How to fight the cybersecurity talent shortage

By: Richard Stiennon

Non-traditional methods are patching the gap for in-demand skills

''

The global boom in online commerce has led to a cottage industry: billions of dollars in digital crime. In the past two decades, amateur hackers have grown into cyber criminals and stolen numerous passwords and money from consumers and businesses.

Approximately 1.5 million malicious attacks happen every year and, as a result, cybersecurity has become critically important for businesses. However, that increase in demand for employees with top-notch cybersecurity skills has led to a marketplace shortage. By 2019, there will be two million unfilled cybersecurity positions in the United States, says Alex Schlager, global product lead of cybersecurity for Verizon.

“In the last three years in particular, the cybersecurity field has exploded,” explains Schlager. That quick expansion has left traditional education methods – including colleges and corporate training – scrambling to catch up.

The increase in demand for employees with top-notch cybersecurity skills has led to a marketplace shortage.

White
1

Security skills typically fall into four categories: network security, endpoint security, malware analysis, and encryption technology. There’s also a surge in demand for a relatively new set of skills called threat hunting or incident response (IR). An IR skillset blends disciplines, including network traffic analysis, malware reverse engineering and endpoint detection (to determine patient zero in an attack). But learning these skills isn’t as simple as picking up a book for a weekend read.

There are two paths to addressing a nationwide cyber-skills gap. The long-term hope is that schools will teach at least the basic know-how employees need in the workplace; short term answers are a little more complicated.

“Academia has been lagging behind in producing state-of-the-art cybersecurity education,” says Schlager. Few sophisticated programs exist at the college level. Two of the best in the U.S. are at Rutgers and Harvard, he notes.

Many major universities may need several years to catch up with more nimble private colleges that have cybersecurity coursework such as the University of Detroit, Utica University in New York and Charles Sturt University in Australia.

The quickest path for new employees to close the cyber skills gap is through non-traditional routes, including classes with certifications and on-the-job training.

The quickest path for new employees to close the cyber skills gap is through non-traditional routes, including classes with certifications and on-the-job training.

White
1

Schlager supports these non-traditional approaches and recalls that in the ‘90s companies didn’t care if a programmer had studied computer science because universities were so far behind the state of development. He was hired at age 19 as a programmer without ever studying computer science at college.

People interested in learning cybersecurity can check out free classes online at Cybrary and take certified ethical hacking courses, which teach basic attack and penetration techniques from network scanning to vulnerability exploitation to understanding attachments that lead to malware infections. Managers and executives with IT backgrounds should consider earning certifications from (ISC)2 , SANS, and GIAC.

Managed Security Service Providers (MSSPs) – outsourced providers of security services – can be an excellent training ground for cybersecurity professionals. These organizations hire new grads with computer and networking skills and put them to work as level 1 incident responders.

Verizon is an example of a large enterprise business addressing the skills gap, rolling out a major training initiative for 2,000 people in cybersecurity. 

White
1

When other cybersecurity business managers ramp up their teams and hire people in marketing, sales, and sales engineering they may find employees with several years of relevant experience who want to transition to cybersecurity.

Verizon is an example of a large enterprise business addressing the skills gap, rolling out a major training initiative for 2,000 people in cybersecurity. The self-paced online course adjusts the content based on the pupil’s role, changing the educational offering if the user is in wireless sales, product, security sales or another relevant part of the company.

In the future, a lot of hybrid jobs will arise such as the lawyer, software programmer or risk officer who all need to understand cybersecurity, Schlager explains.

“As the impact of cybersecurity is expanding in business, so will cybersecurity roles and you will see a lot of specialization happening from a legal or policy perspective – whatever is required.” Along with those new jobs will come a need for more education.

For more information, see:

For related media inquiries, please contact story.inquiry@one.verizon.com

For more on the Fourth Industrial Revolution, please visit this page.

About the author(s): 

Richard Stiennon is the chief research analyst for IT Harvest and a security industry advisor. His writing has appeared in Forbes, CSO and ThreatVector.

Follow me:
Advertisement