Exploring the root causes of the cybersecurity skills gap
In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing.
Gandy advocates training that combines technical expertise with essential power skills to meet evolving industry demands and secure future career opportunities in cybersecurity.
What are the primary factors contributing to the cybersecurity skills gap? Are there specific areas within cybersecurity that are more affected than others?
Several factors across the technology industry are responsible for the cybersecurity skills gap, including lack of representation and diversity, and insufficient training opportunities given the rapid evolution of cybersecurity threats and tools. Approximately 56% of IT leaders anticipate a skills gap within the next one to two years.
Technologies such as AI and the rapid growth of cloud computing have accelerated the sophistication of cyber threats and attacks. The WEF also found that the percentage of leaders who lack workers with the necessary cyber skills has risen from 6% in 2022 to 20% today. Our recent C-Suite Perspective report found a similar gap amongst IT leaders, with 35% of respondents identifying cybersecurity and AI as top investment areas for training.
The cybersecurity skills gap will only continue to widen if organizations don’t address these and other issues head on through deliberate and intentional investment in talent development. Businesses should look to upskill and reskill existing talent in critical areas like application security, cloud computing, secure coding, and incident management/incident response. Because responding to today’s cybersecurity needs requires a multidisciplinary approach, business should look to a variety of traditional and non-traditional backgrounds to find talent that is motivated and interested in cybersecurity roles.
What advice would you give to those considering a career in cybersecurity? Are there specific skills or experiences that could enhance their employability in this field?
Professionals and aspiring professionals should focus on building out a well-rounded skillset where they continuously upskill and reskill in technical skills and tools, but also demonstrate competency in power skills and leadership skills. As technologies change and new challenges arise, it’s paramount that organizations and talent take a holistic approach to skills, investing in power skills like interpersonal communication, problem solving, executive presence and creative thinking, along with technical skills and knowledge of how bad actors exploit threat vectors to proactively defend the organization against potential threats, and how to communicate incidents and responses in ways that different audiences can understand (e.g. C-suite, Board, etc.)
Additionally, earning certifications can help demonstrate expertise and competence, which are critical elements of evidencing suitability and preparedness for roles. We are continuing to orient ourselves towards an economy where certain skills may be in higher demand than degrees, work experience or both. Certified individuals often find themselves with greater market leverage, having earned certifications that are widely acknowledged as reliable endorsements of their abilities. A WEF report shows 91% of companies are willing to pay for training and certification for their employees.
How effective are current education and training programs in preparing individuals for cybersecurity roles? What improvements are needed in these programs to address the skills gap better?
An effective training program should be multi-modal, involving virtual, on-demand courses, as well as interactive, AI-driven, and instructor-led elements. After all, when it comes to technical skills as required in cybersecurity roles, a “learn by doing” approach is most effective to retaining knowledge, and then later applying it. For example, learners can practice coding via secure, simulated practice scenarios that mirror real-world projects where they can comfortably make – and learn from – errors.
Perhaps most important, however, is implementing skill measurement and benchmarks into learning programs so organizations and professionals can better understand where their skill gaps exist and how best to close them, especially among populations historically left out of the cybersecurity ecosystem. Understanding where you’re at in your cybersecurity skill journey, where you need to go, and what training is needed to get there is critical toward building a secure business, strong pipeline of talent, and succession planning for key roles.
To what extent can technology and automation help mitigate the cybersecurity skills shortage? Are there particular tools or technologies that are making a significant impact?
Organizations can support their skilling initiatives with help from technology and tools, like skill benchmarks, to better understand where gaps lie in current teams and individuals. When we know where we’re coming from, we better understand where to go next; tools like skill benchmarks can help leaders implement plans to address problem skill areas and streamline career advancement.
AI-powered learning experiences can also accelerate and transform upskilling. Using AI coaches and simulators to fill in as mentors can help learners during skills practice, especially for situations like communicating the effects of a cyberattack to non-IT leadership or discussing a new software vulnerability with a legal team before communicating externally. AI coaches can model best practices and provide immediate and personalized feedback while encouraging reflection to accept more feedback, and then confidently master new skills.
AI can also be used to automate tasks, decreasing workload and closing skills gaps further. In cybersecurity, for example, AI can automate repetitive tasks and detect patterns more quickly, so that developers can focus on building unique code and checking for bugs. However, automation should augment, not replace the human worker. There must be a “human in the loop” to limit inadvertent consequences, including AI hallucinations and inaccuracies causing harm to customers, employees and even the organization’s reputation. Talent who use automation in their workflow should also be well versed in risk, compliance, and ethical skills to prevent unconscious bias or misinformation produced by these technologies.
Looking ahead, what trends do you foresee in the cybersecurity job market? How might emerging technologies or shifts in the industry impact the demand for cybersecurity professionals?
Resource, budget constraints, and talent retention are at the top of IT leaders’ concerns with building strong resilient cybersecurity program within their companies. While an increased focus on developmental programs and new cybersecurity curriculum in academics have worked to close this gap, newcomers to the field have lagged behind needs. Businesses are and will continue to turn to upskilling current employees, not only to address retention issues, but also as a more effective long-term solution to create a deep, talented and diverse core skill base. Finding a position in cybersecurity specifically may be difficult, but applicants may have better luck finding an entry-level IT position before specializing.
Industries critical to the supply chain, like manufacturing, are heavily reliant on cybersecurity. As attacks become sophisticated with the help of AI and machine learning, familiarity with these tools is nearly required for effective cyber resilience. Over two-thirds of leaders across industries said they wouldn’t hire someone who didn’t have AI skills (66%) and they would hire a less experienced candidate who had AI skills over a more experienced candidate without (71%). Having proof of skills that give workers the acumen to spot and properly handle cyberattacks will become the gold standard for cybersecurity jobs.
Fill out the form to get your free eBook: