Almost a third (30%) of respondents to a recent social media poll said that a lack of skills was the biggest challenge to recruiting information security talent. More than half believe this is putting their business at increased risk of cyber attacks.
Cybersecurity is a demanding profession, and the required skillset is diverse, with a mix of technical and business capabilities needed to effectively support both evolving digital business and legacy systems. Communication, negotiation and leadership skills are increasingly needed to cooperate and engage with the rest of the enterprise.
Multidisciplinary individuals are hardest to find, but they're critical to ensuring that small- to mid-size security functions are well balanced and can meet all the requirements placed upon them, says David Boda, group head of information security at Camelot. In addition to core infosec skills, individuals will have a level of skill in one or more of coding, privacy, data science, DevOps, SysOps or psychology, or have strong business acumen.
Information security also tends to be underrated as a career path. In our poll, around a quarter cited a lack of interest in careers in the industry as a barrier to recruitment, with 46% saying they find it difficult to encourage talent into the sector.
Cybersecurity can make for an interesting and fulfilling career choice. As an industry, we need to work together to implement strategies and initiatives that will inspire and entice the next generation of professionals. Today, however, there remains a gulf in terms of supply and demand, with recent research highlighting that there will be as many as 3.5 million unfilled positions in the industry by 2021.
Paul McKay, senior analyst with Forrester Research Inc, believes we can widen the talent pool by being more inclusive: We're overly focused on recruiting technical graduates. We need to look at those with different backgrounds and target them with specific programs and apprenticeships to allow a vocational route into the industry. We also need to engage under-represented groups including women, who still make up only 11% of the cybersecurity workforce. This needs to happen in schools, and employers should encourage their employees to support this type of outreach.
The protection of businesses, infrastructure and lives from risks and threats depends on developing a sustainable pipeline of talented professionals. At Infosecurity Europe 2019 there are a number of sessions dedicated to building knowledge and capabilities within the information and cybersecurity community, including Strategy Talks and Tech Talks, the Information Security Exchange, a Women in Cybersecurity event and Security Workshops.
This blog has been edited from an original piece published as part of Infosecurity Europe 2019 Insights: https://www.infosecurity-magazine.com/infosec/only-teamwork-will-solve-the-1-1/