Security breaches are rising across all industries, with cybercriminals leveling up their playbooks and increasing the volume of attacks. As if trying to stay ahead of adversaries weren't enough, security leaders are also working to manage another risk: a talent shortage.
Organizations are finding it hard to attract and retain security professionals, especially those who work in security operations center (SOC) roles as these teams are strained and facing burnout. In fact, 65% of SOC professionals have considered quitting their jobs. Other security-focused positions that are in demand but difficult to fill include cloud security specialists, network security architects, and penetration testers.
Given the cybersecurity talent shortage, recruiting and retaining qualified professionals will inevitably require creative strategies among organizations looking to fill related roles. From embracing untapped talent pools to finding ways for professionals to build and advance core technical skills, here are several ways we can collectively shrink the cybersecurity skills gap.
As organizations of all sizes struggle to recruit qualified security professionals, leaders inevitably worry about retaining the analysts they already have on staff. Offering your team members opportunities to pursue advanced training and certification programs not only keeps their skills sharp but is a great way to enhance employee experience and job satisfaction. According to a study conducted by the Society of Human Resource Management (SHRM) Research Institute, 86% of human resources managers surveyed say that offering ongoing training helps with staff retention.
There are numerous high-quality cybersecurity training and certification programs available. One example is the Fortinet Training Institute, which offers a variety of both self-paced and instructor-led training and multi-level certification programs for learners of all skill levels. Programs like these give participants the security, networking, and IT knowledge needed to help them progress in any role and at any point in their career. For those just getting started in the industry, these programs offer strong foundational knowledge to set learners up for future success.
With a cybersecurity workforce gap of 3.4 million people, businesses can’t rely on filling open positions only with "traditional" candidates, those with four-year cybersecurity degrees, or individuals with related work experience. Attracting new talent to the field is an essential component of addressing the skills shortage, and offering accessible cyber training is a great way to recruit professionals looking for a career change.
Veterans are a great example of a talent pool that can be a tremendous asset to the cybersecurity industry. Recognizing that those in the military community have many transferrable skills, such as leadership, communication, and attention to detail, to name a few, Fortinet is committed to helping veterans transition to careers in security. The Fortinet Veterans Program helps prepare veterans for roles in cybersecurity by offering training and certification opportunities to develop the necessary skills, mentoring and networking programs, and connecting these individuals with employer partners actively recruiting for cybersecurity roles.
Additionally, women make up only 24% of today’s cybersecurity workforce. Yet a wealth of data illustrates the many benefits of building diverse teams. For women looking to jump-start a career in cybersecurity, or for those who work in the technology sector already but are interested in exploring security-focused roles, numerous resources are available to support that transition. Organizations like WiCyS provide members access to industry-leading training and certification curriculum, networking and mentoring programs, internships, and full-time employment opportunities. And the SANS Institute offers several education programs for women interested in pursuing cybersecurity roles, such as the accelerated Women’s Immersion Academy program and the New2Cyber curriculum that teaches foundational cyber skills.
As cyberattacks grow in volume and sophistication and the skills shortage continues to strain security teams, many colleges and universities are dedicating more resources to creating or expanding cybersecurity-focused degree programs. Today, almost 400 higher education institutions have earned the “National Centers of Academic Excellence in Cybersecurity“ designation from the National Security Agency, a stark contrast compared to the 12 schools that had achieved this as of 2010.
Public and private sector organizations have a role to play here as well and must partner with educational institutions to collectively build the future cybersecurity workforce. For example, the Fortinet Academic Partner Program works with over 500 colleges and universities globally to integrate the award-winning Fortinet Network Security Expert (NSE) training and certification courses into the existing curriculum. Initiatives like this help set students up for success by giving them the opportunity to earn industry-recognized certifications before they even begin searching for employment.
Cybercriminals aren’t slowing their operations anytime soon. The demand for cybersecurity talent will only increase, and the competition among organizations for qualified professionals will grow even fiercer. Our industry can work to shrink this skills gap in a variety of ways, from implementing initiatives to help retain existing team members, like offering ongoing professional development opportunities, to broadening the talent pools we typically recruit from. As a result, we can fill essential roles quickly, expand and advance our teams, and ultimately protect our organizations from a growing array of cyber threats.
Find out more about how Fortinet's Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification program, Academic Partner program, and Education Outreach program—are increasing access to training to help solve the cyber skills gap.