Why Is The Skills Shortage So Big?

Uploaded on 2020-04-29 in JOBS-Training, JOBS-Careers, FREE TO VIEW

The rapid growth of increasingly more complex cyber-attacks has been driving up the demand for qualified professionals to help defend businesses. Digitisation, sensitive data and privacy concerns mean businesses are crying out for technical specialists, managers, CISOs and people with cross-functional expertise.

Companies from different industries are expected to keep their customers’ data safe and secure, but the growing shortage of qualified cybersecurity professionals is making it difficult to do that. 

More than half of all organisations report a “problematic shortage” of cyber security skills, and there is no end in sight.
It is now estimated that the number of unfilled cyber security positions will grow to a staggering 3.5 million by 2021. 

The problem is not lack of ability in the existing workforce, nor lack of promising young people wanting to work in the field. The hard-to-fill roles tend to be those in cyber security areas with a lower profile, the less talked about specialisations.

Many employers are training their staff in specific products, rather than wider security frameworks, so staff aren’t getting the transferable skills they need. This means experienced cyber specialists spend most of their time dealing with emergencies, instead of planning for the future or training staff. 

In building a successful career in cyber security, choosing the right specialism and the right mix of skills to develop will give you an advantage in potential earnings and a greater choice of  employers

Be equally skilled in tech and legal
Specialising in cyber security and the law covers privacy, compliance and data protection legislation. These specialists, such as privacy officers and data protection officers, should be equally skilled in law and cybersecurity technology. They help companies find ways to organise digital data storage, processing and protection that comply with legislation.

The demand for cyber security and law specialists will grow as privacy and personal data regulations increasingly cover these services. Specialists in this area tend to be more skilled in law than technology. For example, data protection officers can usually tell the company how it should organise data processing and protection, but they can’t always say how to achieve that. When communicating with IT specialists, they need to know how to speak their language.

Be able to connect all the pieces
Cybersecurity architects design and test cyber security systems. It’s a more well-known role, but demand is still outstripping supply. Companies want experts who can see the whole picture and connect all the pieces to make one mechanism that works. Cybersecurity architects need to know as much detail as dedicated experts, but they need to know enough to build proper protection systems, such as how parts of the infrastructure work together. They also need strong management skills.

Be able to detect anomalies in constant white noise
While fewer workplaces need more exclusive specialisations like big data analysis, there’s still a lack of skilled people.
Big data analysts build mathematical models to detect anomalies. If a company needs advanced-level cyber protection or offers specific cyber security services like system integration, they’ll probably need a big data analyst. Ecommerce, banks and digital services also use big data analysis and math modeling, as does any business that holds data about user behavior and events. 

To detect behavior anomalies in constant white noise, and create algorithms to describe what happens in response, you’ll need strong analytical, mathematical, statistical and modeling skills, and in-depth knowledge of cyber-threats and attacks.
In the US, you could earn $117,000 as a cyber security data scientist

Strong on detection and response
There are still opportunities and room for improvement in traditional and common specialisations. As the cybersecurity industry has learned, no organisation can prevent all attacks and breaches, detection and response are now more central than threat prevention. Companies need to be able to track attacks and breaches early and minimise damage. This means SOCs need specialists who can detect threats and know what to do next. They’ll know how to create detection rules and algorithms for detecting attacks and incorrect user behavior.

Soft skills
Managers in cyber security often lack ‘soft skills’ like communication, leadership, negotiation and business sense. 
Cybersecurity managers should be able to organise their department’s work to meet business demands. They should be persuasive and able to speak in the language other parts of the business use. 

Leadership skills are one way to stand out from the crowd; it looks like most cyber security professionals don’t yet consider leadership skills a priority, even in top management positions. 

Filling the Skills Gap
As university programs are limited and academic, self-education is vital. Students should choose one or more specialism to develop. They should find out what skills and knowledge it requires, and proactively develop those using the many educational materials and communities out there. When you start work, CPD (continuing professional development) is the mindset to adopt. Taking on tasks that develop new skills will help your career, as well as avoiding too much routine, which can lead to burnout.

‘Learn by doing’ is still the most effective way to gain knowledge and skills. When you ask your peers and managers to involve you in activities around the knowledge and skills you need, you’ll learn quickly and gain confidence while distributing the workload. Everybody wins.

Employers can also help. Many companies, especially IT vendors, are investing in employee education, training and development around cyber security. Employees need to understand the business’s priorities and choose a direction they want to develop in.

Building a career means not only developing skills and knowledge but making these visible above and beyond daily routines. This means having the courage to put yourself forward. 

GovUK:       IPSOS:        Kaspersky:       Varonis:       CSO Online:       OneFile


You Might Also Read:

Every Single Employee Requires Cyber Security Training:

Cyber Jobs And Professional Training:

 

 

 

« Ransomware Authors Go Beyond Malicious Encryption
Massive Business Cost Savings With Effective Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

CyberRisk Alliance (CRA)

CyberRisk Alliance (CRA)

CyberRisk Alliance is a business intelligence company created to serve the rapidly evolving cybersecurity and information risk management marketplace.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.