Posted on by

The future of cybersecurity: A plan to fill the workforce gap and protect the world

The cybersecurity industry has consistently faced a shortage of skilled people in the profession. According to a Cybersecurity Workforce Study by the International Information System Security Certification Consortium, Inc., or (ISC)2, the global cybersecurity workforce gap grew by more than 26 per cent year-over-year in 2022, despite adding more than 464,000 people to the profession.

This gap has been driven by the acceleration of digitalisation brought about by the pandemic, rapid advancements brought about by Industry 4.0 technologies, as well as the increased prevalence of cyber threat actors keen to take advantage of these trends to further their own nefarious objectives.

More importantly, this gap has increased the risks of cyberattacks to organisations as existing practitioners struggle to keep up with the increased threats and evolving landscape.

We need to hire cybersecurity professionals from all disciplines

Cybersecurity professionals are typically hired from disciplines related to IT and networking roles. This is a sensible approach as people in these disciplines have knowledge or skillsets that are complementary to cybersecurity roles, such as system administration, programming and networking.

However, as evidenced from the numbers, we are unable to narrow the cybersecurity workforce gap just by hiring from this limited pool of people. There are increased competing demands for people with such skillsets, especially from emerging Industry 4.0 technologies such as Artificial Intelligence (AI), Internet of Things (IoT) and advanced robotics.

Also Read: How the need to survive pushed this founder into the depths of cybersecurity

To fill the workforce gap, we need to hire cybersecurity professionals from outside the traditional industries of IT and networking. This may be contrary to existing mainstream hiring practices where hard skills are often prioritised first, but there is method in this “madness”, especially in the field of cybersecurity.

Hard skills are nice, but aptitude is cardinal

For example, 10 years ago, a Security Operations Centre (SOC) would typically employ static Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS) for security monitoring operations. Today, a typical SOC would be capable of performing proactive Threat Hunting (TH), employ Artificial Intelligence (AI) to detect anomalies, and use automated orchestration tools.

An engineer who had joined a SOC 10 years ago knowing how to operate an SIEM, would not be able to rely on that same skillset in a SOC today, unless he picked up new skills in TH or AI or automation tools.

Hence, a potential candidate should not be assessed primarily on their current or past skills but more on their aptitude or their ability to pick up new skills and knowledge. This is even more relevant in the cybersecurity industry, where technologies and methods are expected to change every two to three years, and candidates need to have the right aptitude and attitude to pick up new skills quickly, relearn or even unlearn old skills.

Need of the hour

Structured Training is critical for candidates outside the industry to join the cybersecurity workforce and hit the ground running.

With the right aptitude, a potential candidate will have a much higher chance of transiting successfully into the cybersecurity industry. However, having just aptitude is insufficient for the candidate to transit, as manpower-starved employers are looking for candidates with the necessary skillsets to hit the ground running rather than having to train them by themselves.

The skills acquisition process can be complicated for a candidate from outside the IT industry. Firstly, they would potentially be looking at hundreds of cybersecurity certifications, of which many of these might not be suitable for the candidate’s expertise level or might not provide the correct skillsets for a particular job. Secondly, some might not be able to afford the training costs upfront, or commit the time to attain these skillsets on a part-time basis. Thirdly, some candidates simply learn better with a trainer, as a trainer would be able to bring them through more difficult concepts, customise the programme to the candidate’s ability, or contextualise cybersecurity concepts to practical scenarios.

Also Read: 9 tips for creating a remote work cybersecurity policy

Hence, a structured training programme which is focused on practical skills, led by experienced trainers and practitioners, and enables the candidate to focus on training full-time, is a critical enabler for these candidates to transit successfully and hit the ground running.

Benefits of hiring cybersecurity professionals from outside the industry

Hiring cybersecurity professionals from outside the industry will enable us to narrow the cyber workforce gap in a sustained manner. This will benefit organisations looking to reinforce their cybersecurity workforce to defend against increasing threats, as well as the candidates who can look forward to meaningful and challenging work and good career prospects.

However, the benefits go beyond that. The cybersecurity community will also benefit from alternative skillsets that these candidates bring in, which are not native to the cybersecurity community. For example, a former power engineer will bring with him knowledge about power systems which will enable him to defend industrial control systems (ICS) better.

A former law associate will be able to contribute significantly to legal and policy developments in the cybersecurity domain, which is currently very nascent. A former sales executive would be very valuable as a cybersecurity solutions sales engineer or consultant. The possibilities are endless.

This is how we can fill the cybersecurity workforce gap and protect the world.

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic

Join our e27 Telegram groupFB community, or like the e27 Facebook page

Image credit: 123rf-videoflow

The post The future of cybersecurity: A plan to fill the workforce gap and protect the world appeared first on e27.