Cyberskills shortage: less about numbers and more about expertise
Without a doubt, organisations are falling short when it comes to skilled cybersecurity professionals; however, the reason may be less about the number of professionals in the industry and more about the number of professionals with the right level of skills and training.
It is estimated that Australia may need around 16,600 additional cybersecurity workers for technical as well as non-technical positions by 2026. But despite the recent growth in Australia’s core cyber workforce, a substantial number of vacant cybersecurity positions remain unfilled because companies can’t find the right talent. The (ISC)² Cybersecurity Workforce Study for 2021 suggests the global cybersecurity workforce needs to grow 65% to effectively defend organisations’ critical assets.
“At any given time, there are a limited number of deeply skilled cybersecurity professionals, which is compounded by external factors including pandemics, data sovereignty concerns, reduced student numbers in the pipeline and the systemic network stressors of a hybrid workforce. All of these factors also contribute to higher levels of burnout and increased talent demand,” said Jason Whyte, general manager for Pacific at Trustwave.
“The demand for cyber talent is further exacerbated by rapid changes to compliance, regulation and reporting such as the new requirements of the Security of Critical Infrastructure Act 2018 (Cth). Additionally, organisations are feeling the impact of in-house requirements such as a converged IT and operational technology (OT) cybersecurity environment and the uptake in emerging technologies such as the Internet of Things (IoT). There is definitely a shortage of the right people with the deep understanding and knowledge to not only protect, but also detect and remediate cybersecurity challenges.”
The onus, therefore, is on organisations to take steps to either upskill their own workforce through learning and development or attract the right talent by offering growth opportunities and a culture that cyber professionals gravitate towards.
Having the propensity to effectively upskill their own workforce, encouraging a promising career trajectory, will help organisations encourage loyalty and retention. Like most sought-after employees, cyber specialists are searching for employers that support remote work, have interesting projects that enrich their careers and actively appreciate their efforts. This is not just through financial incentives; it is about cultivating an organisational culture that supports employees and their growth as well as fostering inclusivity, openness and diversity in a fun environment,” Whyte said.
Another alternative may lie outside of the people factor altogether. Depending on the type of cybersecurity skills that organisations are lacking, they may be able to complement their security team by leveraging technology to automate tasks or use partners to respond and remediate cyber alerts at 2 am when their staff are not on duty, for example. The right solution can help organisations track, hunt and eradicate threats, keeping them ahead in a dynamic and complex cyber environment and increasing their cybersecurity resilience to combat the evolving threat landscape.
“With the right combination of skilled cybersecurity professionals, technology and partners, organisations will be able to improve their cybersecurity posture in a rapidly changing and escalating threat environment,” Whyte said.
Is the Australian tech skills gap a myth?
As Australia navigates this shift towards a skills-based economy, addressing the learning gap...
How 'pre-mortem' analysis can support successful IT deployments
As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...
The key to navigating the data privacy dilemma
Feeding personal and sensitive consumer data into AI models presents a privacy challenge.