Finding 4 Million Cyber Workers Won’t Solve the Workforce Dilemma

Cybersecurity

Mar 26

At the end of last year, #ISC2 released the 2023 version of the Cybersecurity Workforce Study that called out the latest estimation of Global Cybersecurity Workforce Shortage: 4 million workers! Other eye-opening findings:

8.7% - The growth of the cyber workforce in 2023 (over 2022).
12.6% - The additional need for cyber workforce talent in 2023 (over 2022).
67% of survey respondents reported a shortage of staff needed to prevent and troubleshoot security issues.
92% reported significant skills gaps within their organization that respondents felt were more problematic than the lack of security staff. (Interestingly, 58% of cyber professionals said that the negative impact of worker shortages could be mitigated by filling key skills gaps.)
47% of cyber professionals had to deal with team cutbacks through layoffs, budget cuts and hiring/promotion freezes. (31% expect cutbacks to continue through next year.)
75% of cyber professionals viewed the current threat landscape as the most challenging it’s been in the past 5 years.
48% of cyber professionals are not sure if their organizations have the tools and people needed to respond to cyber threats over the next 2-3 years.

I’d submit that these figures are interesting but not surprising. The cyber landscape continues to evolve at an unprecedented rate, with threats becoming more sophisticated and widespread. With this escalation, there is greater demand for skilled cybersecurity professionals but the supply hasn’t kept pace. Overcoming this personnel shortage is crucial to safeguarding a deeply connected cyber world. Fortunately, there are options.

Leveraging Technology and Automation

Technology and automation will continue to play pivotal roles in mitigating the impact of the cyber skills shortage.

· Automated Security Tools with Greater AI and ML Capabilities: Implementing automated security tools help identify and respond to threats more efficiently but the integration of artificial intelligence (AI) and machine learning (ML) will take this approach to the next level. AI and ML can analyze vast amounts of data to identify potential threats that would be impossible for humans to detect manually. Training these systems do require skilled personnel; however, these capabilities will be a cyber force multiplier once deployed. (More info in blog post AI and Cybersecurity: The Good, the Bad and the Ugly — Confidence Innovation).

· Upskilling and Reskilling Current Staff in Critical-Path Technology: In the 2023 Cybersecurity WorkForce Study, ISC2 discovered that experience trumps education among Cyber professionals:

- Senior-level cybersecurity experience was favored over doctorate degrees (86% vs. 14%).

- Entry-level cybersecurity experience was favored over cybersecurity bachelor’s degrees (70% vs. 30%).

The survey also reported a list of critical skills needs: Cloud security, AI/ML and Zero Trust topped the list. Encouraging the existing workforce to upskill or reskill in the use of advanced cybersecurity technologies will enhance the team’s cyber capabilities. It’s also a motivating factor to retain mission critical security team members!

Bridging the Education Gap

Cybersecurity continues to suffer from an “Education Gap”, a primary barrier to filling cybersecurity roles as traditional educational pathways often do not provide the specialized training required for the complexities of modern cybersecurity.

· Curriculum Development: Academic institutions need to more closely align with the real-world demands of cybersecurity. Incorporating hands-on learning experiences, internships, and simulations can prepare students more effectively for the workforce.

· Lifelong Learning and Certifications: Cybersecurity requires continuous learning to adapt to the ever-evolving threat landscape. Encouraging lifelong learning through certifications, workshops, and online courses can help professionals stay ahead of emerging threats.

· Public-Private Partnerships: Partnerships between the public sector, private industry, and academic institutions can lead to the development of targeted educational programs. These partnerships can provide insights into the skills most in demand and offer students practical experience through internships and apprenticeships.

Embracing Diversity and Inclusion

Diversity in the cybersecurity workforce is not just a matter of social equity—it also enhances problem-solving and innovation. A diverse workforce brings varied perspectives to tackling security challenges, making it a strategic advantage.

· Targeted Recruitment: Organizations should actively seek out underrepresented groups in their recruitment efforts. This includes women, minorities, and individuals from non-technical backgrounds who can bring valuable perspectives to cybersecurity roles.

· Inclusive Culture: Creating an inclusive culture that values diversity is crucial for retaining talent. This involves providing equitable opportunities for growth and development, as well as fostering an environment where all employees feel valued and included.

· Mentorship Programs: Establishing mentorship programs can help support and retain diverse talent. These programs can offer guidance, support, and opportunities for professional development, particularly for those who may feel marginalized in the field.

Fostering Industry Collaboration

Collaboration across industries can lead to shared solutions for the cybersecurity talent shortage. By working together, organizations can develop best practices, share knowledge, and pool resources to address common challenges.

· Information Sharing: Establishing platforms for sharing information about threats, vulnerabilities, and countermeasures can help organizations collectively improve their security postures. This includes sharing data on emerging threats and effective defense strategies.

· Joint Training Initiatives: Collaborative training programs can be more cost-effective and have a broader impact than individual efforts. Industry consortia can pool resources to develop training programs that benefit all members.

· Cross-Sector Internships: Offering internships that allow students and professionals to gain experience across different sectors can provide a broader perspective on cybersecurity. This cross-pollination of ideas and practices can lead to more innovative solutions to security challenges.

Adjusting To The New Normal

According to the ISC2 report, there are roughly 5.5 million cyber professionals in the global workforce today and there is a need for 4 million more. At current rates, the number of skilled cyber talent will need to double in the near future just to keep up. Addressing the cybersecurity personnel shortage will require an innovative, multifaceted approach using all the tools in the toolkit (technology evolution, education & training, diversity & inclusion and industry collaboration) and, possibly, create a few more. The good news is that technological breakthroughs on the horizon (which would include AI and Quantum Computing) look promising to provide what’s needed at the scale required.

CybersecurityAIWorkforceAutomation

Scott Michael Stevens

Scott Michael Stevens is the Managing Director of Confidence Innovation, a global product consulting and technology development firm primarily focused on Cyber, AI, and Web3 opportunities. He has over 25 years of experience helping private & public sector customers use technology products and services to meet complex cybersecurity, networking, and data needs. He has led product and services portfolios at Trustwave, Dell and BMC Software that were recognized as Global Market Leaders by Industry Analysts Gartner, IDC and Forrester. A US Army veteran, Scott holds a graduate degree in Business from Johns Hopkins University and currently lives in Austin, Texas.