New Report Outlines Possible Solutions for Cybersecurity Skills Gap

eWEEK DATA POINTS: The cybersecurity skills gap is about much more than organizations having difficulty filling open positions; it’s an existential threat to the ongoing viability of those organizations.

Fortinet.conference

The IT industry has been sounding the alarm over the cybersecurity skills gap for years, but the problem persists with significant consequences. A new report by Fortinet highlights the findings of a new survey focused on individuals who oversee cybersecurity at their organizations, with a specific focus on the problems they face daily. The survey found that 73% of organizations had at least one intrusion or data breach during the past year that can be partly attributed to a gap in cybersecurity skills. 

The cybersecurity skills gap is about much more than organizations having difficulty filling open positions; it’s an existential threat to the ongoing viability of those organizations. The transition to a remote workforce model has exacerbated the issue for many organizations, with the cybersecurity skills gap becoming more critical for many organizations that have transitioned to a remote workforce model. The cybersecurity skills gap IT teams are stretched and the work to rapidly secure and scale their network to meet new demands. 

In this eWEEK Data Points article, Sandra Wheatley, senior vice president, marketing, threat intelligence and influencer communications at Fortinet, discusses the five trends she sees in how the industry can work to close the ongoing cybersecurity skills gap.

Data Point No. 1: Further instilling and developing security skills through technology-focused certifications

The data highlighted in the report underscores the need for organizations to go beyond traditional means of recruiting talent to fill security roles. This includes employers’ high regard for individuals with technology-focused certifications. Among the survey’s respondents, 81% have earned certifications themselves, and 85% report that others on their team have certifications. 

Certifications go beyond demonstrating knowledge and expertise in cybersecurity concepts. They allow individuals to learn new knowledge that makes it easier for them to transition into cybersecurity, even if their advanced degrees weren’t in cybersecurity or tech or their current role is completely different. They also enable professionals to continually update their knowledge and skills to stay current with industry trends and evolving threats.

Data Point No. 2: Recruiting and hiring untapped resources to fill cybersecurity roles

The study shows that veterans are a large and under-tapped resource that more organizations should look to. That said, 57% of U.S. cybersecurity teams surveyed said they’d hired at least one veteran and 43% of responding U.S. organizations have a C-suite executive who is a veteran or military spouse. 

This is a good start, but there’s an opportunity for more organizations to recruit veterans to fill critical cybersecurity roles. Upon leaving active duty, veterans have complementary skills and traits from their years of service that can translate nicely to a career in cybersecurity. Because veterans and their spouses can play a vital role in closing the cybersecurity skills gap, organizations have a chance to do more to recruit them to fulfill critical roles.

Data Point No. 3: Preparing students to become the future generation of cybersecurity professionals

As organizations struggle to fill critical roles, educating and preparing the future workforce, while not an instant solution, is another way to fill the gap. By sparking interest in students early on, the industry can help steer them toward a future career in cybersecurity.  

Data Point No. 4: Building a cyber-aware workforce

Employees at every role need consistent, high-quality training on basic cybersecurity and cyber-awareness. Organizations need a new training paradigm that delivers appropriate content without disrupting business.

There are many forms of less traditional training methods that have been scientifically proven to be very effective and can address challenges CISOs are facing in building a truly cyber aware workforce. Examples of non-traditional training techniques include job aids, microlearning, gamification, digital badging and awareness campaigns. 

Data Point No. 5: Collaborating across public and private sectors

While formal programs are a necessary element to filling the skills gap, a comprehensive training and education strategy needs to incorporate strategic partnerships within government, academia and NGOs. For cybersecurity vendors, this is an opportunity for their subject matter experts to share their knowledge and vision with other thought leaders through public and private sector collaborations and prepare the next generation of cybersecurity experts.

If you have a suggestion for an eWEEK Data Points article, email [email protected].