The global cybersecurity skills gap

Mar 14

The global cybersecurity skills gap narrowed over the past year, from 3.1 million to 2.7 million people, and job satisfaction got a substantial boost, according to the 2021 (ISC)2 Cybersecurity Workforce Study.

Cybersecurity professionals say the workforce gap remains the numberone barrier to meeting their security needs. Two-thirds (60%) of study participants report a cybersecurity staffing shortage is placing their organizations at risk. Despite another influx of 700,000 professionals into the cybersecurity workforce, the 2021 study shows that global demand for cybersecurity professionals continues to outpace supply — resulting in the cybersecurity workforce gap. All areas of cybersecurity are affected by the staff shortage. Participants indicate staff shortages within their own organizations in each of the seven functional areas defined by the NICE Framework. The top cited categories of highest need were Securely Provision, at 48%, followed by Analyze, and Protect and Defend, each with 47% of participants saying they need more staff in these areas.

What are the benefits of bridging the workforce gap?

Staff shortages have real-life, real-world consequences. To find out, participants share what negative impacts their organizations have experienced because of their own cybersecurity workforce shortages. The 2021 study confirms, from the perspective of the global cybersecurity workforce, that when cybersecurity staff is stretched thin, the negative consequences are real: misconfigured systems, slow patch cycles, rushed deployments, not enough time for proper risk assessment, not enough oversight of processes and procedures, and more. The list of issues cybersecurity professionals say can be prevented with enough people covers many root causes of reported data breaches and ransomware attacks.

Addressing the workforce gap

Cybersecurity professionals suggest people-first approaches, complemented by process and technologies, are key to addressing the workforce gap.

With respect to people, participants placed by far the greatest emphasis on the development and retention of existing staff, with 42% of respondents globally naming it as having the greatest impact on shrinking the cybersecurity workforce gap. This was followed by initiatives aimed at recruiting new staff (31%) and encouraging the development of future staff (23%). 17% cited the use of AI/ML and automation in cybersecurity operations. This and other data signal that while important, cybersecurity professionals do not view technology investments alone as an adequate proxy for more people doing the work.

Asked how they would improve their security posture if their organization’s personnel needs were fully met, cybersecurity professionals clearly indicated they would make even greater investments in people in areas like training and certifications (50%), professional development (46%), and automation solutions to make their tasks easier (48%). Additionally, 49% of respondents would invest in security awareness training for everyone in the organization. But contrary to popular belief, respondents also indicated that these investments don’t come at the expense of technology investments. Even as their teams grow, they anticipate the need for continued technology and services investment to ensure they have the tools and support necessary to do their jobs and effectively strengthen their security posture.

In terms about how the organizations will invest in technology in this year in response to their own workforce gap, participants anticipate increased use of cloud service providers (38%), increased use of intelligence and automation for manual cybersecurity tasks (37%), and applying intelligence and automation to existing processes (37%).

Most people are painfully aware that security breaches have increased in recent years, while at the same time becoming much more sophisticated in their approach. Additionally, ever-expanding application environments and continuously evolving workloads have created more opportunities than ever for attackers.

Organizations may want to meet this challenge with armies of skilled technologists primed to maintain secure operations. But the reality is there is a major shortage of capable DevOps experts, especially ones with cybersecurity skills. This creates major problems for all organizations operating in modern cloud and container environments. If your organization needs DevOps with cybersecurity skills, to work in cloud and container environments, contact us by clicking on the button below.

Sources: devops.com, isc2.org