Daily Newsletters
116 3rd St SE
Cedar Rapids, Iowa 52401
Coping with a cyber staff shortage
A recent workforce study performed by ISC2, an international not-for-profit membership association within cybersecurity, shows a 2.72 million shortage in filling cybersecurity jobs globally.
While this is an improvement of over 700K jobs from the previous year, they study shows there still remains a long road ahead in addressing workforce demands.
To compound the issue, another study performed by ISACA indicated only 50 percent of hiring managers generally believe their applicants were well qualified.
While we are piling on with some doom and gloom, burnout within the technology industry is reported at an all-time high alongside food service, health care, and manufacturing.
The stresses and demands placed on technology resources amid a pandemic with rising security threats and vulnerabilities make it difficult for some professionals to stay in the game.
Mental health is a major factor in cybersecurity professionals moving jobs or simply changing careers to leave work-related stress issues.
The Global Incident Response Threat Report produced by VMWare indicated 51 percent of the respondents experienced burnout symptoms and nearly 65 percent said they considered leaving their job because of it.
Did I fail to mention the lack of diversity that has always plagued STEM jobs that include cybersecurity?
The ISC2 workforce report shows that only 24 percent of cybersecurity jobs are filled by women, and while there are signs of improvement to bridge the gap, there still is a significant amount of work to be done to bring in a large section of the population that often is overlooked.
Let’s recap.
We have a burned out industry with a lack of qualified applicants in a world with a continued and unprecedented shortage of professionals with rising threats and vulnerabilities to fill the open positions amid a pandemic.
Excuse me for a moment while I go over to this corner and cry a little bit.
Unfortunately, building a skilled labor pool takes a significant amount of time and effort. It may even take a little bit more re-engineering of how we think about teaching and training cybersecurity that lead to cybersecurity jobs.
We have continued systemic issues in many facets of our educational systems in which cybersecurity is non-existent or taught after bad habits already are formed.
In most cases, the first real cybersecurity education a person may receive is only when they start a role at a company that has a cybersecurity focus or simply things they pick up as they use technology throughout their lifetime.
In today’s cybersecurity landscape of increasing threats and the fast-paced changes in our technological worlds, waiting to focus on proper cyber-hygiene until entering the workforce already is way too late.
To usher in a renewed and invigorated workforce there will need to be a rise in cybersecurity awareness to teach those willing to learn about how things work at an earlier age.
Community events, cybersecurity conferences and cybersecurity meet-ups that put continued focus on what is happening today and what is on the horizon only will help in generating interest and confidence for those looking to jump into a new and exciting career path.
In lieu of hiring for open positions or waiting for the labor market to catch up to the demand, businesses are more likely to hire for qualities and skill sets that focus on continuous learning, curiosity and a security mindset in an effort to train employees to fill the gap of an unqualified or insufficient labor pool.
Without significant change and focus, we will continue to see a shortage of cybersecurity professionals.
Paul Nus is the director of technology at Folience, The Gazette’s parent company, and a board member of SecMidwest, a Cedar Rapids-based not-for-profit focused on cybersecurity education; SecMidwest.org.
Paul Nus, SecMidwest
