Research carried out in 2020 for the Department for Digital, Culture, Media & Sport (DCMS) in the UK has estimated that over around 653,000 businesses have a basic cybersecurity skills gap – a worrying statistic in today’s tech-driven and IT-dependent world.
A survey by security provider Fortinet found that over 3 in 4 (76%) respondents felt that a lack of skills was putting their organisation at risk. Almost half (47%) said they had had as many as three security breaches in the past 12 months alone. The Enterprise Strategy Group (ESG) & Information Systems Security Association (ISSA)’s latest research report revealed that the cybersecurity skills gap has worsened for a fourth consecutive year.
Given the business critical need to protect businesses from cyber crime, organisations are on the hunt for individuals with the right background. Cybersecurity experts require knowledge in many different technical areas, notably networking, computer architecture, administration and management of operating systems such as Linux and Windows. And with cloud attacks on the rise, cloud security experience is particularly sought after.
These hard to find cybersecurity specialists need to have a deep understanding of malware intrusion and analysis to combat threats, as well as experience in virtualisation and cryptography. Identifying, discovering and tracking risks as well as carrying out penetration or 'pen' testing (authorised simulated attacks to test system security) are all requirements of the cybersecurity job. A strong base in programming languages such as Perl, Python, Java and C++ is also highly desirable as are certifications, for example the Certified Information Systems Security Professional (CISSP) accreditation.
Technical aptitude is one thing but the implementation of that knowledge in a business context is another. Cyber experts will also often have to present and distil complex subject matter to non-technical managers and customers alike, therefore strong communication is vital. The same DCMS survey found that job applicants were lacking in soft skills such as leadership and management.
There are several reasons why cybersecurity talent is hard to come by – as is the case with other fast evolving STEM disciplines. School leavers and graduates require more business related experience and training in technical and soft skills to make them more effective in the workplace. Diversity also remains a thorny issue, with only 15% of jobs in cybersecurity held by women, the lowest number of all digital disciplines. Employers should also consider people from other groups such as the neurodiverse or individuals with transferable skills from other sectors.
With the University of Maryland estimating that there is a hacker attack every 39 seconds, you might well be looking to hire your next security engineer, security analyst, security architect, security manager or consultant. Finding them isn’t so straightforward.
Learn more about our Tech & Digital practice