Is there an Infosec Cybersecurity Talent Shortage?
Over the past few months there has been a lot of discussion about a shortage in data scientist and cybersecurity analyst, to name a few, where organizations find it difficult in filling cyber security positions. Some organizations are in some case, in a bidding war to attract or retain top talents. For example, Cisco launched in June a $10 Million Global Cybersecurity Scholarship to Increase Talent Pool [1] to help educate and add new talent into cybersecurity. We all know that every day somewhere, an organization is being attacked or worse, hacked.
A global study (eight countries were selected) by Center for Strategic and International Studies (CSIS) got some interesting results. This study reports that eighty-two percent of all respondents surveyed report a shortage of cybersecurity skills, seventy-one percent say the talent deficit has hurt their organization and nine out of ten say "cybersecurity technology could help compensate for skill shortage". [2][3] In the end, technology isn't perfect and a “human” needs to verify what it is firing on.
The questions I’m asking our readers are: How difficult is it to find and hire Cybersecurity Talent? Is the lack of Cybersecurity Talent impacting your organization?
[1] http://investor.cisco.com/investor-relations/news-and-events/news/news-details/2016/Cisco-Launches-10-Million-Global-Cybersecurity-Scholarship-to-Increase-Talent-Pool-Introduces-New-and-Updated-Certifications/default.aspx
[2] https://www.csis.org/events/hacking-skills-shortage
[3] http://www.mcafee.com/us/resources/reports/rp-hacking-skills-shortage.pdf
[4] https://blogs.mcafee.com/executive-perspectives/cybersecurity-talent-deficit-goes-global/
-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu
Comments
Anonymous
Oct 3rd 2016
8 years ago
Anonymous
Oct 3rd 2016
8 years ago
Anonymous
Oct 3rd 2016
8 years ago
On the more philosophical side of the issue, I'll echo earlier comments. There needs to be a commitment by the whole organizations management to security. If this is done & partially incorporated into all IT jobs and non-IT jobs in some way, then the need for as many security specialists would not be as noticeable or painful. We'd also spend less time chasing others problems.
Anonymous
Oct 3rd 2016
8 years ago
Speaking as a Co-op student starting out in this crazy wonderful field I have to say this statement for the skills gap mainly applies to the "experienced" talent. as most job offers I see are for companies looking for candidates with 2-3 MIN years of experience. Which is understandable but I find this a massive problem in the industry all together as this seems to also apply for the certifications as well.
I mean when I start looking at certs to obtain after my college diploma because this is something within my budget I see most certs require someone to have been in the field for 5 years at times before they can even take the exam. If they wish to get this faster they can take a course which helps out with the exam, but at a lovely sum of $5000+- US dollars.
I mean for my self, I know what I want and I am willing to fight to get there (late night studies, VM practice on the spare time). But it strikes me as odd that this field states we have talent gaps and then when you try to look for how to bridge that through with education, it seems you either have to be really lucky with how much money you have, or you already have the work experience to prove it and you just need to pretty much buy the pretty piece of paper to say "yup, I know it."
Cisco's Cyber Ops seems promising, but I don't know how much this will even be able to achieve if other educating organizations don't follow suit. Something thats going to help is having more affordable training camps/education. So people who are starting new families, needing to pay bills, can afford to educate themselves and bridge this gap in the later years.
As a final remark though, thank you all for posting, this community is one of the reason I got a co-op in the field and able to start off my career :)
Anonymous
Oct 3rd 2016
8 years ago
Anonymous
Oct 3rd 2016
8 years ago
Anonymous
Oct 3rd 2016
8 years ago
We lost a promising young guy in his mid 20's due to this issue, and he got snatched up by an out of state firm inside of 2 weeks of his leaving (companies taking too long to get back to prospective employees is a good reason why positions aren't filled either).
I also see the same positions open on a constant basis where I am, and that leads to a lot of people asking the question 'what is wrong with this organization that they can't hold on to their staff?'...
Also, employers have un-realistic ideas on their requirements on skills, IMO, if you understand one SIEM or Virtual Machine, you can pretty much figure them all out (it ain't rocket science, companies)...LOL
Anonymous
Oct 3rd 2016
8 years ago
There is a falsehood regarding a lack of talent to hire. As hiring managers, we need to adjust our expectations to the market and be realistic to the candidates that are out there. Waiting for that 'perfect candidate', using excuses that candidates are 'not technical enough', and leveraging contractors/consultants for FTE roles but then refusing to hire folks that have been contractors/consultants are straw man arguments perpetuating this so-called problem. When there are associates of mine having a hard time getting a FTE role in InfoSec, then there is not a hiring shortage but hiring managers not adjusting to the market.
Anonymous
Oct 3rd 2016
8 years ago
What is being done about the world-wide shortage of "mainframe COBOL" programmers?
</HUMOUR>
As I remember, there was an initiative to recruit & train "Generation X" fresh Computer Science graduates, to replace the "grey-beards" who were retiring to Florida, Port Townsend, or Salt Spring Island?
Is it time for a similar initiative?
Anonymous
Oct 5th 2016
8 years ago