For some time now, there has been a worrying lack of the requisite skills around cloud security, data security, and application security. Especially within the mid and senior level. Part of the reason is that cloud architectures and the ever more distributed systems we are now used to today has created new attack surfaces that require specialised skills to secure. Here, there is a real shortage of engineers who are well-versed in techniques like cloud access security, cloud encryption, and micro-segmentation.
With vast amounts of sensitive data now being collected and analysed, skills in data security governance, database activity monitoring, and data loss prevention are more important than ever before. Unfortunately, entry-level cybersecurity hires often lack the soft skills needed for organisational collaboration, communicating cyber risks, and enabling behavioural change. At the same time, due to advanced persistent threats evolving so rapidly, mid and senior level professionals skilled in threat intelligence gathering, dark web monitoring, and understanding the attacker mindset are also rare. Shortages also exist in digital forensics and incident response skills like log analysis, reverse engineering malware, and determining root causes.
Failing programmes
The rapid pace of technological change has expanded the scope of vulnerabilities beyond recognition. Cloud, mobile, IoT and AI adoption have all massively increased risk, vastly expanding the expertise required to secure a modern organisation.
Educational programmes are, unfortunately, failing to keep students’ skills current with technological change. More public-private partnerships, certification programs and continuing education are needed.
Why diverse perspectives work
There is no doubt that more diverse perspectives promote more innovative solutions. It is, therefore, important to encourage them. Homogenous teams only end up reinforcing the blind spots that attackers can look to exploit. Whereas teams incorporating diverse backgrounds provide much more cognitive diversity to imagine novel defensive approaches.
The industry needs to tap into underrepresented talent pools through inclusive hiring initiatives. Unfortunately, many women or minorities with aptitude for cybersecurity roles still face unfair barriers to entry. This needs to change. Intentional, equitable hiring is vital for the industry to access and develop previously untapped talent.
A diverse age range should also be encouraged. Blending junior energy and new approaches with senior experience creates vibrant, balanced teams that nurture skills development and help to secure the business.
How to fill the gap
To help fill the skills gap, organisations should look to cross-train staff to handle multiple roles. Employees skilled across functional areas can improve response coordination while reducing costs. Not being afraid to employ remote workers can also help to access wider talent pools cost-effectively. Such remote models provide access to skills globally without relocation costs, improving diversity too.
Organisations should also look to invest in upskilling current staff on the latest technologies. After all, it always costs less to upskill internally than replace staff. Prioritising continuity and growth of institutional knowledge will pay dividends. Finally, make sure that the business prioritises spending on the highest risk areas. With limited resources, focus should be on securing the most critical business assets and processes first.