Urgent measures need to be taken to bridge the rapidly increasing cybersecurity skills gap, says Martin Walshaw, senior systems engineer at F5 Networks.
A recent scientific report found that our memories simultaneously generate two forms of personal experience. The hippocampus captures knowledge for the short term and the cortex banks it for the future. Businesses would do well to emulate such foresight and mental dexterity when it comes to bridging what is fast becoming a cavernous cybersecurity skills gap.
As technology rapidly transforms the way we live and work, how do decision-makers secure the talent that will lay the foundations for the future?
The skills gap
We live in a security conscious, app-powered, multi-cloud world and the demand for expertise capable of deciphering advanced technology and adding strategic value is reaching fever pitch. Cisco estimates there are 1-million unfilled cybersecurity jobs worldwide and Symantec predicts that the figure will rise to 1,5-million by 2019.
In fact, Facebook security head honcho, Alex Stamos, recently summarised the situation. “Things are getting worse”, he said, speaking at the 2017 Black Hat conference. “We do not have enough people and not the right people to make the difference.”
The digital world is dynamic and complex, leaving slow-moving businesses without integrated security solutions vulnerable and uncompetitive. The skill deficit is especially pronounced when cloud technology is involved, because speed to market, agility, and innovation are increasingly becoming business prerequisites. Those firms without the in-house resources to handle data and application migration are under intense pressure.
The need to manage and migrate apps more efficiently, whether public or private, has gained unstoppable momentum. The drive to reduce operational costs and keep the business profitable is unavoidable.
According to F5’s State of Application Delivery (SoAD) Report, 34% of surveyed customers cited the “skills gap” as a significant security challenge. A scarcity of cybersecurity experts clearly needs urgent attention and only a robust combination of investment, business resource, political will, and cultural change can shift the tide.
Shaping the future
Today’s youngsters are technologically immersed in an unprecedented way. Their lives are shaped by data both in the way they learn and play. To ensure they become responsible, vigilant cybercitizens, it is crucial to integrate smarter security disciplines into their school curriculum and home life from the outset, whether for personal protection or longer-term employment prospects.
Governments and academic institutions frequently tout the importance of STEM (science, technology, engineering, and mathematics) skills at school, but the acronym is arguably a letter shy. In today’s digital society, perhaps we should re-consider STEMS by adding ‘S for Security’ to the education agenda. By bringing the subject into the daily programme, students will understand the issues and quickly follow best practice to discern right from wrong. Tackling the problem early on also paves the way for improving the current problem of an insufficient number of security specialists graduating from university.
There is also significant potential to more actively encourage women to pursue cybersecurity as a career. According to the Global Information Security Workforce Study, only 7% currently do so, but there is a growing appetite to change this issue.
The male-dominated IT industry has a big responsibility here. As ever, sustainable success will be dependent on government and industry collaboration, as well as incentivisation schemes. More than ever before, women have the opportunity to benefit from cybersecurity as a fulfilling, rewarding and valuable profession. The career possibilities are endless in a market that is fast-paced, dynamic and at the forefront of cutting-edge technology.
The message given by a male-dominated industry is currently murky and misdirected. We need to do more to secure talent effectively and from all areas of society.
It is also time to remove the public’s misconception that cybersecurity is a dark science conducted by boffins in white coats. Cybersecurity is, and always will be, an everyday part of our lives and not a function to just sit at the ‘digital-doorstep’ of corporate companies. Whether banking on-line, buying goods at a store or simply installing the latest IoT-enabled gadgets in our homes, security is also an individual responsibility to protect sensitive information.
Mind the data
Scientific discoveries about how our minds work bring fresh evidence for how we develop cognitive capabilities. Greater effort is required to improve cybersecurity awareness and nurturing knowledge from early learning techniques to a better understanding of cyber threats at work, and in the home.
Research by the Ponemon Institute found worrying levels of business readiness for cybersecurity threats and revealed that 42% of CISOs worldwide branded their staffing as inadequate. Interestingly, 50% consider computer learning and artificial intelligence important to address staffing shortages.
Now is the time to scale our skills and invest more in the next generation of industry experts, so we can all become more security-savvy cybercitizens.