Despite the impact of the global COVID-19 pandemic on employment over the past two years, the cybersecurity labor market continues to grow, even with the so-called cyberskills gap narrowing.
For the second year in a row, the global cybersecurity skills gap has narrowed, according to a study recently published by the non-profit organization ISC2 (International Information Systems Security Certification Consortium). The report included responses from more than 4,700 security and IT professionals working in North America, Europe, Latin America and the Asia-Pacific region.
The study found that the global shortage of qualified security professionals has fallen from 3.12 million in 2020 to 2.72 million this year. Overall, the ISC2 report estimates that there are now approximately 4.2 million cybersecurity professionals working globally. This rise in the number of cyber professionals and narrowing skills gap also comes at a time when most organizations continue to rely on a remote or hybrid workforce that remains a tempting target for attackers and fraudsters.
“The pandemic has fundamentally changed where organizations keep their critical data and how and where employees access it,” said John Morgan, CEO of security firm Confluera. “Although some organizations are beginning to return to partial office operations, the concept is no longer seen as a required standard but rather as part of a flexible working model. This has profound implications for cybersecurity professionals.
Despite these gains, the ISC2 study also shows that the global cybersecurity workforce is still around 65% below what organizations need to fill all currently open positions globally. APAC, for example, has a skills gap of around 1.42 million, while North America reports a skills gap of around 400,000.
And some skills still matter. About 45% of respondents say cloud infrastructure is their top concern, reflecting the new reality of how employees access data. Endpoint security, application security, mobile device management, and knowledge of zero-trust concepts round out the top five.
“The cybersecurity workforce – the very people on the front lines defending our critical assets around the world – tell us where talent is most needed; that old hiring habits must change; that spending on technology alone will not solve our problems; that remote work is a greater opportunity than a threat; and that they expect meaningful diversity, equity and inclusion (DEI) initiatives from their employers,” according to the ISC2 report.
Close the gap
While there is no particular reason why the skills gap has closed recently, some security experts and analysts are finding that the growing focus on cybersecurity by the US government, coupled with several highly publicized, has moved safety up the chain of priorities.
Earlier this year, President Joe Biden not only signed a sweeping executive order focused on cybersecurity, but also hosted a meeting at the White House with several companies that resulted in promises to train and hire more professionals. of security. Microsoft, one of the companies present at the meeting, also pledged to provide training materials and scholarships to public community colleges to address security skills.
“An impact on the skills gap is the government’s focus on cybersecurity, such as the Biden administration’s executive order on improving the stature of cybersecurity in the United States, the Cybersecurity Act K -12 signed by President Biden and guidelines issued by the National Security and Cybersecurity Agency. and Infrastructure Security Agency focused on how to choose the right VPN technology,” Heather Paunet, senior vice president at security firm Untangle, told Dice.
“These decrees and directives oblige companies to take seriously the measures they must put in place to protect themselves. This includes staffing with the right expertise to follow these guidelines,” Paunet added. “However, the demand exceeds the resource pool, which has not yet caught up.”
Despite these talks, there are still thousands of jobs open in cybersecurity. An estimate from Cyber Seek, a job tracking database developed by the Department of Commerce and CompTIA, estimates that there are 465,000 open cyber positions in the United States, including about 36,000 in government agencies. federal, state and local.
John Bambenek, principal threat hunter at Netenrich, noted that another way to help close the skills gap is not to hire more cybersecurity professionals, but to integrate security into areas such as as hardware creation and the DevOps process. By addressing the fundamentals, organizations can free up time and space for advanced security operations.
“Software engineers need to know how to write secure code, device makers need to know how to build hardened and secure IoT systems, and cloud administrators need to know how to secure cloud services,” Bambenek told Dice. “While I need more cybersecurity professionals, I need everyone in the tech ecosystem to improve their security skills so I don’t have to do much to get started. The most important of these is knowledge of cloud security – because that’s where many applications go – and secure coding.If we can solve these two problems, we solve a large part of the threat landscape. ‘today. “
Can “networking” help?
Several security experts have indicated that they would like to see more security professionals develop skills or gain experience with enterprise-level networking technologies to better understand the complexities of modern infrastructure, whether whether it’s always on premise or moved to the cloud.
On a practical level, Paunet recommends both the Cisco Certified Network Associate certificate as well as the more advanced Cisco Certified Network Professional certificate as two ways to help gain additional credentials in the cybersecurity field. She also believes that other traits, like critical thinking, can make a difference.
“To fill the skills gap, companies would do well to attract candidates with other strong skills – critical thinking, business analysis – by offering to come on board and take this training while on the job – giving them the funding and time to get certified while on the job,” Paunet said.
John Hellickson, cyber advisor at consulting firm Coalfire, also sees ways to close skills gaps and steer motivated professionals into new careers in cyber by harnessing the hidden talents of network architects, as well. than by taking employees working in network operations centers and giving them additional training to prepare for careers in security operations centers (SOCs).
“Also be ready and open for your team members to move into increased roles in other organizations while continuing to hone their skills, as these changes should be celebrated even if there are challenges ahead,” said Hellickson told Dice. “Get good at recognizing fatigue and burnout so you can retain the talent you have that can be more at the forefront of the threats your business faces. Finally, consider joining nonprofit organizations that focus on growing the next generation of cybersecurity talent, such as the Security Advisor Alliance.
Confluera’s Morgan also notes that while automation can solve some problems, it’s up to organizations to then shift resources to put the right people in place to help solve bigger cybersecurity problems.
“Organizations need to deploy solutions that maximize the resources they have, better directing their security analyst resources to investigate ‘important’ issues while automating preventive security in a DevSecOps culture,” Morgan told say.