The scarcity of qualified talent in the IT sector is especially pronounced in the area of cybersecurity. Let’s explore what makes the security pro one of the most sought-after personas in IT.
The Threat Landscape in 2024
The SolarWinds Day: A Trusted Vision for Government IT event in March of this year painted a stark picture of the threat landscape as it currently stands. SolarWinds CEO Sudhakar Ramakrishna explained that private and public organizations are fighting an “asymmetric war” with bad actors, while the panel discussion highlighted a troubling shift from intellectual property theft and disruption of the private sector to the targeting of critical infrastructure, such as hospitals. All the while, artificial intelligence (AI) and machine learning (ML) are making for ever more sophisticated attacks, and this has accelerated the demand for skilled cybersecurity professionals. The IT industry is crying out for people in a range of roles, including cybersecurity engineer, infosec analyst, network security architect, security software developer, penetration tester, application security engineer, malware analyst, and computer forensics analyst. In many cases, the available budget suggests that all these roles would ideally be carried out by a single person. Good luck with that, considering how the market is struggling to keep up.
What Makes a Cybersecurity Pro?
Mastering the fundamentals of data transmission and networking forms the foundation of a cybersecurity career. The ideal candidate must be able to secure these networks against unauthorized access using firewalls, VPNs, and other specialized tools. But this can only be the beginning, considering the dynamics of the modern workspace, decentralized applications, and multi-cloud deployments. Proficiency in security incident and event management (SIEM) systems, intrusion detection, and penetration testing is crucial. Beyond tech know-how, cybersecurity pros should also have a range of soft skills, among them attention to detail, critical thinking, and a knack for clear communication. Given the requirements, the truly perfect candidate may be a rarity. As one article puts it: “Too many organizations hiring cybersecurity talent are looking for unicorns—those candidates who are able to check off every single box on the application form. It is important to remember that technical skills can often be taught.” We’ll return to this shortly, but first, let's examine what's causing the lack of cybersecurity talent and what can be done to address it.
Searching for the Root of the Talent Crisis
It’s not just the proliferation of cyberattacks that is driving demand for security pros beyond what the talent market can provide. Poor uptake of STEM subjects and outdated curricula have been cited as reasons why the education sector is failing to produce the cybersecurity professionals the IT industry so desperately needs. Given the danger posed to public sector enterprises, some form of government intervention seems sensible. In the UK, the Department for Science, Innovation, and Technology (DSIT) this year launched a drive to get more people to sign up for Digital Skills Bootcamps in cloud computing, cybersecurity, software development, and more. £550 million of funding is aiming to upskill 64,000 people through boot camps by 2025. In the meantime, what can enterprises do to take matters into their own hands?
The Power of Human Sustainability
Sometimes, the answer comes from within. One Orange Matter™ article encourages leaders to adopt a human sustainability mindset and invest in training programs so employees can add new skills to their resumes. “This (helps) the company bridge critical talent gaps while demonstrating a commitment to investment in their employees’ development.” The piece also advocates for “rotating high performers across different domains to prevent stagnation while cultivating a broader range of expertise. Additionally, providing opportunities for employees to connect with in-house industry thought leaders is a proven strategy.” If your enterprise is consistently unable to fill key roles, why not identify the cybersecurity leaders in your org and put processes in place that allow them to educate colleagues? Proactive internal approaches like this return agency to your enterprise. Consistently cultivating an educated workforce means that, over time, organizations can insulate themselves from the worst effects of the talent crisis while keeping their data safe from threats.
An Overview of Key Cybersecurity Tools
It’s worth bearing in mind that while technology like AI is fueling cybercrime, the biggest security risk is still us, the humans. That’s why it’s so important to implement tools to protect the talent at your disposal from stress, overwork, and the risk-inducing errors that can result. A multi-layered approach is the best way to minimize risk and mitigate the impact. Next-Generation Firewalls (NGFWs) offer more sophisticated inspection capabilities than their predecessors, including deep packet inspection and intrusion prevention systems. Security Information and Event Management (SIEM) systems provide real-time analysis of security alerts generated by applications and network hardware. Endpoint Detection and Response (EDR) solutions offer continuous monitoring and response to advanced threats. And, of course, AI and ML-driven security tools enhance the detection of novel and sophisticated cyber threats by analyzing patterns and predicting potential breaches. Lastly, Cloud Access Security Brokers (CASBs) have become essential for organizations utilizing cloud services; they provide visibility, compliance, data security, and threat protection. Likewise, a proper secrets management solution for DevOps environments will bring additional benefits. While it’s naïve to assume there is a technological solution to every problem, carefully choosing the proper tools can at least lighten the load on the cybersecurity professionals at your disposal. From here, it’s much easier to deploy them to help broaden the skillsets of their teammates.
Redefining the Modern Enterprise
The prevailing school of thought holds that modern enterprises should recruit ready-made experts to do the job at hand. But the drawbacks of such an approach are laid bare in the current talent climate, as seen in the shortage of cybersecurity professionals. Any successful organization is a reservoir of experience, knowledge, and expertise. Given the structures and resources at their disposal, leaders should extend the operations of their organization to accommodate continuous education programs. This approach helps ensure a steady stream of loyal and capable employees, nurtured through direct mentorship from experienced staff and motivated to return your company’s investment in their development. The outcome? A self-sufficient organization that consistently meets its objectives, regardless of the state of the talent market.
Could the biggest threat be coming from within your organization? Read Sascha’s article on shadow AI here.