As the demand for cybersecurity professionals continues to rise against the backdrop of a job candidate shortage, employers are reporting that only half of the applicants (or fewer) actually meet the qualifications.
This situation has been highlighted by a number of recent studies, surveys and reports from the likes of ISACA, Tripwire and Cisco, that also identified the recruitment and training challenges the cybersecurity industry is facing, as well as the challenges of keeping hold of skilled cybersecurity professionals in a market where salaries are competitive and job roles plentiful.
New data from industry association ISACA shows that identifying and recruiting qualified cybersecurity professionals is taking longer, with 32% of organisations saying that filling a position takes six months, up from 26% last year, whilst more than 60% of organisations claim that positions sit vacant for at least three months.
Tripwire found that the rapidly transforming technology and threat landscapes are a major factor in such difficulties. Almost all respondents to their survey (93%) confirmed that the skills required to be an effective security professional have changed significantly over the past few years. New skillsets now in demand include a mix of physical, virtual, cloud, DevOps and operational technology environments. Among the high-demand positions are security engineer, penetration tester and cloud security engineer.
If that wasn’t enough, ISACA’s recent report also highlighted that existing cybersecurity professionals were also lacking in business acumen, a skill that was highlighted by 34% of ISACA’s respondents as being a necessity for cybersecurity personnel who need to communicate with business stakeholders.
The result of this steadily widening cybersecurity talent gap is that organisations are increasingly considering alternative options and non-traditional methods of hiring and training their workforce.
In some cases, this might be hiring an employee in a non-technical role. For example, the attention to detail and accuracy with numbers of accountants and legal experts may give them a head-start for certain security and assurance roles.
So how do we deal with the recruitment challenges employers are currently facing? One clear trend identified in the ISACA study is a lower reliance on some of the more exacting job requirements specified for entry-level cybersecurity positions.
Cybersecurity apprenticeships may provide a way to combat the shortage, but ultimately we need to change the way we think about the skills required to become a cybersecurity expert. If we don’t, the shortage will continue to grow and the red hats will find it easier to exploit security vulnerabilities, a scenario we cannot allow to happen.
European Product Manager