The Cyber Skills Shortage & Training Gap - What Is The Solution?

Uploaded on 2022-01-11 in JOBS-Training, FREE TO VIEW

With large-scale data breaches increasing in not only frequency but also complexity, increasing cyber security resiliency should be a top priority for all industries.

According to the International System Security Certification Consortium (ICS2) there are more than 4.07 million unfilled cyber security positions across the world. 

With a lack of training for this undersubscribed role, the problem is only going to persist and progress.

Many businesses across the globe that do not have highly classified information put cyber security to the back of their minds. That is however, until a cyber attack occurs. More consideration needs to be taken to see what options are available for preventing these detrimental attacks. Proactively hiring cybersecurity staff and implementing cybersecurity technologies will help to ensure all areas of the business are secure.

Hiring Cyber Security Professionals

Many HR departments may have outdated hiring approaches, when compared to a new discipline such as cybersecurity which needs a different approach. Therefore, some companies will disregard an application due to a lack of qualifications even though a lot of successful cybersecurity professionals are self-taught and have a lot of hands-on experience. However, it is often that hands-on practice that makes a candidate so valuable. 
Most companies will go on a hiring spree in the aftermath of a cybersecurity incident and expect professionals, with over 10 years of experience, to flood in instantly. Unfortunately, this is not always the case.

With a lack of “qualified” candidates, instant hiring and results are unrealistic. It is essential that a proactive approach is adopted.

If companies invest in professionals at the beginning of their cyber career, enable their training and provide a fair wage, then they are more likely to keep hold of valuable staff and avoid costly attacks. This will partly be due to having preventative tactics already in place, but also not having to worry about hiring new people as soon as an attack has occurred.

Making Cyber Security Attractive

Unfortunately, hacking is now a lucrative profession and it is attracting a lot of rogue talent. Alongside this, businesses are not investing in the proper staff training to ensure that employees can appropriately handle the critical cyber threat landscape. There is no shortage of cybersecurity jobs in the market, but there is a shortage of experts taking the jobs. This is due to a number of factors, with low wages being one of them. It is up to businesses to make these roles more desirable, as a lack of cybersecurity implementations could lead to the demise of a business. 

Companies need to invest in supporting and training their employees, rather than expecting them to come fully experienced. Proactively investing in cybersecurity professionals, rather than only relying on them when an attack occurs, will allow employees to be trained properly for an attack. Salary and training are both costly, but they would likely save money by avoiding the attack.

Investing In Preventative Tactics, Rather Than Expensive Recovery

The importance of preventative tactics is sometimes not realised until it is too late and then there is no expense spared in getting everything back on track. 

Not only should companies invest in staff, but also in the technologies that staff implement and manage. By utilizing trusted computing technologies, businesses can be sure that their data and devices are protected and secure from any risks or potential threats. More than a billion devices include technology that leverages TCG standards, but the impact is small if people do not adopt them on a wide scale across all industries and businesses.

Knowledge is power in the fight against cyber attacks and with such a shortage of knowledge and skills in the industries most affected, it is essential that trusted computing technologies are used to their full potential.

Trusted Computing Group (TCG) provides standards and documentation that allows cybersecurity professionals to be up to date on the best techniques. For those highly experienced in cybersecurity, it is a chance to contribute to industry practices and keep up to date. If businesses with limited cybersecurity knowledge cannot afford to hire experts, they should reference information and documentation provided by organizations like TCG to get the support and guidance they need. For new employees in cybersecurity, TCG membership can provide access to workgroups that consist of seasoned experts to help them with the much-needed guidance and support for growth in the industry. 

Implementing Secure Technologies To Alleviate Pressure

TCG’s trusted computing standards are designed to be open and can be applied across many industries and sectors, as well as meet international security standards. Choosing which policies and security features to use in the design of software, hardware, or services is made easier with the knowledge that TCG standards that are applicable are tried and tested. This alleviates the need to re-engineer common security architectures in isolation. By carefully studying TCG documentation, a security architect can learn best practises that have been developed by seasoned and recognized industry experts from a multitude of diverse companies represented in TCG.

It is imperative that all industries understand the importance of cyber security technologies and professionals before they suffer an attack.

Once experts are hired, organizations should strive for continuous training of their cybersecurity staff with appropriate funding, alongside implementing new cyber security technologies to cover all areas of the business. 

Thorsten Stremlau is Co-chair of Trusted Computing Groups’s Marketing Work Group

You Might Also Read: 

Leading the Way in Cyber Security Skills:

 

« Apple’s Cyber Security Flaws Didn’t Stop It Reaching $3 Trillion
African Nations Join UN Cyber Crime Initiative »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.