We’re told that there are over 1 million positions available in the cybersecurity industry and that this talent shortage is a challenge in combatting the ever-growing cyber risks organisations and individuals are confronted with on an almost daily basis.
Looking ahead, there is very little possibility that this skills shortage will be dealt with any time soon. Even the most advanced cybersecurity tools still need skilled people to manage them and the much touted automated artificial intelligence (AI) tools are yet to hit the market.
The skills crisis is only worsened by the continued digitisation of almost every aspect of our business and personal lives and this includes the physical security industry where the move to IP-based systems puts this market in the middle of the cyber war.
Kaspersky recently surveyed CISOs in many countries and found that a third of them have trouble with recruiting skilled cybersecurity professionals. Furthermore, a previous study by Frost and Sullivan estimated that 1.5 million cybersecurity positions will be open and unfilled by this year (2020).
Hi-Tech Security Solutions spoke to Andrey Evdokimov, head of information security at Kaspersky, to find out more about the skills shortage and where there is potential for new entrants to the market.
Hi-Tech Security Solutions: Are there really so many jobs open in the cybersecurity market? Are these specialised jobs or general cybersecurity skills? Is there still room for general cyber skills in the market today?
Evdokimov: Even though having advanced cybersecurity solutions in place can help safeguard organisations to some extent, the fast-evolving threat landscape puts companies constantly at risk of compromise. This means being able to track, analyse, interpret and mitigate evolving IT security threats is a must.
Achieving this threat intelligence is a massive task, one that cannot be achieved in isolation. We have seen that irrespective the company size or industry sector, companies face a shortage of up-to-the-minute, relevant data that can be used to help them manage the risks associated with IT security threats. This puts the onus on them to have skilled employees in place who are comfortable with both general cybersecurity issues and more advanced ones and can manage this process of protecting business data and infrastructure.
Considering that cybercriminal activity will remain a risk, there will always be a need for cybersecurity skills. As such, there can be much to gain from building a career in this field. Given how quickly the digital world is evolving, the industry cannot generate enough skilled cybersecurity experts to keep up with demand. This ensures that those heading into this field will continue to be in high demand with options to specialise in more advanced cybersecurity skills, making for a fruitful career journey.
Hi-Tech Security Solutions: What is the solution? Will companies have to invest in autonomous solutions that cut people out of the equation?
Evdokimov: Automation and artificial intelligence are having increasingly important roles to play in the cybersecurity environment. However, behind technology there will always be humans. So, any technology or cybersecurity tool used will be impossible to apply without professionals.
This means that it is not a case of lacking in talented or promising young people to work in cybersecurity. Instead, many roles that need new talent are in areas that remain unseen and therefore under-employed. To seize the moment, those looking to have a career in cybersecurity should know which specialisation to choose and what skills to develop.
Hi-Tech Security Solutions: What can people looking to get into cybersecurity do to take advantage of the skills deficit? What key areas or specialisations are important, and why? What scope is there for employees in other fields to upgrade to the cybersecurity field and how would they do it?
Evdokimov: Those entering the cybersecurity field must have a strong understanding of the fundamentals of cybersecurity practices, along with a thorough technical understanding of networks. Additionally, they should have skills in servers, clients and the cloud, as well as firewalls, intrusion prevention systems and even knowing how exploits work.
And for those more interested in fighting malware, reverse-engineering skills are critical. The evolving cybersecurity market means that skills must remain adaptive to change. Those who will excel are the ones that seek to consistently grow in their knowledge and skill set.
Additional skills to take note of include digital forensics, malware analysis, incident response, reporting and analytics, to name a few. It goes without saying that a person must have a passion for the industry and be open to take on new challenges with a positive attitude and willingness to continually learn.
Hi-Tech Security Solutions: What can organisations do internally to deal with the situation?
Evdokimov: Companies must look at continually improving not only the technical skills of their employees, but to also manage them better. It is often the case that managers in cybersecurity lack soft skills such as communication, leadership, effective negotiation, business sense and knowledge of the targets the organisation must achieve.
Managers of any level in cybersecurity must be able to organise their department’s work to meet the cybersecurity demands of the company. It is not a case of simply throwing technology at the problem. These managers must be business-savvy and be able to engage with non-technical people to get them to buy-in to the cybersecurity approach of the organisation.
Interestingly, leadership skills are still not what cybersecurity professionals consider as a priority – even in top management positions. This means there is significant potential for companies to grow in not only their cybersecurity approaches, but how they train their employees as well.
Hi-Tech Security Solutions: How can individuals and organisations ensure they are continuously up to date in terms of their abilities to deal with constantly changing threats?
Evdokimov: New jobs in cybersecurity appear in a mixture of disciplines. While university programmes may give a good academic background, self-education is a priority for anyone entering an ICT field, especially cybersecurity.
Students should choose the area in which they want to develop and learn the necessary subjects and skills. When they start working, it is important to not get stuck in a routine which could lead to burnout. At the beginning of a career, this is one of the biggest risks, but a specialist can take it upon themselves to be proactive, as well as work on new tasks and self-development. Fortunately, there are plenty of educational materials, sources and communities that help specialists improve their knowledge and learn something new.
An employer can also assist in skills development.
Many companies, especially IT vendors for whom cybersecurity issues are very serious, are investing in additional education, training and staff development. The important thing here for employees is to understand priorities and choose the direction in which they want to develop. A person can then build a career, improve and demonstrate skills and differentiate themselves in a market ripe for the taking.
Hi-Tech Security Solutions: Are cloud services contributing to the vulnerabilities in organisations or are the threats evenly spread out over all digital business?
Evdokimov: Cybersecurity is about more than just protecting devices, but developing a cyber-immune ecosystem where everything connected is protected. True cybersecurity is about supporting the creation of connected systems that are secure-by-design. Security cannot be approached as an optional add-on layer.
It is not necessarily a case of the cloud contributing to the digital vulnerabilities, but they are making them more visible. Being connected means there is a responsibility on the organisation to ensure how it transmits data to the cloud, how it is analysed and what it is used for are done as securely as possible.
To this end, the regulatory environment is aiding companies to know which boxes to tick. But it goes beyond that as well. It is about making a concerted effort from both a solution as well as a people perspective to safeguard data and business infrastructure.
Hi-Tech Security Solutions: If a person has no experience in the cybersecurity world, where do they start to ‘get a foot in the door’?
Evdokimov: Digital will continue to grow and evolve. This provides people with opportunities to upskill and reskill themselves as circumstances change. The youth have grown up in a digital age and are exposed to all things digital – the benefits, opportunities and convenience it brings. However, they also understand some of the risks involved. Getting a ‘foot in the door’ is about demonstrating how to practically link this awareness to steps to help guide and implement cybersecurity best practices.
A career path in the cybersecurity space will not only result in an exciting future, but a fruitful one as well. Set studies and graduate programmes are available, while there are a myriad of options to enhance these with online certification programmes that reflect changing market conditions.
© Technews Publishing (Pty) Ltd | All Rights Reserved