experience, which is not scalable for our industry.

What will be the impact of the talent shortage? Open roles affect team members who are already in the organization. As the complexity of cyberattacks increases, so does the complexity of deploying, configuring, and managing security solutions.

These security solutions create multiple alerts and, if not properly tuned, will flood teams with false positives and cause what we call “alert fatigue.”

Alert fatigue occurs when an already exhausted team or member may not be able to handle the influx of alerts and is susceptible to team member burnout. These exhausted security practitioners are likely to make more mistakes. In this way, organizations suffer from the very problem they created.

So how do you tackle the cybersecurity skills crisis?

Today, the crisis affects more than 57% of organizations. It is difficult to fill the labor shortage without organizations changing their hiring strategy. The larger ones should look for alternatives.

For example, a cybersecurity team member can provide guidance and help develop a robust cybersecurity program. Additionally, hiring managers can focus on assessing skills rather than exclusively testing skills. Some vendors may even offer interested candidates the opportunity to learn and receive mentorship outside of the workplace and provide ongoing training for new team members.

Organizations ready to take major steps to fill open positions in cybersecurity should:

1. Encourage cybersecurity education and provide the certification courses required to support professionals at all job levels.

2. Eliminate pay gaps and provide more flexible working conditions.

3. Diversify hiring management and team practices to provide essential guidance to interested candidates.

4. Promote and encourage women, minorities and under-represented groups who are qualified to take on leadership positions.

5. Implement cybersecurity automation to help refocus human efforts and reduce daily workload.

Leave a Reply