The cybersecurity skills crisis continues to worsen for the fourth year in a row and has impacted nearly three quarters (70 percent) of organizations, as revealed in the fourth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG). The top ramifications of the skills shortage for organizations (or cybersecurity teams) include an increasing workload, unfilled open job requisitions, and an inability to learn or use cybersecurity technologies to their full potential, putting organizations at significant risk.
HR Technology News: TecHRseries Interview with Dr. Tommy Weir, Founder and CEO at enaible.io
Annual ISSA and ESG study finds the cybersecurity skills crisis has worsened for the fourth year in a row and impacted 70 percent of organizations. Why has nothing changed?
The cybersecurity skills gap discussion has been going on for nearly 10 years. The study confirms that there has been no significant progress towards a solution to this problem during the four years it has been closely researched. In fact, 45 percent of respondents state the cybersecurity skills shortage and its associated impacts have only gotten worse over the past few years. The question that must be answered is then: Why has nothing changed for the better?
HR Technology News: Avitecture Aids Company’s Reopening with Contactless Temperature Scanners
ISSA and ESG believe that the root cause has never been addressed. What’s needed is a holistic approach of continuous cybersecurity education, where each stakeholder needs to play a role versus operating in silos. The data uncovered in this research year over year point to these indicators:
Cybersecurity professionals need a comprehensive globally accepted career development plan
Without guidance and a clear path to follow, it is difficult for new candidates to know what is needed and how to acquire the skills necessary to enter the profession. Current professionals are far too often left figuring out how to advance their careers on their own. The ESG/ISSA research reinforces these points as:
- Cybersecurity professionals continue to need career guidance. Sixty-eight percent of the cybersecurity professionals surveyed don’t have a well-defined career path and historical solutions are only compounding problems.
- Cybersecurity careers depend upon hands-on experience and hands-on experience requires a job. When asked which was most important for their career development: hands-on experience or security certifications, 52 percent chose hands-on experience. Still, 44 percent claim that hands-on experience and certifications are equally important. This combination requires the right job, the right experience, and the right career plan but few professionals can claim this combination.
- It takes years to become a proficient cybersecurity professional. Thirty-nine percent believe it takes anywhere from 3 to 5 years to develop real cybersecurity proficiency, while 22 percent say 2 to 3 years and 18 percent claim it takes more than 5 years. This means that entry level pros should be viewed as long-term investments, not immediate problem solvers.
HR Technology News: Paul Greensmith Joins SHL as Chief Financial Officer