Industry Trends

Why Education and Training are Essential for Closing the Cybersecurity Skills Gap

By Scott Edwards | October 09, 2018

In today’s digital climate, you will be hard-pressed to find a business, whether in healthcare, finance, education, or beyond, that does not use software, applications, and other tools to simplify daily tasks and increase efficiency. As a result, every organization is in some way an IT company.

However, another outcome of the broad use of technology around the world is an ever-growing and evolving threat landscape. As a result, informed and adept cybersecurity professionals are an integral part of every team.

Unfortunately, the cybersecurity skills gap remains a critical issue. Cybersecurity professionals are some of the most highly-sought-after individuals across industries, yet many of these jobs remain unfilled as organizations seek experienced IT candidates that have a specific background in security. And because demand for seasoned professionals has surpassed supply, they are increasingly difficult to hire.

To help fill this skills gap, organizations need to establish or reinvigorate their training and education programs to create new talent in the field.

Continued Challenges of the Skills Gap

In Europe alone, it’s projected that the cybersecurity skills gap will grow to 350,000 workers by 2022. This comes at a time when threats are becoming more sophisticated and the stakes in terms of regulatory punishment have never been higher. With GDPR having come into effect this past May, organizations are more closely evaluating their security solutions and processes than ever before to maintain compliance and avoid costly penalties.

With cybersecurity professionals in such high demand, those with the skills and experience that organizations seek are being offered high salaries. This means that it is often only the largest organizations that can afford to fill these roles, pricing smaller businesses out of the market.

Despite this trend, many organizations remain unwilling to invest in cybersecurity training programs or hire entry-level candidates without prior experience. Regular staff turnover has organizations viewing investments in cybersecurity training programs for IT professionals as a waste of resources, increasing their desire to hire candidates with experience and training under their belts.

This strategy is, of course, unsustainable.

Closing the Skills Gap with Expanded Educational Offerings 

To close the skills gap, organizations and academic institutions must take proactive measures.

One of the most promising ways to do this is by starting from the ground up and adding cybersecurity curriculums to schools and opening learning institutions dedicated to teaching this trade. 

The cybersecurity field has a zero percent unemployment rate and offers competitive compensation – two features that make it a desirable option for students entering college. Children should be introduced to the field as early as high school, and have ample opportunities for gaining knowledge and basic skills throughout primary and higher education. In some instances, entire institutions are being devoted to cybersecurity, such as the National College of Cybersecurity opening in the UK.

Organizations can also be proactive in promoting cybersecurity programs on campuses by hosting career talks and attending career fairs. Additionally, they can leverage programs to give students hands-on training in the field. For example, Fortinet’s Network Security Academy (FNSA) works with academic institutions and non-profits to provide training and certification opportunities to interested students from around the world. Gaining such experience early on is crucial, as 52 percent of organizations say practical, hands-on experience is the most important skill, with 7 in 10 stating security certifications are more useful than security degrees.

Aside from training students and the next-generation workforce, cybersecurity is a viable career option for those looking to change careers or those reentering the workforce after an absence. Like FNSA, cybersecurity training and certification programs should be open to veterans and those seeking return-to-work programs. This can also help to close the gender gap in the industry, as 90 percent of return-to-work candidates are women, while the cybersecurity industry consists of just 11 percent women.

Finally, organizations can invest in their own employees who already have technical skills and backgrounds by providing them with cybersecurity specific training and continuing education. Fortinet offers just such an opportunity to technical professionals through our Network Security Expert (NSE) Program. This eight-level certification program is designed for technical professionals and provides courses, exams, and hands-on practicums to master complex network security concepts. By enrolling members of their IT teams in this or similar programs, organizations can help fill security talent shortages from within their own employee pool.   

Final Thoughts

The cybersecurity skills gap continues to grow. Organizations cannot continue to hope that candidates who meet strict requirements will come along if they are not proactive in promoting and offering training. This is why academia and organizations must work together to invest in cybersecurity training and curriculums that will prepare prospects for this high-demand field.

Check out our entry level designation of the Fortinet Network Security Expert (NSE) program. It is intended to provide a basic understanding of the threat landscape facing networks today. Anyone interested to learn about the threat landscape and cybersecurity should take this course for more learning.

Also learn more about the Fortinet Network Security Academy available to educators and students or the FortiVets program.

Download our latest Fortinet Global Threat Landscape Report to find out more detail about recent threat landscape trends. Sign up for our weekly FortiGuard Threat Brief.

Know your vulnerabilities – get the facts about your network security. A Fortinet Cyber Threat Assessment can help you better understand: Security and Threat Prevention, User Productivity, and Network Utilization and Performance.