No Easy Button Solution To Cybersecurity’s Skills Shortage

You may have heard the news. The information security industry is desperate for good people. Some people think this is over-hyped, and others think they have a simple solution. Do we have a talent shortage?
 
By Evan Francen, CEO of FRSecure
 
If you believe what you read, the issue is settled. Information security talent shortage news is plastered everywhere. 
 
 
• “We predict there will be 3.5 million unfilled cybersecurity positions by 2021.” – Cybersecurity Ventures
• “It’s estimated that by 2014, the industry will still be short more than a million security professionals across the globe.” – Cisco 2014 Annual Security Report
• “Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million” - Michael Brown, CEO at Symantec
• “2 Million: Global Shortage of Cybersecurity Professionals by 2019” – Information Systems Audit and Control Association (ISACA)
• “Cybersecurity jobs are in high and growing demand. But, there’s a critical shortage of qualified workers across the nation.” – CyberSeek claims that there are 715,715 people employed in “cybersecurity” and that there are 313,735 open positions in the United States.
 
We’re security people though, and we don’t believe everything we read. We’re a skeptical group, but the news looks convincing. Upon closer inspection, you may notice some key words like “predict” and “expected”. You might also notice some discrepancies in the numbers and publication dates. The quotes from Cybersecurity Ventures, Cisco, Symantec, and ISACA are all predictions, and some of them are outdated now. Anyone can make a prediction, right? We might assume that these predictions are credible because the organizations are credible. Despite this, the skeptics could have a case. 
 
Not everything is a prediction however. There have been studies too, but correlation is difficult because of differing methodologies and data sources. Plenty of stories, plenty of predictions, and a few studies, so what’s fact? The facts are debatable, but the consensus isn’t. 
 
The general consensus confirms that we have a talent shortage problem, and I agree. It’s difficult to discount multiple credible sources. What’s not certain is the true extent of the problem. This can be debated. The numbers cited in the predictions are large, sensational numbers. Sensational numbers become news stories that get attention, drive traffic, and increase revenue. We don’t usually publish big numbers for pure altruistic purposes. We publish big numbers because we want your attention.
 
Here’s a reasonable take. We have a talent shortage problem. Predictions are predictions, some come true, some don’t. The extent of the problem is assumed to be significant, but really large numbers (without facts) are less credible. Don’t get wrapped up in the details because nobody has all the facts anyway.
 
Job Seeker Doubt
The greatest doubters of the talent shortage problem are the good people trying to land an information security job, but can’t. If there’s such a shortage, why can’t they find an opportunity? Legit question.
 
This take may not be a popular one, but the logic checks out. Getting a job is like matchmaking. Both sides have expectations and both sides are looking for a commitment. One side posts a profile about themselves and what they’re looking for in a relationship (job posting). The other side might post the same (resume). The job seeker is looking for a date and an eventual relationship, so they start browsing and asking for dates (interviews) with ideal mates (jobs/companies).
 
It’s not a lack of potential mates (jobs) that’s a problem, it’s the lack of dates and commitments. Here’s why…
 
1. Unrealistic expectations - one side or the other is looking for an ultra-attractive, physically fit, multi-millionaire mate, with a beautiful personality and sense of humor who loves puppies and world travel. Good luck.
2. You can’t get a date - maybe you’re not looking in the right places. Reconsider where you’re looking and get creative. Networking goes a long way because some jobs never get posted.
3. You get dates, but you can’t get someone to commit – I’m not happy saying this, but maybe it’s you. This is hard because it requires the most honesty.
 
Every situation is different. Seek a mentor, seek advice, be persistent, and don’t give up. The jobs are out there.
 
No Easy Button
We live in an easy button, shortcut world. It would be nice if there was a simple solution to this global problem, but there isn’t and there never will be. The solution is multi-faceted, requiring many initiatives, many people working together, and selflessness.
 
Can we get enough information security people working together, selflessly giving back to their communities and industry? I think so, but we have a ways to go.
 
Here are some of the initiatives that are already happening today:
 
• Continued growth and improvements in post-secondary education and degree programs.
• Continued/greater investment in K-12 STEM programs.
• Continued/greater investment in K-12 awareness and training programs (not necessarily STEM).
• Free high-quality online and in-person training.
• Free mentoring. Everyone should have a mentee and a mentor.
• Continued/greater investment in military security to private industry transition initiatives.
 
I’m sure there are many others, but these are a start. A single organized, centralized, sponsored approach would be great. Our industry is still immature, so this isn’t happening soon. At FRSecure, we’re excited for the 10th annual free CISSP Mentor Program.
 
There’s still time for you to attend! Please share what you’re doing to help, or what you’re willing to do. Maybe we can join forces.
 
Evan Francen is CEO & Co-Founder of FRSecure 
« UK And EU Will Connect With Cybersecurity After Brexit
Hackers Are Focused On Hijacking Payment Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Exabeam Cyberversity

Exabeam Cyberversity

Exabeam Cyberversity is a philanthropic program to help aspiring cybersecurity professionals navigate career options and increase industry-wide diversity through knowledge sharing and networking.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.