Overcoming the Cybersecurity Talent Shortage
The cost of cyberattacks for the world is expected to reach $6 trillion by 2021, according to Herjavec Group’s 2017 Annual Cybercrime Report. As threats increase and cyber criminals become more creative, organizations across industries need to build stronger pools to defend against these attacks, and they need to do it quickly. However, according to a report from Frost & Sullivan and (ISC)2, the global cybersecurity workforce will have more than 1.5 million unfilled positions by 2020.
What’s driving the shortage? It’s a perfect storm of the explosion of demand driven by the constant barrage of company breaches and system compromises combined with the proliferation of connected devices on the internet. This dramatically increases the scale of opportunities for attacks and presents hackers with new opportunities to try and compromise organizations large and small.
To combat the shortage of professionals, organizations need to invest in STEAM education for the next generation and encourage cross-training and continuous learning to enhance skills of current cybersecurity talent.
Invest in STEAM
The availability of early training and education is not keeping up with the demand for modern-day cybersecurity professionals. To fill this gap, organizations can start exposing students to core competencies like data science, analytics and project management by upping their investments in Science, Technology, Art and Mathematics (STEAM) programs, including through community partnerships.
To combat the shortage of professionals, organizations need to invest in STEAM education for the next generation
By going beyond typical career fairs and recruiting programs, organizations help draw connections for students between what they are learning and real-world impact. For example, Health Care Service Corporation (HCSC) hosts an annual event with Lumity, a Chicago-based organization preparing underserved teens and young adults for STEM careers, that challenges students to develop mobile applications addressing certain health problems. The teams work with HCSC IT professionals, experimenting firsthand with technologies used in the workplace and developing core competencies that can be leveraged for all technology careers, including cybersecurity. These types of events not only help students begin thinking differently about what they’re learning in the classroom, but also drive awareness of an organization’s business.
Cross-Training and Continuous Learning
Short-term, there are many things organizations can do to strengthen cybersecurity competency within their own walls, including offering vocational and mentorship programs.
There are many different knowledge domains that exist within the field of cybersecurity. (ISC)2, which is the cybersecurity industry hub for standardization and certification, recognizes at least eight domains, including security architecture, software development and risk management. It may be especially difficult for prospective cybersecurity employees, many of whom are coming directly from college and university programs, to have expertise in all of these domains. But through professional training and mentorship, organizations can cross-pollinate teams and share the depth of knowledge gained in any given domain with others who may have not been previously exposed.
On-site workplace programs that pair interns or recent-graduate technology employees and experienced professionals, educate mentees on best practices and career advice while fostering a deeper understanding of the business. Rotational programs also provide junior employees with a range of unique experiences in health technology that builds a well-rounded view of the business and leads to a more experienced workforce.
The shortage of cybersecurity professionals isn’t disappearing soon, so organizations need to consider solutions that can help grow the future pipeline but also develop their current employees. Investing in STEAM and continuous learning are just a couple ways information security leaders can begin thinking outside the box to help ensure their organizations have comprehensive cybersecurity strategies and build a strong talent pipeline.