The Cyber Skills Shortage & Training Gap - What Is The Solution?

With large-scale data breaches increasing in not only frequency but also complexity, increasing cyber security resiliency should be a top priority for all industries.

According to the International System Security Certification Consortium (ICS2) there are more than 4.07 million unfilled cyber security positions across the world. 

With a lack of training for this undersubscribed role, the problem is only going to persist and progress.

Many businesses across the globe that do not have highly classified information put cyber security to the back of their minds. That is however, until a cyber attack occurs. More consideration needs to be taken to see what options are available for preventing these detrimental attacks. Proactively hiring cybersecurity staff and implementing cybersecurity technologies will help to ensure all areas of the business are secure.

Hiring Cyber Security Professionals

Many HR departments may have outdated hiring approaches, when compared to a new discipline such as cybersecurity which needs a different approach. Therefore, some companies will disregard an application due to a lack of qualifications even though a lot of successful cybersecurity professionals are self-taught and have a lot of hands-on experience. However, it is often that hands-on practice that makes a candidate so valuable. 
Most companies will go on a hiring spree in the aftermath of a cybersecurity incident and expect professionals, with over 10 years of experience, to flood in instantly. Unfortunately, this is not always the case.

With a lack of “qualified” candidates, instant hiring and results are unrealistic. It is essential that a proactive approach is adopted.

If companies invest in professionals at the beginning of their cyber career, enable their training and provide a fair wage, then they are more likely to keep hold of valuable staff and avoid costly attacks. This will partly be due to having preventative tactics already in place, but also not having to worry about hiring new people as soon as an attack has occurred.

Making Cyber Security Attractive

Unfortunately, hacking is now a lucrative profession and it is attracting a lot of rogue talent. Alongside this, businesses are not investing in the proper staff training to ensure that employees can appropriately handle the critical cyber threat landscape. There is no shortage of cybersecurity jobs in the market, but there is a shortage of experts taking the jobs. This is due to a number of factors, with low wages being one of them. It is up to businesses to make these roles more desirable, as a lack of cybersecurity implementations could lead to the demise of a business. 

Companies need to invest in supporting and training their employees, rather than expecting them to come fully experienced. Proactively investing in cybersecurity professionals, rather than only relying on them when an attack occurs, will allow employees to be trained properly for an attack. Salary and training are both costly, but they would likely save money by avoiding the attack.

Investing In Preventative Tactics, Rather Than Expensive Recovery

The importance of preventative tactics is sometimes not realised until it is too late and then there is no expense spared in getting everything back on track. 

Not only should companies invest in staff, but also in the technologies that staff implement and manage. By utilizing trusted computing technologies, businesses can be sure that their data and devices are protected and secure from any risks or potential threats. More than a billion devices include technology that leverages TCG standards, but the impact is small if people do not adopt them on a wide scale across all industries and businesses.

Knowledge is power in the fight against cyber attacks and with such a shortage of knowledge and skills in the industries most affected, it is essential that trusted computing technologies are used to their full potential.

Trusted Computing Group (TCG) provides standards and documentation that allows cybersecurity professionals to be up to date on the best techniques. For those highly experienced in cybersecurity, it is a chance to contribute to industry practices and keep up to date. If businesses with limited cybersecurity knowledge cannot afford to hire experts, they should reference information and documentation provided by organizations like TCG to get the support and guidance they need. For new employees in cybersecurity, TCG membership can provide access to workgroups that consist of seasoned experts to help them with the much-needed guidance and support for growth in the industry. 

Implementing Secure Technologies To Alleviate Pressure

TCG’s trusted computing standards are designed to be open and can be applied across many industries and sectors, as well as meet international security standards. Choosing which policies and security features to use in the design of software, hardware, or services is made easier with the knowledge that TCG standards that are applicable are tried and tested. This alleviates the need to re-engineer common security architectures in isolation. By carefully studying TCG documentation, a security architect can learn best practises that have been developed by seasoned and recognized industry experts from a multitude of diverse companies represented in TCG.

It is imperative that all industries understand the importance of cyber security technologies and professionals before they suffer an attack.

Once experts are hired, organizations should strive for continuous training of their cybersecurity staff with appropriate funding, alongside implementing new cyber security technologies to cover all areas of the business. 

Thorsten Stremlau is Co-chair of Trusted Computing Groups’s Marketing Work Group

You Might Also Read: 

Leading the Way in Cyber Security Skills:

 

« Apple’s Cyber Security Flaws Didn’t Stop It Reaching $3 Trillion
African Nations Join UN Cyber Crime Initiative »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Chertoff Group

Chertoff Group

The Chertoff Group provide security advice and risk management services covering cyber security, insider threat, physical security and asset protection.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

SureCloud

SureCloud

SureCloud is a Governance, Risk and Compliance (GRC) and Cybersecurity Solutions provider.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.