The cybersecurity skills gap is a critical challenge in the industry today, with ongoing debates about its causes, urgency, and solutions. This gap encompasses proficiency disparities and challenges in diversity, inclusivity, and accessibility, all exacerbated by a rapidly evolving threat landscape where adversaries continuously adapt their strategies.
To illuminate this complex issue, we interviewed 12 cybersecurity professionals and spread the responses across 2 blogs. They shared their insights on the key factors contributing to the skills gap, practical steps to address it, and its implications for risk management.
Please enjoy part 1 below – with part 2 to follow soon after.
Ali Haider
Senior Cybersecurity Consultant
With more than 15 years of global experience, Ali Haider is a multi-award-winning professional recognized as a Judge, Mentor, and esteemed Consultant in technology and cybersecurity. He believes that substantial investments in specialized education and training are needed to address the skills gap. Fostering diversity, enhancing academic-industry collaboration, and implementing upskilling and reskilling initiatives are crucial. A multifaceted approach, including education, recruitment, and retention, is essential to mitigate the talent shortage and strengthen defenses.
He says government and industry collaboration, such as grants and incentives, can further address the gap. While complete elimination may be unrealistic, these measures can significantly improve the cybersecurity workforce.
Jane Frankland
Chief Executive Officer of KnewStart & Founder of The IN-Security Movement
Jane Frankland highlights how the 2023 ISC2 Workforce Study revealed a global shortage of four million cybersecurity workers, a 12.6% increase from the previous year. This shortage not only jeopardizes businesses by leaving them vulnerable to attacks and data leaks but also undermines the overall resilience of their cybersecurity defenses. Immediate action from companies, policymakers, and educational institutions is crucial to address these growing challenges.
While technical expertise is essential, she says the industry needs professionals with strong communication and leadership abilities. Recent trends show that hiring managers are increasingly seeking candidates with a mix of technical and soft skills, such as teamwork and adaptability. This shift underscores the importance of having well-rounded cybersecurity professionals who can navigate both technical complexities and the human elements of cyber threats.
Ross Moore
Cybersecurity analyst
Ross Moore has over twenty years of experience in IT and cybersecurity and believes companies should first address the skills gap within their organizations. While industry-wide statistics highlight the problem, he says each organization must assess its needs first. Evaluating vendors’ security capabilities through risk assessments can safeguard companies and drive industry-wide improvements.
He says many businesses struggle with security because it seems daunting or costly. However, cybersecurity is a fundamental part of business operations, and organizations must treat it with the same strategic importance as other aspects like privacy and compliance. Clearly defining the skills required – whether for high-level experts or more foundational roles – will help close the skills gap and enhance overall security.
Dr Jessica Barker MBE
Author of ‘Hacked: The Secrets Behind Cyber Attacks’ and ‘Confident Cyber Security: The Essential Insights and How to Protect from Threats’
For Jessica Barker, it’s a question of talented individuals who are eager to enter the field, struggling to find opportunities. Skilled professionals are sometimes laid off, while organizations face difficulties filling vacancies with the right talent. Despite ongoing discussions about this issue, progress in closing the gap has been limited.
Moreover, she says another major problem is that job vacancies often do not align with the roles job seekers are looking for. There is a shortage of entry-level positions, and many teams are too overwhelmed to train recruits effectively. This mismatch increases burnout, frustration among job seekers, and heightened cybersecurity risks for organizations.
Anastasios Arampatzis
Cybersecurity content writer
Anastasios Arampatzis, a seasoned cybersecurity professional, says the field is constantly evolving, with new threats and technologies emerging all the time. A relentless cat-and-mouse game between cybersecurity professionals and sophisticated, technology-enabled risks drives the skills gap. As technology advances, malicious actors develop increasingly sophisticated tools to exploit vulnerabilities, requiring cybersecurity experts to adapt and update their skills continually. This mismatch creates substantial business risks for organizations worldwide, a concern highlighted annually by reports like the World Economic Forum Global Risks Report.
He stresses that the skills gap extends beyond technical domains, including crucial soft skills such as communication, problem-solving, empathy, and kindness. Addressing this softer side of the skills gap is complex but essential for the industry’s overall health and effectiveness.
Andra Zaharia
Cybersecurity Content Marketer
Andra Zaharia adds that the number of cybersecurity specialists is significantly smaller than the demand for their expertise. This imbalance is partly due to our preference for technological innovation over security, which has led to a persistent gap in skilled professionals. Cultural perceptions that view information security as a hindrance to rapid technological advancement compound this issue. To attract and retain talent, the cybersecurity field must shift this perception and emphasize its critical role. Both companies and individuals must recognize and address this issue to strengthen the cybersecurity workforce.
She believes we can adopt similar approaches to address the cybersecurity skills gap by examining how other disciplines, like medicine, train specialists. Incorporating diverse methods and perspectives will enhance our ability to recruit and train effective cybersecurity professionals, making the field more appealing and relevant, especially to the energetic and innovative Gen Z.
Stay tuned for part 2 coming soon – and if you enjoyed this blog you can explore the cybersecurity skills gap issue further by downloading our free eBook here.