5 Steps for Proactive Cyber Risk Management
In January 2016, Forbes reported on the job prospects for those interested in a cybersecurity career:
More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a 2015 analysis of numbers from the Bureau of Labor Statistics by Peninsula Press, a project of the Stanford University Journalism Program. A report from Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest security software vendor.
On one hand, this is great news, especially for college students studying cybersecurity and for those who are thinking of a career change into a burgeoning and challenging field. On the other hand, this huge need for cybersecurity professionals is creating a severe skills gap, which is bad for organizations but good for cybercriminals taking advantage of poor security practices.
A study released by McAfee reveals the cybersecurity professionals shortage may be worse than many of us realized. The study looked at the need for cybersecurity skills across eight countries – Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom, and the United States – and focused on four primary cybersecurity efforts within the workplace: total cybersecurity spending, education programs, employer dynamics and public policies. The cybersecurity skills deficit is global, with all eight countries reporting serious concerns and three-quarters of respondents saying that government is not doing enough to invest in security-related talent.
Most concerning, but perhaps least surprising, is that more than 70 percent of the respondents said that this lack of cybersecurity skills has a direct negative impact. According to the report:
One in three say a shortage of skills makes their organizations more desirable hacking targets. One in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data through cyberattack.
The jobs are there. The need is clearly there. So what’s the problem? Why does there continue to be such a shortage, especially in a career where you can make decent money and which has huge growth potential? Chris Young, senior vice president and general manager of Intel Security Group, may have pinpointed a reason in a Security Magazine article. It’s a lack of urgency in solving the problem, he said, adding:
To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the frontline. Finally, we absolutely must diversify our ranks.
The shortage of cybersecurity professionals isn’t new, as I’ve been talking about this almost since I’ve begun writing my blog here. But in 2016, the need for security professionals has taken on a new sense of urgency. When will we stop questioning why there is such a skills gap and start shifting toward solutions?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.
