The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
Much has been made of the cybersecurity skills shortage: It has long been an issue that many companies can’t effectively source the in-house talent they need, even as threats accelerate in both volume and sophistication. A recent survey however shows that the situation doesn’t appear to be improving.
A survey by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) of cybersecurity professionals shows that 70 percent believe their organization has been impacted by the global cybersecurity skills shortage. Meanwhile, about 45 percent believe the cybersecurity skills shortage has gotten worse over the past few years, while 48 percent say it’s about the same. Only 7 percent believe things have gotten better.
A survey late last year from ISC(2) put some quantifiable numbers around what the shortage looks like: The estimate for the amount of additional trained staff needed to close the skills gap came in at 4.07 million professionals worldwide. Translated, that means that the cybersecurity workforce needs to increase 62 percent in the U.S. market, ISC(2) said.
So how does the industry get there?
“The top ramifications of the skills shortage include an increasing workload, unfilled open job requisitions and an inability to learn or use cybersecurity technologies to their full potential,” according to the recently released ESG/ISSA report [PDF]. “No single action (funding, college programs, retraining, etc.) is working to bridge the cybersecurity skills gap. What’s needed is a holistic approach of continuous cybersecurity education (starting with public education), comprehensive career development and career mapping/planning – all with support from and integration with the business.”