Closing The Cyberskills Gap

It is commonly agreed that cybersecurity is a huge issue that companies and governments need to treat as a priority, but finding people who have the knowledge to do so is proving to be a challenge. Policy and decision makers in the field of cybersecurity point to an enduring problem: a skills gap.
This is a problem for many reasons, not least of which is the financial consequences that a data breach has on a company. A report from Ponemon, which considered 350 companies in 11 countries, found that the  “consolidated total cost of a data breach is $3.8 million, a 23% increase since 2013.” There is no question that it is in a company’s best financial and long-term interest to hire and maintain people to oversee a systematic cybersecurity strategy, but the question remains: where do you find them?
The United States Bureau of Labor Statistics (BLS) reports that the “demand for cybersecurity jobs is expected to grow by 53% over the next two years.” But the reason why there is not an adequate supply to match that demand is not so straightforward. The first reason, of course, is education. While it had long been believed that that university education in a field like computer science or related technical discipline was the best way to earn a position at a respected company or firm, this is not necessarily the case anymore. A report by Center for Strategic and International Studies (CSIS) which looked at the cybersecurity workforce found that “A bachelor’s degree in a technical field is ranked third by survey respondents among most effective ways to acquire cybersecurity skills, behind hands-on experience and professional certifications. This contradiction indicates that a degree is more of a signal of general competence than an indicator of directly relevant cybersecurity skills.”

In addition to the issue of education, there is the fact that it wasn’t until recently that full-time, well-salaried cybersecurity positions were commonly advertised on the technical job market. Even if someone with the necessary skills or interests wanted such a job, they wouldn’t have been able to find one, meaning they were disincentivized from pursuing any hands-on experience that would have boosted their skills. When a skillbase is based on experience and repetition, it’s difficult to build it up overnight when there is a sudden demand for it.
With a dearth of technical in-house expertise covering areas such as intrusion detection, secure software development, and attack mitigation, many companies have reportedly been outsourcing some or all of their cybersecurity needs. But this has serious risks associated, as a contracted worker will not have the same intimate knowledge of a company’s inner workings that is often necessary to design and implement a comprehensive cybersecurity strategy.
Another potential solution is to tap into the cybersecurity talent pool very early on by focusing on the few university programs that are offering such coursework. FastCompany recently reported on a company called BullGuard, a UK-based personal security company. “Since cybersecurity is a relatively new field, professionals in the sector tend to pick up expertise on the job. It’s only more recently that universities have started seriously ramping up programs. But BullGuard finds that’s been happening internationally, not just in the U.S., so it’s making moves to tap into those talent pipelines pretty much as soon as they’re constructed.”
By giving interested students a place to hone their skills in a real world environment, it increases the likelihood that they will stay in the cybersecurity field as a more permanent career choice. Moves like these aren’t necessarily going to close the skills gap for good, but they are certainly accelerating the relevant education paths necessary to create future professionals.