The Cyber Skills Shortage & Training Gap - What Is The Solution?

With large-scale data breaches increasing in not only frequency but also complexity, increasing cyber security resiliency should be a top priority for all industries.

According to the International System Security Certification Consortium (ICS2) there are more than 4.07 million unfilled cyber security positions across the world. 

With a lack of training for this undersubscribed role, the problem is only going to persist and progress.

Many businesses across the globe that do not have highly classified information put cyber security to the back of their minds. That is however, until a cyber attack occurs. More consideration needs to be taken to see what options are available for preventing these detrimental attacks. Proactively hiring cybersecurity staff and implementing cybersecurity technologies will help to ensure all areas of the business are secure.

Hiring Cyber Security Professionals

Many HR departments may have outdated hiring approaches, when compared to a new discipline such as cybersecurity which needs a different approach. Therefore, some companies will disregard an application due to a lack of qualifications even though a lot of successful cybersecurity professionals are self-taught and have a lot of hands-on experience. However, it is often that hands-on practice that makes a candidate so valuable. 
Most companies will go on a hiring spree in the aftermath of a cybersecurity incident and expect professionals, with over 10 years of experience, to flood in instantly. Unfortunately, this is not always the case.

With a lack of “qualified” candidates, instant hiring and results are unrealistic. It is essential that a proactive approach is adopted.

If companies invest in professionals at the beginning of their cyber career, enable their training and provide a fair wage, then they are more likely to keep hold of valuable staff and avoid costly attacks. This will partly be due to having preventative tactics already in place, but also not having to worry about hiring new people as soon as an attack has occurred.

Making Cyber Security Attractive

Unfortunately, hacking is now a lucrative profession and it is attracting a lot of rogue talent. Alongside this, businesses are not investing in the proper staff training to ensure that employees can appropriately handle the critical cyber threat landscape. There is no shortage of cybersecurity jobs in the market, but there is a shortage of experts taking the jobs. This is due to a number of factors, with low wages being one of them. It is up to businesses to make these roles more desirable, as a lack of cybersecurity implementations could lead to the demise of a business. 

Companies need to invest in supporting and training their employees, rather than expecting them to come fully experienced. Proactively investing in cybersecurity professionals, rather than only relying on them when an attack occurs, will allow employees to be trained properly for an attack. Salary and training are both costly, but they would likely save money by avoiding the attack.

Investing In Preventative Tactics, Rather Than Expensive Recovery

The importance of preventative tactics is sometimes not realised until it is too late and then there is no expense spared in getting everything back on track. 

Not only should companies invest in staff, but also in the technologies that staff implement and manage. By utilizing trusted computing technologies, businesses can be sure that their data and devices are protected and secure from any risks or potential threats. More than a billion devices include technology that leverages TCG standards, but the impact is small if people do not adopt them on a wide scale across all industries and businesses.

Knowledge is power in the fight against cyber attacks and with such a shortage of knowledge and skills in the industries most affected, it is essential that trusted computing technologies are used to their full potential.

Trusted Computing Group (TCG) provides standards and documentation that allows cybersecurity professionals to be up to date on the best techniques. For those highly experienced in cybersecurity, it is a chance to contribute to industry practices and keep up to date. If businesses with limited cybersecurity knowledge cannot afford to hire experts, they should reference information and documentation provided by organizations like TCG to get the support and guidance they need. For new employees in cybersecurity, TCG membership can provide access to workgroups that consist of seasoned experts to help them with the much-needed guidance and support for growth in the industry. 

Implementing Secure Technologies To Alleviate Pressure

TCG’s trusted computing standards are designed to be open and can be applied across many industries and sectors, as well as meet international security standards. Choosing which policies and security features to use in the design of software, hardware, or services is made easier with the knowledge that TCG standards that are applicable are tried and tested. This alleviates the need to re-engineer common security architectures in isolation. By carefully studying TCG documentation, a security architect can learn best practises that have been developed by seasoned and recognized industry experts from a multitude of diverse companies represented in TCG.

It is imperative that all industries understand the importance of cyber security technologies and professionals before they suffer an attack.

Once experts are hired, organizations should strive for continuous training of their cybersecurity staff with appropriate funding, alongside implementing new cyber security technologies to cover all areas of the business. 

Thorsten Stremlau is Co-chair of Trusted Computing Groups’s Marketing Work Group

You Might Also Read: 

Leading the Way in Cyber Security Skills:

 

« Apple’s Cyber Security Flaws Didn’t Stop It Reaching $3 Trillion
African Nations Join UN Cyber Crime Initiative »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Chatham House Cyber Conference

Chatham House Cyber Conference

14 June 2023 - Connect with cyber security experts and senior policymakers to explore the role of cyber security in the global economy and how to deliver an open and secure internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

UK Research & Innovation (UKRI)

UK Research & Innovation (UKRI)

UKRI works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.