Struggling With The Cyber Security Skills Shortage

Uploaded on 2020-10-13 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Nearly three out of four organisations are struggling with a gap in security skills.  While non-IT professionals  consider cyber security professionals in a positive light, few of them are interested a career in IT. In fact, 68% of all IT and security professionals say they have to work on advancing their cyber skills on their own time.

New research shows how security skills are lacking across multiple IT disciplines,  including network engineers, systems administrators and cloud developers. 

According to new data from Cybrary, 46% of organisations do not confirm new-hires' skills for specific roles and 40% rarely or never assess the skills of newly on-boarded team members. IT and security professionals are avidly working to improve their skills on their own personal time, even while reporting cost and lack of time as significant barriers. Respondents overwhelmingly preferred online learning for job-related skills (62%) including online courses, virtual labs, and web-based media to help them gain new skills for improving current job performance and advancing their careers. 

According to survey respondents, IT and security professionals want to improve their job skills with 40% spending time every day, while another 38% at least once a week. Nearly half (48%) invest their own time before and after work, or on weekends (20%) to improve their skills. However, cost (33%) and lack of time (28%) are the main barriers preventing IT and security professionals from getting the skills development training they need to do their jobs to the best of their abilities. Even more disturbing, 40% say these barriers have a major/severe impact on developing their skills. 

Another report by the Enterprise Strategy Group (ESG), and the Information Systems Security Association (ISSA) professionals reveal that cyber security skills continue to deteriorate for the fourth year in a row. This situation has affected over 70% of organisations putting their operations at risk. 

The data uncovered in this research year over year also demonstrates that there are multiple issues contributing to the problem of “a cybersecurity skills gap.” 

This includes the problem that businesses don’t understand the role of information security and there is no clear and agreed upon career map within our profession, and cyber security professionals are under constant stress of attempting to improve collaboration efforts with IT. 

Respondents clearly indicated a preference for learning through online, self-paced courses (38%) along with online virtual labs (17%). Their motivation appears to focus on improving their current job performance (25%) or advancing their careers (29%), rather than pursuing a new career path (13%). 

IT and security team members are not getting the full support they need to improve skills since about half of organisations have either decreased their training budgets (22%) or kept them the same (25%) this past year. Even more disturbing, 16% of respondents report their organisations do not have any training budget at all. 

The studies show that the lack of a well-defined career path for cyber security professionals was mainly to blame for the cyber security skills gap. 

About 68% of the professionals interviewed did not have a defined career path. Additionally, historical solutions implemented to address the problem only made it worse. The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities. About 68 percent of the cyber security professionals surveyed said they don’t have a well-defined career path. They say they don’t have basic growth activities, such as finding mentor, getting basic cyber security certifications, taking on cyber security internships and joining a professional organisation, are missing steps in their endeavors.

The survey also found that many professionals start out in IT, and find themselves working in cyber security without a complete skill set. 

A full 63 percent of respondents in the survey said they’ve worked in cyber security for less than three years, with 76 percent starting as IT professionals before switching their career to cyber security. All of this comes as cyber-attacks continue to ramp up. Survey respondents were asked to compare the status of cyber-adversaries with that of cyber-defenders, and 67 percent of respondents said they believe that cyber adversaries have a big advantage.

ISSA:   CPO Magazine:   Infosecurity Magazine:   Threatpost:     Dark Reading:

You Might Also Read

Sentiment About Cyber Security Professionals Improves:

 

 

« The Same Russians Who Hacked Clinton Are Targeting Biden
Technology Trends to Watch Out For »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Agile Underwriting

Agile Underwriting

Agile, an underwriting agency, insurtech and Coverholder at Lloyd's, provides niche insurance products across Aviation, Marine & Cargo, Cyber and Financial Lines.

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.

Charm Security

Charm Security

Charm Security is an AI-powered customer security platform that protects organizations and their customers from scams, social engineering, and human-centric fraud.