Cybersecurity drivers part 2: The talent shortage

This four-part series will tackle four primary drivers that are re-shaping the cybersecurity landscape and will continue to do so over the next three to five years.

In Part I of this series we covered the significant impact the proliferation of IP-enabled devices—interconnected to form the Internet of Things (IoT)—will have on security operations management in the years to come. The IoT is a cyber security driver that is largely the result of the natural evolution and expansion of technology, but the industry is also being affected by personnel-related issues, namely a significant IT security talent deficit.

Assembling a Cybersecurity Team

Managers and executives responsible for assembling and staffing cyber security teams are seeing a rapid shift in the skill sets the members of these teams must have to be successful in the face of today’s challenges. For example, as cloud and virtualized environments grow increasingly common, software-defined security—a model in which information security is implemented and controlled via software—is becoming increasingly critical, putting software development skills at a premium.

Unfortunately, the need for information security professionals with these development skills far outpaces the number of people who possess them. And with multi-billion-dollar tech companies like Facebook and Google vying for top talent, it becomes extremely difficult and expensive for organizations to attract individuals with such aptitude. As a result, we’ve come to a point in time when Cisco estimates a worldwide shortage of more than 1 million IT security professionals.

So how did we end up here? The IT talent gap did not appear overnight; rather it is the byproduct of a confluence of factors, including the:

• Rapid evolution of technology: Put simply, technology is advancing so quickly—and, as a result, creating so many new jobs—that it is difficult to produce enough qualified professionals to fill these roles. The pace at which technology is advancing also means that employee skill sets often become antiquated quickly, unless those working in the industry make a concerted effort to stay abreast of the latest trends.

• Shift in necessary skills: As technology and the threat landscape evolves, the skill set necessary to do information security work changes as well. Tomorrow’s IT security professionals will need expertise that allows them to be intimately involved with the design and development of security systems, procedures and applications. In today’s workforce, the individuals that possess this wide array of skills are few and far between.

• Difficulty in developing talent internally: Even if an organization secures a naturally gifted information security worker, that company must still familiarize the new hire with its internal processes and best practices. Unfortunately, many of these businesses don’t have a well thought-out talent development strategy that includes capturing processes built by senior team members to be used as teaching tools and hands-on instruction.

• Highly competitive market: If talent is in short supply, it only stands to reason that the most gifted IT security professionals are going to be pursued heavily by the biggest and most successful enterprises (think Google and Facebook) in the world. The true giants are able to offer the most lucrative packages and secure the true superstars, leaving other enterprises to battle for—and likely overpay—less talented information security workers.

Be sure to check back on this blog next week for part 3 of the series, “The threat landscape.”