We are in a cyber security crisis. Cyber threats are changing and increasing every second. However, according to the 2019 (ISC)² Cybersecurity Workforce Study, we, as a nation, are in a cyber security workforce deficit. According to the study, the United States has approximately 804,700 cyber security professionals.
In order to better defend U.S organizations, that number would need to increase by 62%. To put it plainly, another 498,480 professionals need to be added to the workforce. These numbers indicate that many organizations across the United states are not equipped in the event of an attack. The study also found that 36% of the respondents felt a lack of experienced cyber-security professional was a top industry concern. Additionally, only 62% of large organizations with 500+ employees have a Chief Information Security Officer (CISO); whose function is to direct strategy, operations and the budget for the protection of the enterprise information assets and manages that program.
These findings are alarming especially with the major breaches we witnessed this year. From the City of Baltimore to Capitol One. An increase in breaches and a cyber professional deficit, is not a good mix. So how does the industry move forward? How can more people become motivated to enter the cyber security workforce? And lastly, how can we motivate current cyber security professionals to sharpen their skills by pursuing new industry certifications?
The study presents four strategies to improve the current industry conditions:
- Highlighting training and professional development opportunities that contribute to career advancement
- Properly level setting on applicant qualifications to make sure the net is cast as wide as possible for undiscovered talent.
- Attracting new workers such as recent college graduates who have tangential degrees to cybersecurity, or seasoned pros such as consultants and contractors into full times roles
- Strengthening from within by further developing and cross-training existing IT professionals with transferrable skills.
In addition to the strategies above, the cyber security field, needs to do a better job of attracting women and people of color. Women only account for about 20% of the global cyber security workforce. Meanwhile people of color account for 26 percent of the cyber security workforce in the United States. Attracting more women and people of color, will help close the skills gap and allow for an exchange of diverse ideas that can propel the industry forward.
Organizations need to implement one or all of the four strategies found in the study and/or attract more women and people of colour into the industry. Regardless of the route an organization takes, it is imperative now more than ever, that the skill gap is closed. Cyber crime is not a joke and more companies need to take heed.
Do you guys have any suggestions for addressing the deficit in the cyber security workforce? Sound off below!
