Why we need to talk about the cybersecurity skills gap


There is a long list of household names from Blockbuster to Toys R Us that failed to adapt to the digital transformation or embrace emerging technologies. The rise of the digital economy also ushered in an influx of new job roles in the last ten years, from cloud architects and mobile app developers to big data scientists. We also witnessed the rise of the gig economy, social media influencers, and chief listening officers. Is history about to repeat itself?

The technology that promised to make everyone's life easier means that every area of society now requires digital skills. Whether you are in education, starting a new job, or even taking a trip to a self-checkout at the local supermarket, there is no avoiding that we are increasingly expected to be comfortable using technology. This time around, it’s arguably people that need to embrace reinventing themselves as well as their employer.

Why cybersecurity is everyone's responsibility

ADVERTISEMENT

Many routinely manage their home entertainment, heating, lighting, and even doorbells using their smartphone or voice. Governments are also bringing critical infrastructure online with energy grids, transportation networks, hospitals, water systems, manufacturing, and communication systems relying on an internet connection. But have you ever thought about the security required to ensure everything from a smart toaster to a nuclear reactor is protected from cyberattackers?

A quick look at the world's biggest data breaches and hacks reveals the scale of the problem. More recently, a ransomware attack on KP Snacks threatened the supply chain of crisps and nuts unless the company met the attacker's demands. The biggest concern in these uncertain times is that a state-sponsored cyberattack could potentially cripple the whole economy.

At a time when automation is slowly taking over many traditional roles, there is a well-documented shortage and increasing demand for cybersecurity skills. For example, the global pandemic exacerbated the shortage of three million cybersecurity professionals in the Asia-Pacific as the region could not leverage international talent. However, this is a familiar story across every continent as the demand for cyber security analysts continues to outstrip demand and why some contractors are earning up to $2,000 a day.

In parallel with the shortage of cyber skills, we can expect 64 billion IoT devices worldwide by 2025. As the number of IoT endpoints increases at breakneck speed, so does the attack surface and the potential of security threats. There is no denying that cybersecurity is now everyone's responsibility; convincing the global workforce to consider reskilling to join the battle and pursue a career in cybersecurity is where things are getting notoriously tricky.

Could your next job be in cyber?

Unfortunately, in an attempt to address the demand for cyber security talent, the British government led a disastrous campaign suggesting that ballet dancers forget about their lifetime of training and leave the world of the arts decimated by the pandemic to retrain in cyber security instead.

There is no doubting that the cybersecurity industry desperately needs people from all walks of life to think about a career in tech. But the crass delivery of this message did more harm than good. However, the inconvenient truth that security skills shortage is reaching worrying proportions remains, and we must tackle the digital skills divide to ensure nobody gets left behind.

The fact that only 11% of the global cybersecurity workforce are women highlights why anyone could be forgiven for thinking whether there is a place for women in cybersecurity. The reality is we need to improve cyber defenses by bringing people from different backgrounds and various voices to the table. It also needs to be said that men should be doing more to help women enter the cybersecurity field.

ADVERTISEMENT

Myths and misconceptions about a career in cybersecurity

As many traditional office roles are at the risk of being automated, the cybersecurity industry boasts a 0% unemployment rate. However, a long list of industry myths prevents people from reskilling and pursuing a new career. The most obvious myths are that you need to be a techie, it’s too time-consuming and expensive to learn, or that you are too old. Sure technical skills and expertise are desirable, but they are by no means imperative.

Contrary to popular opinion, soft skills, a curious mind, and a willingness to learn is much more critical when thinking about reskilling to begin a career in cybersecurity. Communicating this message to both young people and mid-career professionals looking for a career change will play a crucial role in breaking down entry barriers needed to make the industry more diverse and inclusive.

Businesses also need to break their bad habits of struggling to find the best cyber security analysts and certified ethical hackers and try a different approach. With talent in short supply, instead of searching for something not available or outside of their budget, business leaders need to recognize the potential of people within their organization and consider investing in apprenticeship schemes.

Many employers are beginning to appreciate the value of transferable skills. When combined with the fact that entry-level certifications in cybersecurity can be achieved relatively quickly, the solution to the skills gap is glaringly obvious. If leaders dare to bust a few myths by giving those with a willingness to learn the guidance and mentorship they need to begin a career in cybersecurity, maybe we could all sleep a little better at night.