Cybersecurity Skills: Finding a Needle in a Cyber-Stack
By Zvi Azimov - Director of ZACK Group, Asia Pacific's fastest growing IT Vendor Recruitment firm & LinkedIn's Most Socially Engaged Specialist IT Staffing Agency in APAC.
It’s an ongoing battle: Are you, like many organizations, constantly facing the chronic shortage of skilled cybersecurity experts? According to research, this scarcity is making it almost impossible for the small and not-so-small firms to access talent to ensure the best cyber protection.
The research is there. In recent studies, respondents were asked to identify areas where they are experiencing a severe shortage of skills, and many of them pinpointed cybersecurity as the area where there's an immense shortage of talent – and this has been the case for some years now.
From the word of many IT professionals and countless studies like this one, one can only conclude that the shortage of cybersecurity skills is not going away any time soon. In fact, it is getting worse by the day. This shortage remains a big monumental threat to developed nations whose economy is fueled or sustained by technological innovations. The more advanced technology gets, the more advanced the skills to protect against the vulnerabilities of those technologies gets.
The How: The Insecurity of Cybersecurity
The real cause of the cybersecurity shortage is actually not a lack of talent, nor is it an undesirable profession. But if you were to ask someone interested in an IT career how to become a Cybersecurity Analyst, would they know? The fact that there isn’t a well-defined career path for people who are interested in pursuing a career in IT security, is the root of the cause. There are lots of people, especially across APAC, who are attracted to the idea of becoming a cybersecurity expert but don't know what exactly they need to do to achieve that dream.
More to the point, with technological advancement occurring at the rate it moves in the modern age, content and skills around Cybersecurity which is being taught in Computer Science or similar courses becomes obsolete by the time someone completes the course and graduates. These graduates often find themselves a fish out of water when entering the real world and finding that their studies are no longer relevant or outdated and need to go back to “square 1”.
Let’s compare this to the career path of a Human Resources professional. If a student was to seek advice on the exact subjects you need to take and the universities that can help you actualize your dream, the answer is almost common knowledge and the stepping stones are well-paved for HR.
The landscape is completely different for those who are interested in IT. There is often no clearly defined path to follow (unless you are looking at programming), which leaves aspiring IT experts confused on how to kick-start their career, who to ask or what direction to take.
From A to C-ybersecurity
So how can we address the root of the issue? Education.
Universities can help combat the problem of IT security professionals’ shortage by offering a degree in cybersecurity. They can also incorporate the economics and business aspect into the degree.
Graduates who are not only technically sound in IT security but also possess vast knowledge about the various operations of many companies, will increase their overall value as employees. Taking this one step further, the focus of these courses needs to shift away from the old method of teaching what is known, and move towards encouraging and fostering innovation.
Furthermore, the government can contribute by helping to create awareness through the immense benefits that exist in getting a degree in cybersecurity. It needs to find a way to assure universities that the field is viable enough to be invested into and the demand is recognized and met.
The New Talent Pool is Being Schooled
As a result of the availability of many graduates of IT security, firms will soon be confident of hiring people who have all the fundamentals needed to perform at the highest level. They can then easily train them on specific areas where their expertise is most needed.
In the meantime, some of the measures taken by smart Chief Information Security Officers (CISOs) of firms to cope with the problem of cyber skills shortage include:
- Adopting a holistic approach to Managing and utilizing security technology rather than following a tool by tool approach
- Making conscious efforts to automate their security processes
- Investing in their staff through capacity building, training, and adequate compensation and encouraging their staff to network with others through professional bodies, such as ISSA
- Switching to technologies that have capabilities for advanced analytics
How Other Parts of The World Are Addressing The Shortage:
I had the pleasure of being part of a trade mission to Israel with the Australia Israel Chamber of Commerce recently focused on Cyber, where a solution was glaringly obvious. Young men and women who are all conscripted into the Army at age 18 are put through vigorous testing to determine where they are best placed in the armed forces and who the brightest young minds are and those that show real mathematical and computer aptitude. These individuals are then put into a specialized Cyber army unit where they are effectively given a license to hack and innovate. They are considered the Top 1% of young minds in the country and admission to this army unit is coveted and considered a real achievement.
Through this system, alongside tertiary studies, the youth are able to come away from the experience with real-world knowledge and understanding of how to work in Cyber and make a real impact. These young men and women are often placed into jobs paying far above the country’s average salary in their first year in the workforce and many go on to found start-ups and build products that successfully go to market globally.
While this strategy must be deliberate and planned by a government prepared to play the long game and invest in creating an ecosystem to support this type of program, the success of the program in Israel is a great example of one way to address the skills shortage.
Having recently helped a number of companies find Sales and Technical talent in APAC including Singapore and Australia, I have personally experienced how scarce the talent available is around Cyber and how valuable these resources are to companies in need of assistance. Even with 10 years’ experience in Recruitment, I must admit that finding the best talent in the Cyber space can often seem like looking for a needle in a stack of needles. The good news, there are people in Australia with immense skills that I have had to pleasure of speaking with and representing to some of the most innovative companies I have had the pleasure of representing.
If you'd like to chat more about growing your business, you're welcome to drop me a LinkedIn message or call me on 0421 921 926.
For more information, visit ZACK.group or you can also follow us on LinkedIn, Facebook, Twitter or Instagram!
Digital Risk and Governance Executive | Cybersecurity and Privacy Practitioner | Digital Law | Board Director | Independent Expert
6yI would argue there is no shortage of skilled cyber professionals but rather, there is a shortage of appetite to pay skilled, qualified and experienced cyber professionals what they are worth. This so-called “shortage” is simply a push to bring so many people into the sector that it drives costs down for companies wanting these people.
Experienced Sales Professional |Software |SaaS |Business Development |Account Management | Channel Partner |
6yWell-written Zvi
CyberSecurity and Safe and Secure AI Transformation, Operational Leader, Board Advisor, CYAN member, Technology Influencer and Best Selling Author
6yI like the concept of assessing the top talent and placing them in elite squad to generate cyber security experts. I am not an advocate of military service, but it could be done here with a University offering a prestigious program and Federal Government stepping up with scholarships to attend. We waste a lot of talent in Australia due to the onerous cost of a decent education. I refer to Finland and Norway as great examples to educate. Good article Zvi!
CEO & Leadership Coach @ Judsons Coaching | Strategic Planning
6yOutstanding! Cybersecurity conversations are popping up more, and more in business.