By Simone Petrella
The Center for Strategic and International Studies (CSIS) and Intel Security jointly conducted a study, Hacking the Skills Shortage, which confirms the global cybersecurity workforce shortage. Eighty-two percent of corporate and government IT professionals across eight countries said that they are unable to fill open jobs with adequately trained and experienced people. This workforce shortage has consequences. Seventy-one percent of survey respondents said the skills shortage was causing direct and measurable damage to their organizations.
Credit CSIS, “Hacking the Skills Shortage…,” July 2016, p. 4.
I had the opportunity to participate in a panel event discussing the results of the study. A fellow panelist, Candace Worley, Senior Vice President and General Manager of Intel Security, labeled the cybersecurity workforce shortage “a gift to hackers everywhere.”
Worley rightly noted that when cybersecurity jobs go unfilled, an organization’s existing cyber workforce is working longer hours and covering more ground—and they’re likely headed for burnout. An understaffed security team is also more likely to skip routine cyber hygiene activities—like patching operating systems—in favor of more immediate needs such as responding to cyber incidents, leaving their organizations even more vulnerable to future attack.
No one expects the cybersecurity workforce gap to shrink anytime soon. Survey respondents expect 15 percent of their critical cyber positions to remain unfilled by the year 2020. And rapidly improving technology solutions only solve part of the cybersecurity problem. We need professionals that are trained in intrusion detection, secure software development, attack mitigation and other critical areas.
Coupling real-world experience with certifications
While we’re seeing increasing professionalization of the cybersecurity field, it’s still a relatively new and multi-disciplinary field. This means real-world experience must be coupled with certifications to ensure qualified professionals can operate in specific cyber spaces while also understanding broad cyber trends and issues.
Training and education can be a particular challenge in the unique cyber field. Universities struggle to develop practical curricula that prepare students with the required professional cybersecurity skills, and many current training providers forgo foundational basics critical to understanding cybersecurity, like networking and system administration. When it comes to our cybersecurity workforce, we can no longer afford to accept the status quo.
Rethinking cybersecurity training
As an industry, we need to rethink the way that we are training our current and future cybersecurity professionals. We need to do away with the predominant “cram session” approach to gaining a certification, and make training and certification programs more flexible and approachable for more people, and focus on acquiring and retaining knowledge relevant to cybersecurity jobs.
This year at BlackHat USA, CyberVista announced a new (ISC)2 approved CISSP certification test preparation program that leverages Kaplan’s, our sister company, expertise in learning science. CyberVista’s program is the only (ISC)2 approved Live Online training that is designed to ensure that candidates retain the knowledge for the long term. It also offers the industry’s only diagnostic test to ensure that every student receives a personalized and efficient study plan.
A new approach to certification test prep is just one way that CyberVista is creating a more prepared cyber workforce. For more information on our cybersecurity education and training programs for boards and executives, as well as IT professionals, visit www.cybervista.net.