This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.
Author: Michael Alicea, Chief Human Resources Officer, Trellix
- Cybersecurity professionals play a critical role in protecting society.
- As the volume of threats increases, leaders face a workforce deficit, with demand for talent in the cybersecurity industry far exceeding supply.
- By improving diversity and inclusion we can help close the talent gap.
Cybersecurity’s mission is simple: to protect people. Our industry defends against criminals attempting to steal data, gain money, or create distress. We prevent hackers from shutting down vital medical services, critical public utilities and ransoming private records. We stop nefarious access to voting systems meant to impede the free will of democracy.
Cybersecurity professionals are the unseen heroes keeping the inner mechanisms of society running. And as the volume of threats increases, cybersecurity leaders face a workforce deficit. This talent gap of 3.4 million global professionals, estimated by ISC2, places our industry – already square in the crosshairs of cyber criminals – at a crossroads. Our demand for talent far exceeds our supply.
Our inability to attract and retain qualified employees, our lack of diversity, and the challenging nature of security operations will widen this gap further unless we act now.
Costly cybersecurity skills gap
A survey by Trellix and Vanson Bourne shows that 85% of respondents believe the workforce shortage is impacting their organization’s ability to secure their networks. The survey included 1,000 cybersecurity professionals across nine countries.
Meanwhile, the Ponemon Institute found that the average cost of a single data breach in 2022 was $4.35 million. The demand for cybersecurity talent capable of reducing breaches and their costs is a global crisis, impacting both private and government sectors.
Lack of diversity and inclusion
The industry’s workforce is homogenized – 64% identified as white, 78% male, 95% with a bachelor’s degree, and 85% in IT, computer science, or technology major. Women, non-binary people, people of colour, our LGBTQ+ community and a variety of educational backgrounds, cultures, and countries are greatly underrepresented.
Cybersecurity hiring practices lean heavily toward four-year degrees, excluding qualified people who lack schooling but have earned certifications or completed other vocational training. Around 56% of security professionals believe people don’t need university degrees to have a successful career in cybersecurity. By contrast, cybercriminals hone their methods from diverse backgrounds without barriers such as education prerequisites.
Attrition due to stress
As the volume and complexity of threats increase, so does cybersecurity talent attrition. Security teams try to make sense of a relentless barrage of alerts. Long work hours of constant stress affect those who otherwise find their career meaningful—almost a third of the current workforce plans to change professions in the future. Increased workloads on existing staff lead to higher burnout rates while cybersecurity jobs remain open.
While there are no simple solutions to these severe challenges, new approaches within the industry and government initiatives can boost training, hiring, and retaining cybersecurity talent to make up ground against the gap.
Invest in people as the future of cybersecurity
By putting people at the heart of cybersecurity, we can pave a path for more people to do soulful work.
- Start early: We can positively expose our primary school children to cybersecurity early through age-appropriate curriculums. This could look like students doing coding activities in class or later in school, running the school’s network. It requires a review of cybersecurity education funding.
- Increase scholarship funding: Let’s increase scholarship funding and internship programmes, particularly at historically Black colleges and universities, liberal arts schools, and community colleges. This would enable more female and minority students to take advantage of academic opportunities and sharpen their cybersecurity skills.
- Activate mid-career recruiting: We can create more avenues for early and mid-career professionals to attract more experienced professionals into a career change. Around 92% of security professionals believe that more mentorships, internships, and apprenticeships would encourage people from diverse backgrounds to enter cybersecurity.
- Retain experience: Let’s not forget the talented professionals already working within the field. We must optimize our investment in their careers by solving internal frustrations such as pay gaps, unfriendly environments, lack of recognition for the positive work they do in society and lack of modern tools.
Revolutionize security operations
Scaling our cybersecurity teams isn’t all the work that needs to be done. Workloads must be reduced. Security operations leaders can support their teams by embracing automation and an extended detection and response (XDR) architecture to do their jobs more efficiently and effectively. Other industries have enterprise platforms, but cybersecurity has not adopted one yet. Moving to an open XDR platform is the revolutionary solution needed.
There’s a clear path forward to solving our lack of diversity and overcoming our talent deficit. It involves attracting more bright individuals across genders, races, ages, ethnicities, and orientations. It includes enticing more skilled workers in search of more purposeful careers and more fulfilling lives.
We can meet the moment by creating pathways for people from diverse backgrounds and equipping security operation employees with the tools they need to make their jobs and lives easier.
[…] Reference Link How more diverse recruitment can help close the cybersecurity talent gap […]