The Cyber Skills Shortage & Training Gap - What Is The Solution?

With large-scale data breaches increasing in not only frequency but also complexity, increasing cyber security resiliency should be a top priority for all industries.

According to the International System Security Certification Consortium (ICS2) there are more than 4.07 million unfilled cyber security positions across the world. 

With a lack of training for this undersubscribed role, the problem is only going to persist and progress.

Many businesses across the globe that do not have highly classified information put cyber security to the back of their minds. That is however, until a cyber attack occurs. More consideration needs to be taken to see what options are available for preventing these detrimental attacks. Proactively hiring cybersecurity staff and implementing cybersecurity technologies will help to ensure all areas of the business are secure.

Hiring Cyber Security Professionals

Many HR departments may have outdated hiring approaches, when compared to a new discipline such as cybersecurity which needs a different approach. Therefore, some companies will disregard an application due to a lack of qualifications even though a lot of successful cybersecurity professionals are self-taught and have a lot of hands-on experience. However, it is often that hands-on practice that makes a candidate so valuable. 
Most companies will go on a hiring spree in the aftermath of a cybersecurity incident and expect professionals, with over 10 years of experience, to flood in instantly. Unfortunately, this is not always the case.

With a lack of “qualified” candidates, instant hiring and results are unrealistic. It is essential that a proactive approach is adopted.

If companies invest in professionals at the beginning of their cyber career, enable their training and provide a fair wage, then they are more likely to keep hold of valuable staff and avoid costly attacks. This will partly be due to having preventative tactics already in place, but also not having to worry about hiring new people as soon as an attack has occurred.

Making Cyber Security Attractive

Unfortunately, hacking is now a lucrative profession and it is attracting a lot of rogue talent. Alongside this, businesses are not investing in the proper staff training to ensure that employees can appropriately handle the critical cyber threat landscape. There is no shortage of cybersecurity jobs in the market, but there is a shortage of experts taking the jobs. This is due to a number of factors, with low wages being one of them. It is up to businesses to make these roles more desirable, as a lack of cybersecurity implementations could lead to the demise of a business. 

Companies need to invest in supporting and training their employees, rather than expecting them to come fully experienced. Proactively investing in cybersecurity professionals, rather than only relying on them when an attack occurs, will allow employees to be trained properly for an attack. Salary and training are both costly, but they would likely save money by avoiding the attack.

Investing In Preventative Tactics, Rather Than Expensive Recovery

The importance of preventative tactics is sometimes not realised until it is too late and then there is no expense spared in getting everything back on track. 

Not only should companies invest in staff, but also in the technologies that staff implement and manage. By utilizing trusted computing technologies, businesses can be sure that their data and devices are protected and secure from any risks or potential threats. More than a billion devices include technology that leverages TCG standards, but the impact is small if people do not adopt them on a wide scale across all industries and businesses.

Knowledge is power in the fight against cyber attacks and with such a shortage of knowledge and skills in the industries most affected, it is essential that trusted computing technologies are used to their full potential.

Trusted Computing Group (TCG) provides standards and documentation that allows cybersecurity professionals to be up to date on the best techniques. For those highly experienced in cybersecurity, it is a chance to contribute to industry practices and keep up to date. If businesses with limited cybersecurity knowledge cannot afford to hire experts, they should reference information and documentation provided by organizations like TCG to get the support and guidance they need. For new employees in cybersecurity, TCG membership can provide access to workgroups that consist of seasoned experts to help them with the much-needed guidance and support for growth in the industry. 

Implementing Secure Technologies To Alleviate Pressure

TCG’s trusted computing standards are designed to be open and can be applied across many industries and sectors, as well as meet international security standards. Choosing which policies and security features to use in the design of software, hardware, or services is made easier with the knowledge that TCG standards that are applicable are tried and tested. This alleviates the need to re-engineer common security architectures in isolation. By carefully studying TCG documentation, a security architect can learn best practises that have been developed by seasoned and recognized industry experts from a multitude of diverse companies represented in TCG.

It is imperative that all industries understand the importance of cyber security technologies and professionals before they suffer an attack.

Once experts are hired, organizations should strive for continuous training of their cybersecurity staff with appropriate funding, alongside implementing new cyber security technologies to cover all areas of the business. 

Thorsten Stremlau is Co-chair of Trusted Computing Groups’s Marketing Work Group

You Might Also Read: 

Leading the Way in Cyber Security Skills:

 

« Apple’s Cyber Security Flaws Didn’t Stop It Reaching $3 Trillion
African Nations Join UN Cyber Crime Initiative »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Airnow Cybersecurity

Airnow Cybersecurity

Airnow Cybersecurity provide digital cybersecurity services and solutions for organizations and app publishers.

DTS Systeme

DTS Systeme

DTS Systeme is an IT service provider with a focus on the core areas of datacenter, technologies and IT security.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.