This is a summary of an article written for Forbes by Phil Quade, CISO at Fortinet. The entire article can be accessed here.
The cybersecurity skills gap continues to grow – putting organizations of all sizes in a difficult position as strained IT teams attempt to keep pace with a growing onslaught of attacks. A recent study revealed that 74% of organizations claim to have been impacted by the worsening effects of the skills gap. While the majority of cybersecurity professionals surveyed believed that their organizations are vulnerable to attacks, 63% admit they have fallen behind in providing training to their security teams.
This is because IT teams and cybersecurity professionals are over-occupied with trying to keep pace with modern attacks - moving from emergency to emergency. The result is that they have no time to devote to strategic planning or training in security fundamentals or for developing techniques. This not only hurts security efforts, but can result in fatigue and turnover of essential security talent.
Organizations need to take steps to fill the security gap. Some have taken the long approach by creating training programs and partnering with schools to garner interest in cybersecurity among the future workforce. While this may help down the road, it will not make any inroads against the immediate problem. The best way to do this is to look beyond just those who have degrees or direct experience in IT and cybersecurity.
To minimize the current skills gap, cybersecurity leaders need to adjust their approach to attracting, training, and retaining talent. Cybersecurity analysts from diverse backgrounds - for example, those who studied social sciences in school rather than computer science - bring immense value to security teams through differing perspectives.
Diversity is another competitive advantage and strategic necessity in the cybersecurity space. Prioritizing diversity in race, gender, age, and, crucially, life experiences, allows for a diversity of perspectives that are essential in this field. It allows for reach, growth, and insight that is critical to piecing together the complex puzzles created by advanced cyber criminals. This means security teams should strive to employ and train employees that offer a true diversity of opinions in the way the approach challenges and analysis.
Varied socio-economic backgrounds and years of experience in the industry can also bring a higher-level of nuance to a team than a group of people with similar educational and professional experiences – even if they do check the traditional boxes for diversity. Likewise, more recent entrants into the cybersecurity field can offer insight that may have been looked over by someone who has been practicing for many years, while still learning valuable lessons from more experienced hands.
Organizations and cybersecurity leaders need to do a better job of encouraging those individuals who do not have the standard background of a security analyst to pursue these roles. This especially includes critical thinkers, self-starters, and those willing to learn – and providing them with the proper training. Applicable skills can come from a host of backgrounds, including police work, military service, academia, or factory work.
Not doing so will limit the security workforce and talent pool at a time when expanding these capabilities is crucial.
The cybersecurity space needs to grow its workforce – with a broad variety of talent. Putting a concentrated effort into finding these employees and providing the training they need will not only help to close the skills gap, but will also likely result in a more rounded team that is better equipped to fight today’s sophisticated cyberattacks.