What’s causing the cybersecurity skills gap?


How the Industry is Strangling Cybersecurity Career Development

It seems that not a day goes by without another news article cropping up bemoaning the global cyber security skills shortage, but very few cut to the root of the issue. Part of the problem relates to the term ‘cyber’ and the mystique associated it. All but the security industry seems to hold a widespread view that ‘cyber’ is a new term, and the issues of computer security have only manifested within the last five years. In reality, security (or a lack thereof) has existed for as long as we have had computers, networks and the Internet; we’ve simply rebranded what was once computer and network security to its more media friendly new name of cybersecurity. In looking at the large talent pool of information and network security specialists out there, it seems strange that there is a cybersecurity skills shortage, but the issues lies in the fact that our industry is not doing a great job in attracting, harnessing and nurturing new talent – i.e. building tomorrow’s cybersecurity workforce.

Many companies don’t seem to understand how to align their security functions with the rest of the organisation. The responsibility for security often gets rotated around the business like a never-ending game of pass the parcel, in an attempt to find an executive willing to take ownership of the problem (which often is seen as the proverbial hot potato). Without wishing to get into an ideological debate relating to the optimal reporting line for the cybersecurity function and where the CISO should sit within the executive team, the skills issue has disrupted the development and maturation of cybersecurity career paths. We see organisations attempting to align cybersecurity professionals’ careers to existing IT architecture or IT/network support disciplines (or sometimes Enterprise Risk or General Compliance), which simply doesn’t work. The attributes and experience needed to develop and grow a cybersecurity career are markedly different from those required to be successful within a general technology function…Click HERE to read full article.