Cybersecurity Talent Shortage

  • 18 Sep 2018

Cybersecurity

There is a talent gap. Those specifically trained in cybersecurity will be highly coveted with related jobs projected to grow 10-fold in the next 10 years. The cost of acquiring such talent will no doubt increase until the supply/demand gap is closed.

Survey Says…

In which of the following areas do you believe your IT organization currently has a problematic shortage of existing skills?

Source: ESG TechTruth: The Cybersecurity Skills Shortage https://research.esg-global.com/reportaction/cybersecurityskillsshortage/Marketing
Source: ESG TechTruth: The Cybersecurity Skills Shortage https://research.esg-global.com/reportaction/cybersecurityskillsshortage/Marketing

Cybersecurity Skills Gap

Cybersecurity Skills Gap
SOURCE: ISACA’s State of Cyber Security 2017: Part 2: Current Trends in the Threat Landscape www.isaca.org/state-of-cyber-security-2017

Closer Look at the Local Cybersecurity Workforce

Cybersecurity talent gaps exist across the country. Closing these gaps requires detailed knowledge of the local cybersecurity workforce. This interactive heat map provides a granular snapshot of demand and supply data for cybersecurity jobs at the state and metro area levels, and can be used to grasp the challenges and opportunities facing the local cybersecurity workforce. In this example, we are focusing on the Dallas Metroplex:

Cybersecurity Supply/Demand Heat Map
Image source: CyberSeek

How Much Would a Data Breach Cost Your Organization?

How Much Would a Data Breach Cost Your Organization?
Source: IBM data breach Calculator: https://databreachcalculator.mybluemix.net/

IT departments Face New Challenges and Threats in 2018

1. There’s still a skills shortage

According to ESG research, 51% of organizations report having a problematic shortage of cybersecurity skills in 2018. This is up from 45% in 2017.

2. AI-powered attacks

According to a report by Webroot, AI is used by approximately 87% of US cybersecurity professionals.

3. Malware in the Cloud

Cloud computing businesses are prime targets for cybercriminals because they store huge amounts of data for companies. By July 2017, Risk-Based Security reports that nearly 6 million records have been exposed by data breaches, and that’s only halfway through the year.

4. Be proactive about Ransomware

What lessons were learned from the WannaCry ransomware attacks? In 2017 alone, ransomware growth topped 2,500%. Michael Nuncic with Kroll Ontrack reports that ransomware has even begun spreading to Mac, Linux, and Android/iOS smartphones.

5. Handling data breaches gracefully

Equifax gave us a masterclass in how not to handle a data breach earlier this year. By delaying disclosure, misdirecting potential victims, and failing to patch a known vulnerability, it made a bad situation much worse.

6. The IoT is a weak link

In 2017, there was a massive amount of ransomware attacks targeting corporate systems. In 2018, those attacks will shift to target Internet of Things (IoT) devices according to IBM security prediction for 2018.

7. Many companies will fail to comply with the GDPR

According to a recent Forrester report, “80% of companies will fail to comply with GDPR”. Interestingly, the report claims that 50% of these companies will actually choose not to comply, as they claim that the cost of compliance outweighs the risks.

8. Emerging standards for multi-factor authentication

According to the 2016 Data Breach Investigations Report by Verizon, “63% of confirmed data breaches involved leveraging weak, stolen or default passwords.”

9. The adoption of more sophisticated security technologies

According to ReportLinker, the deception technology market size is estimated to grow from $1.04 billion in 2016 to $2.09 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 15.1%. The rise in Advanced Persistent Threats (APTs) and zero-day attacks trends is expected to drive the deception technology market.

10. A rise of state-sponsored attacks

The U.S. government recently banned the use of Kaspersky software in government agencies due to concerns about the Russian government’s potential influence on the company.

Cybersecurity Talent Shortage By The Numbers

A report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs worldwide by 2021, up from 1 million openings last year.

Cybersecurity Talent Shortage By The Numbers
Source: Anomali https://anomali.cdn.rackfoundry.net/files/infographics/talent-shortage-infographic.png

Source: Anomali. Download full infographic.

State of Cybersecurity: Workforce Trends and Challenges

Workforce Trends and Challenges
SOURCE: ISACA’s State of Cyber Security 2017: Part 2: Current Trends in the Threat Landscape and Current Trends in Workforce Development www.isaca.org/state-of-cyber-security-2017

SOURCE: ISACA’s State of Cyber Security 2017: Part 2: Current Trends in the Threat Landscape and Current Trends in Workforce Development www.isaca.org/state-of-cyber-security-2017

ISACA offers five recommendations to help employers find, assess and retain qualified cybersecurity talent:

1. Invest in performance-based mechanisms for hiring and retention processes. ISACA’s upcoming CSX assessment capability will help employers assess performance level of prospective and current staff members.

2. Create a culture of talent maximization to retain the staff you have. Even when budgets are tight, there are things that can be done that don’t impact the bottom line: alternative work arrangements, investment in personnel growth and technical competency, and job rotation to help round out skills and minimize frustration with repetitive (but necessary) tasks.

3. Groom employees with tangential skills—such as application specialists and network specialists—to move into cybersecurity positions. They are likely to be highly incented to do so and it can help fill the gap in the long term. Having a path in the organization to do this can be a solid investment, as it can be cheaper to fill those gaps and help support employee morale.

4. Engage with and cultivate students and career changers. An outreach program to a university or an internship program can help with this.

5. Automate. Where security operational tasks can be automated, it can decrease the overall burden on staff and thereby help make the best use of staff that an organization already has.

Conclusion

Cybersecurity Ventures predicts cybercrime will cost $6 trillion worldwide by 2021, double the cost recorded in 2016. Breaches will be bigger, hackers will be smarter, and security teams and budgets will be hard-pressed to keep pace. Smart, vigilant and creative personnel will be sought after to deal with it. Cybersecurity skills shortage demands new workforce strategies.

This is the third installation in the series of Top 5 Tech Talent Trends for 2018. This article digs deeper into Trend #3 – Cybersecurity Talent Shortage.

Further Reading

Sources Used in This Mashup:

About McIntosh Search

Rob McIntosh is founder of McIntosh Search, a leading talent acquisition firm serving the DFW area, helping Technology Leaders build strong IT Teams.

At McIntosh Search, we fully understand the correlation between profitability and employee retention and how performers drive organizational success. Learn creative ways hiring the right talent can lead to sustained and impactful growth. We are here to speak with you and discuss how our approach produces long-term measurable results.

McIntosh Search

Interested in learning more about building and sustaining leaders and the impact of improved communication on your team?

Contact Rob McIntosh, at ☎ 214-521-2900, or email Rob@mcintoshsearch.com