A recent report and panel discussion by the International Information System Security Certification Consortium highlighted the urgent need for more cybersecurity professionals in the technology industry. However, significant barriers are hindering progress in this area.
The 2024 ISC2 Cybersecurity Workforce Study, based on feedback from 15,852 cybersecurity practitioners and decision-makers worldwide, revealed that 90% of respondents are facing skills shortages within their organizations. The areas most affected include AI, cloud computing, security, and zero trust implementation.
One of the main issues contributing to these shortages is the mismatch between job seekers’ expectations and what potential employers are offering. Brandon Dunlap, Gartner’s senior executive partner in security and risk management, emphasized this point during a panel discussion on the challenges in the cyber workforce.
Globally, there is a workforce gap of 4.8 million cybersecurity professionals, representing a 19% shortfall in the roles needed to secure systems. While some countries have seen improvements in closing this gap, others continue to struggle.
HR Challenges in Defining Cybersecurity Roles
Defining cybersecurity positions can be a major challenge for HR teams, as the term “cybersecurity” is broad and encompasses various specialized roles. According to Simon Salmon, an ISC2 instructor and head of IT at Nottingham City Council, it is crucial to have detailed discussions with recruiting teams to ensure the right talent is hired.
Dan Houser, chair of the ISC2 board of directors, emphasized the importance of understanding the specific skill sets required for cybersecurity roles to bridge the gap between job seekers and employers.
Trends in Budget Constraints and Layoffs
Many organizations are struggling to fill cybersecurity roles due to budget constraints and a lack of entry-level positions. Some key trends identified by the ISC2 study include:
- 39% of organizations cited insufficient budgets as the main reason for cybersecurity skill shortages, compared to talent shortages in previous years.
- Layoffs in the cybersecurity sector have increased by 3% year-over-year, reaching 28%.
- 37% of companies have experienced budget cuts, a 7% increase from the previous year.
- 38% of organizations have implemented hiring freezes, up by 6%.
One of the challenges highlighted by Houser is the failure of some companies to offer competitive salaries for cybersecurity roles, leading to difficulties in attracting qualified professionals.
To attract and retain cybersecurity talent, companies must provide fair compensation, promote a collaborative work environment, and show appreciation for employees’ contributions, according to Lisa Young, vice chair of the ISC2 board of directors.
Strategies for Supporting Early-Career Workers
While job satisfaction remains high for cybersecurity professionals as they advance in their careers, many organizations lack entry-level positions. This approach can hinder the development of a pipeline for future cybersecurity leaders.
According to Brandon Dunlap, creating cyber training programs, compensating workers based on training, and implementing internal mentorship programs can support the growth of cybersecurity professionals.
Continuing professional development is essential in the rapidly evolving field of technology, as highlighted by Lisa Young. Professionals need to acquire skills in areas such as AI/ML, cloud computing security, zero trust implementation, digital forensics, and application security to address the technical gaps identified by ISC2.
Recruitment Strategies for Diverse Talent
Vocational schools and community colleges are valuable sources of cybersecurity talent, noted Dunlap. Identifying individuals with the necessary soft skills and providing technical training can help bridge the skills gap.
Simon Salmon shared insights on a program that focuses on recruiting individuals with neurodivergent diagnoses or dyslexia for cybersecurity roles. Emphasizing inclusivity in recruitment practices can address the shortage of cybersecurity professionals.
No Comment! Be the first one.