Cybersecurity Awareness Month: 4 Ways to Tackle the Cybersecurity Skills Gap
The security skills gap continues to be a serious issue for organizations and there are no signs that things will get better soon. A June 2021 report by security professionals organization Information Systems Security Association (ISSA) and technology research firm Enterprise Strategy Group (ESG) finds the cybersecurity skills crisis continues on a downward, multi-year trend of bad to worse, and has impacted more than half of the 489 organizations surveyed.
This week, as part of the Cybersecurity and Infrastructure Agency’s (CISA) Cybersecurity Awareness Month, the theme is “Explore. Experience. Share.” The focus is on cybersecurity careers.
The ISSA/ESG survey finds the skills shortage has led to an increased workload for cybersecurity teams, unfilled open jobs, and high burnout among security staff. A large majority of the survey respondents said the skills shortage and its associated impacts have not improved over the past few years, and 44% say it has only gotten worse.
The three most-often cited areas of significant cybersecurity skills shortages include cloud computing security, security analysis and investigations, and application security.
Organizations “are not investing in their people in a manner that appropriately reflects the direness of today’s cyberthreat landscape,” the report says. In fact, 59% of respondents said their organization could be doing more to address the cybersecurity skills shortage.
How can companies best address the security skills gap? Here are four ideas.
1. Develop talent internally
Develop and offer internal training programs, or support external education efforts such as certification for employees. Cybersecurity executives need to work with other senior business leaders to make this a human resources priority in order to create a pipeline of talent internally.
2. Get creative with recruiting
Encourage non-technical or non-security employees to consider career changes and to take advantage of the growing opportunities cybersecurity presents. The U.S. Department of Labor predicts that cybersecurity will offer some of the fastest growing and best paying jobs in the coming years.
3. Incorporate automation
Find ways to work around the skills shortage by deploying more automation tools. By automating many security functions, organizations can detect, investigate, and remediate threats with little or no human intervention. Automation doesn’t eliminate the need for security teams, but it helps ease the burden on short-handed teams and enables companies to protect their critical resources even while lacking manpower.
4. Look to DevSecOps
An October 2021 report by Research and Markets says the global DevSecOps market is set to register notable gains in the coming years, because of increased efforts by organizations to integrate security with all stages of application development. It projects the market will reach $17 billion by 2026, up from $2.9 billion in 2020.
DevSecOps practices integrate security at the outset of application development and throughout the IT lifecycle, which helps reduce the burden on strained security teams because it leads to less patching and manual work on the back end of product development and deployment.
While there is no question that the security skills gap continues to challenge organizations, there are strategies and tools that security leaders can put in place today in order to alleviate some of the stress that security teams are under.