on 14 September 18
PwC’s 2018 CEO survey has highlighted a continued hardening of global attitudes to security, with the top four threats to business growth prospects now including terrorism, geopolitical uncertainty, over-regulation and cyber threats. This shift is reflected by the language now used publicly – by government and business leaders alike – as highlighted by the US Department of Homeland Security’s recent announcement of its investigation into an attack on a critical infrastructure facility. There is growing rhetoric that the risk of sponsored cyber-attacks on (inter)national infrastructure could cause economic chaos.
But after endemic under-investment in skills development for over a decade, Jim Kennedy, VP & GM Americas, Certes Technology, explains it is time for a significant change in approach to safeguard business.
Supply versus demand
Organizations now recognize that investment in security is a necessity. Yet with a current estimated 350,000 open CyberSecurity positions in the US, and a predicted global shortfall of 3.5 million cyber security jobs by 2021, the industry clearly has a massive problem regarding supply and demand. And while it is fair to say that the escalation in cyber threats has created an unprecedented need for individuals with skills, talent and experience, it is a combination of chronic under-investment in training and education; market misalignment and a lack of self-marketing that is at the heart of the skills shortage problem.
Organizations now recognize that investment in security is a necessity. Yet with a current estimated 350,000 open cyber security positions in the US, and a predicted global shortfall of 3.5 million cyber security jobs by 2021, the industry clearly has a massive problem regarding supply and demand. And while it is fair to say that the escalation in cyber threats has created an unprecedented need for individuals with skills, talent and experience, it is a combination of chronic under-investment in training and education; market misalignment and a lack of self-marketing that is at the heart of the skills shortage problem.
There are so many flaws in the current model. The industry is frankly appalling at selling itself; at inspiring the next generation by demonstrating that IT can be an exciting and financially rewarding career. In addition, training has over the past decade become almost exclusively product focused – with vendor ‘academies’ teaching individuals about specific product sets, rather than security framework requirements, a move that has further weakened the depth of expertise offered by any one individual.
This approach is simply not sustainable – for IT providers or organizations desperate to access essential cyber security skills. Right now, the small pool of talent is able to demand ever higher rates, making essential cyber security unaffordable for all but the largest and most successful businesses.
The only way organizations will be able to address the huge demand for cyber security skills will be to take control and invest. And that means shifting away from outsourcing and a reliance upon expensive contractors towards re-insourcing key services, including security: the onus is now on companies to build up their own expertise in-house.
See: CyberSecurity Certifications for Beginners
At the same time, the IT industry needs to step up and invest in training – true, agnostic training, not product specific, ersatz sales education. If the next generation of cyber security individuals are going to be able to make the right decisions, they need an excellent grounding in security – from compliance to standards, including GDPR, PCI and ISO 20001. It is only with that in-depth understanding of end to end security issues that individuals will be able to create a robust security infrastructure supported by the right product choices.
Here are few course to help you know more about Cloud Security and Certifications
- Cybersecurity Foundations
- Microsoft MTA: Security Fundamentals
- Microsoft MTA Security Fundamentals: 98-367
- Security Fundamentals (Exam 98-367)
- Breaking Down Cloud Security (Rated 4 / 5)
- Understand the CCSK Cloud Security Certification (Rated 4.5 / 5 by 500 Students)
- Securing Cloud Services (Rated 3.9 / 5)
- Cyber Security Awareness: Security for Cloud Services (Rated 3.5 / 5)
Signs of improvement
Fortunately, we’re starting to see recognition at a national level that current approaches are unsustainable. Quietly, the regulatory community has been gearing up public-private partnership efforts to be proactive on cyber threats and has now successfully engaged academia. The Cybersecurity Workforce Alliance (CWA) is a tripartite workforce-engagement model that includes the public sector, private sector and academia which has been working since 2015 to accelerate cybersecurity readiness in entry-level candidates.
It’s ‘industry-first’ approach is designed to align industry’s specific needs and graduates’ expectations with the job roles and responsibilities needed to model a curriculum — at the beginning of a student’s tenure.
Likewise, in the UK, a new National College of Cyber Security sited at the home of the WWII code-code breakers, Bletchley Park, will open in 2019, fostering the development of home grown talent. In parallel, the UK’s National Cyber Security Centre has published new advice for industry based on 14 key principles aligned with existing cyber-security standards to help organizations understand what they need to do to implement essential cyber security measures.
While positive early steps, these approaches do unfortunately only mark the beginning of our journey to close the cyber security skills gap. This vital issue will require sustained focus and deep collaboration between the public sector, private sector organizations including the IT industry itself, and academia.
From vendor agnostic, standards and skills-based training to a commitment to inspiring the next generation to join the industry in the first place, everyone demanding a solution to cyber security skills shortage today needs to step up and become part of the solution – not the problem.
Starting your career in CyberSecurity?
Here are few experts in IT and CyberSecurity, with whom you can schedule an appointment and discuss anything related to your career aspirations and goals.
They shall help you with what certifications are useful for your career progression, showcase your expertise and build your professionals profile in CyberSecurity space.
- Max Boedder (Specialisation: CISO Cybersecurity) - You can book a FREE 30 Mins session with this coach.
- Urooj Burney (Specialisation: Cybersecurity)
- Boppin John (Specialisation: IT Security)
- Shamane Tan (Specialisation: Cybersecurity)
- Aqeel Bhutta (Specialisation: Information Security)
For more IT Experts & Career Coaches, please visit:
This blog is listed under IT Security & Architecture Community