Cybersecurity careers: Closing the skills gap

Print Friendly, PDF & Email

As we enter the third week of National Cybersecurity Awareness Month, the theme turns to cybersecurity and careers. This is an important issue to address for several reasons ranging from international cybersecurity to the physical and mental health of our workforce.

The shortage of cybersecurity professionals is not a new problem. We’ve had a skills gap in this field for over a decade, and there is no indication that it was improving in the years leading up to the global pandemic and massive shift to remote work. To be clear, a skills gap is the gap between the skills of the employee and the skills needed to perform a job well. According to a joint global research project by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), 57% of businesses have been negatively impacted by the cybersecurity skills gap. In short, over half of the world’s companies haven’t been able to adequately meet their cybersecurity needs. The ramifications noted in this research include increased workload on current employees (62%), unfilled open job requisitions (38%), and high burnout among staff (38%).

Digital transformation and the ‘Great Resignation’

Digital transformation had already been underway for several years, which expanded the attack surface for criminals. Public cloud adoption and the widely misunderstood Shared Responsibility Model left many companies vulnerable to exploit and attack. And then in 2020, we rapidly expanded attack surfaces when the world went into COVID-19 ‘lockdown.’ Millions of employees and students needed resources that were not properly prepared for secure remote access. In November of that year, Steve Morgan of Cybersecurity Ventures reported that the annual cost of cybercrime was expected to be $10.5 trillion by 2025.

The ‘Great Resignation’ is also playing a role in the skills gap. Research on this post-pandemic lockdown phenomenon indicates that people are leaving their jobs to pursue a better work-life balance. According to the ESG/ISSA report we mentioned earlier, you cannot get a good work-life balance in a cybersecurity role. Oh, and multiple studies have also shown that young people aren’t that interested in cybersecurity careers, and most schools aren’t prioritizing technology in the curriculum.

Building an international cybersecurity workforce

Governments around the world are taking this seriously and asking all countries to help fight cybercrime. International cooperation is needed on multiple fronts, with the most obvious being holding threat actors and state sponsors accountable. Another top priority is building an international workforce of cybersecurity professionals.

The U.S. National Initiative for Cybersecurity Careers and Studies (NICE) offers many free resources to educate the public on cybersecurity careers and education. This collection of work role videos is particularly helpful for people who are interested in cybersecurity but aren’t sure of their options.

National Cybersecurity Career Awareness Week takes place October 18–23, 2021. The official site has information on events and activities taking place around the country.



Scroll to top