The cyberskills shortage is well reported and widely considered to be one of the biggest challenges for industry professionals today.
Skills gaps not only impact organisations’ security defences, but also the wellbeing of the wider team as they struggle to do their jobs effectively as the sophistication and frequency of attacks increases.
Half of CISOs who took part in a survey conducted by Fastly said that training or acquiring cybersecurity talent was a priority over the last 12 months. A total of 44% of those surveyed also highlighted plans to improve their organisation’s overall security posture through a programme of training (44%), designed to make security more accessible at all levels of their business.
So, what can organisations do to address this challenge? As we often hear in technology, it’s a combination of people and processes. According to 2023 research from CyberArk, nearly a third of business leaders think cybersecurity skills gaps are hindering defences.
David Higgins, Senior Director, Field Technology Office at CyberArk, said: “This means security teams may not be as alert to potential risks as they should be. This increases the risk of them missing attacks and the same situation can also mean that co-workers are more likely to fall victims to phishing attacks.”
AI and technology, he says, can be part of the solution, alleviating ‘low level’ workloads – like automating threat detection and responses.
“AI and automation can mean practitioners are better able to focus on more meaningful, higher-level tasks. This applies to all industries as well, allowing STEM professionals to put their mental health first while focusing on tasks they enjoy and continuously expanding their skillset,” he said.
Josh Blackwelder, Deputy Chief Information Security Officer, SentinelOne, agreed that AI is key to filling the gap as security teams grapple with an ever-growing number of data sources on the scale of petabytes.
“With AI, companies have an infinitely scalable analyst that can supercharge their teams and accelerate their efforts,” he said.
“The impact of AI on the workforce will be immense – we’re already seeing the improvements it can drive in productivity and efficiency. And it will be a critical tool CISOs can use to enhance their teams as it reduces the learning curve and makes security operations more accessible to a larger pool of talent.”
Aaron Rosenmund, Director of Security Curriculum and Research at Pluralsight, described a ‘constant cat and mouse game’ for cyber teams trying to keep up with
the evolving threat landscape, highlighting that only 17% of tech workers are completely confident in their cybersecurity skills.
He suggests businesses must provide cyber teams with opportunities to practise in ‘low-risk environments’ and build confidence, using a blue team-red team attack simulation.
“This type of simulation is a great way to determine whether employees need to upskill and help teams to know they are ready to act quickly and calmly to protect the company’s sensitive data when needed,” he added.
For Mandy Andress, CISO at Elastic, security leaders should also prioritise diversity in hiring practices.
This, she said, enables organisations to not only tap into a wider talent pool, but also foster an environment of innovative thinking and problem-solving, drawing from a range of perspectives, educational backgrounds, life experiences and skillsets.
“Companies that embrace diversity often see improved outcomes in cybersecurity efforts and overall organisational resilience; ‘hackers’ are not a homogenous group; therefore, security teams should not be either,” she said.
“Look beyond traditional schooling and minimum career experience to see skills, qualifications, experiences and abilities gained from shorter programmes, online certificates, other jobs and participation in cybersecurity communities that support core foundational understanding of systems and their vulnerabilities.” Camellia Chan, CEO and Co-founder, Flexxon, agreed that diversity has an important role to play in plugging the skills gap, highlighting the lack of female cybersecurity professionals in post.
“In fact, only 17% of Chief Information Security Office (CISO) roles were held by women in Fortune 500 companies in 2022,” she said. “By not addressing this, leaders are ignoring a huge proportion of a potential workforce that could be trained to fill roles that are suffering from a lack of specialist skills.
“Additionally, greater diversity, whether it’s gender, race, or sexual orientation, can help to provide fresh perspectives and confront the ever-evolving threats posed by cybercriminals today. Implementing diversity and inclusion policies that foster a welcoming workplace environment are a must.”
Mike Smith, CTO at Vercara, suggests that military veterans are equipped with a transferable skillset including the likes of project management that could be highly beneficial for the security industry.
“I have a Cyber Threat Analyst that retired from the US army after 23 years in the intelligence field. We got him on a free four-month internship from the army through a program called Skillbridge. It was a great way to evaluate their skills before we took them on as a permanent hire,” he explained.
Finally, Sohail Iqbal, CISO, Veracode, highlighted how it’s now possible to look further afield for talent thanks to advances in remote work.
“Where we used to focus our hiring around local universities and colleges, building a pipeline where the best young talent leaves education and comes straight to us, we’re now having to look further out,” he said.
“The ability to work remotely has made that a possibility, as where before we wanted talent in close vicinity to our offices, we can now recruit from all around the country, and even the world.”
It’s clear that there is no single definitive answer to addressing the cyberskills challenge but, through a combination of intelligent technology and automation, diversity and inclusion schemes, organisations can go some way towards reducing the impact of the talent shortage and foster an environment of innovation and resilience for their existing teams.
Click below to share this article
