Addressing the massive talent gap in the cyber security industry

Publication: DataQuest
January 21, 2021

The cyber security industry is a dichotomy. While the demand for cyber security professionals is high as all get-out, there is also a significant talent gap in the domain. The expansion of the digital ecosystem has heightened the need for qualified cyber security experts to deal with newer and more advanced threats. As per the US Bureau of Labour Statistics, the demand for Information Security Analysts alone is estimated to rise to 31% by 2029.

With the increasing shortage of trained cyber security professionals, it is becoming difficult to fill the talent gap in the cyber security industry. In the last few years, several studies on cyber security and skills shortages have been conducted by various organisations. The Enterprise Strategy Group (ESG) and the ISSA survey conducted in July 2020 shows that 70% of the participants believe their companies have been impacted by the global cyber security skills shortage.

So amidst the increasing industry demand, why is the skill gap in the cyber security industry increasing? While there are many reasons, the following three causes are the most noteworthy ones:

  1. Scarcity of educational establishments offering cyber security education: The lack of educational establishments that provide foundation-level as well as advanced-level education in cyber security is a key factor in the country’s lack of qualified cyber security professionals. It has become increasingly hard for businesses to hire the right talent in the absence of appropriate institutes and training programs. Students need hands-on experience from experts to understand how to best create a secure environment and tackle a breach.
  2. Lack of training and funding: In India, the shortage of investment in cyber security training continues to affect qualified professionals’ availability. Corporate organisations do not invest enough in cyber security training because they presume that upon completing the upskilling training, qualified professionals will leave the organisation for better opportunities. Companies prefer to recruit already skilled candidates with the requisite expertise rather than train existing employees in cyber security.
  3. The experience paradox in the industry: In today’s time, most companies prefer seasoned professionals over novices in the domain. Applicants with formal degrees and no hands-on work experience in cyber security are unlikely to have the primary capabilities to deal with cyberattack incidents in a real-world environment. But it’s pretty hard to gain experience without getting a job first.

Now the question is, how do we address these challenges? Like other major issues, a multi-layered approach to the skills shortage demands leg work. Here are four ways to bridge the cyber security skill gap:

  1. Introducing cyber security at an early stage of education: The cyber security career pipeline needs to be initiated long before undergraduate students select a major. In order to inspire young learners to build interest in the fields of STEM (Science, Technology, Engineering & Mathematics), cyber security and coding should be introduced together.
  2. Investment in cyber security training: Organisations should invest in cyber security training for employees and improve their skill sets. Investing in training existing professionals to help them enhance their cyber security knowledge is just as critical as investing in safeguarding the organisational network and data security.
  3. Encourage continuous upskilling: Stagnant and one-time training is one of the key contributors to the cyber security industry’s skill gap. Since the cyber security domain is fast and constantly evolving with newer threats, ongoing learning in cyber security needs to be encouraged to keep professionals’ skills and experiences up to date and relevant. Continuous upskilling will definitely help cyber security professionals retain old skills and develop new ones.
  4. Building opportunities for freshers: Organisations that want to recruit cyber security professionals should look at the requisite skills rather than the years of experience. Thus creating opportunities for skilled freshers to enter the working world.

While we will not be able to bridge the skill gap in the cyber security industry overnight, we can start by encouraging our youth to build a career in cyber security. We also need to promote work environments where everyone understands the criticality of the cyber security profession, where awareness about it becomes a topic of day-to-day conversation for all.