Shorthanded: The Cybersecurity Skills Gap

In the age of COVID-19, cyber threats stop for no one and nothing. You’ll need all hands on deck to combat opportunistic attackers, but their offense may be better than your defense.

Industry experts note the IT security skills gap is growing larger every day. Why? Most organizational leaders lack a decisive understanding of IT security and their employees’ roles in it, so they neglect the strategic planning needed to develop and motivate their IT employees along a defined career path. Subsequently, IT security professionals are left with a muddled sense of their place in the organization, as well as rather nebulous career direction.

And the gap has certainly widened since the onset of COVID-19—in fact, data from November of 2019 indicates that even with the 2.8 million IT security professionals working worldwide, another 4 million would be needed to close the current skills gap.

Even the IT pros currently in place feel modestly equipped. According to a survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), a troublingly high percentage of IT security employees report being limited in their training and development. Jon Oltsik, a fellow at ESG, attributes the hindrance to the lack of a clear career map, as well as the constant stress of securing their fellow departments’ systems.

Further, seven out of 10 professionals surveyed believe this general shortage of IT security skills has negatively impacted their organization. Forty-five percent believe that shortage has worsened in the past year, and 68% of IT professionals are still struggling to define their career progression amid the confusion.

As a comparatively new and ever-evolving field, it can be challenging to articulate and meet IT security employees’ needs. But the key, experts believe, is simple: communication.

Crossing the Divide

Even organizations with existing, robust IT security departments may struggle with receiving support simply because other departments fail to understand the IT team’s importance. A breakdown between Human Resources and IT security employees is particularly common; when HR doesn’t understand the magnitude of the task IT security professionals have in front of them, they may fail to recruit the best talent for the team and/or fall short in training and development. 

Steve Durbin, managing director of the Information Security Forum (ISF), recommends IT security entities adopt established HR policies, like workforce planning, competency frameworks, and talent management to increase IT departments’ rates of candidate attraction and employee retention.

The IT candidates who will prove most helpful to your organization’s cause will be those with multiple aptitudes and a broad range of experiences, as well as those who can fulfill specific competencies or credentials lacking on your current team. It is also wise to look ahead strategically, considering skills needed for where the organization aims to be in the next two to five years. Appropriately reflecting these targeted requirements in your hiring efforts will ensure a pool of candidates with the potential to complement your current team. as well as drive progress towards longer-term organizational goals.

However, it’s your responsibility to meet employees halfway: diverse skill sets should be rewarded with competitive salaries, benefits, resources for the job at hand, and a structured career path. IT professionals with a defined future and best-of-breed tools at their disposal will be highly motivated and fully equipped to keep your organization safe from cyber threats.

Building Bridges

Your employees deserve the best of the best, and so do you—in data protection, customer service, and cutting-edge innovation. BAI Security is here to provide you with the highest quality assessments in the industry, and if you don’t believe us, check out what our clients have to say.

For more information, contact us today.

Posted in BAI Security Blog and tagged , , , , , .