A global study from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) reveals the skills gap for cyber security professionals is widening and further impacting employers, but the study also notes that most companies are investing in the wrong training areas.
While organizations are investing heavily in new cybersecurity technology, they’re not investing enough in people. The survey notes 70% of businesses believe the cybersecurity skills shortage will impact them, yet 62% believe they are falling behind in providing sufficient training for professionals in the field. That’s up almost 10% from last year.
The group reports significant shortages in specific areas: 31% are seeing shortages in security analysis and investigations skills, 31% are seeing shortages in application security skills and 29% are seeing shortages in cloud computing security skills.
In addition to not investing in training at all levels, the survey reveals that many employers are not providing the right type of training. Respondents are using specific training courses, and professional development organizations to build skills and knowledge, rather than security certifications. The lack of availability in the niche cyber security market might be the cause.
Organizations will need to look at ongoing learning, like just-in-time training while focusing on specific skills sets for the industry like application and cloud security. They’ll need to show employees these training plans are beneficial for their career development, as well. With so many more options than a four-year degree, like bootcamps, e-learning, and microlearning opportunities, employers can get creative to fill cyber-security skills gaps.
The survey highlights that a shortage of candidates in cybersecurity represents a national security threat as well as a threat to business. Authors of the report suggest the issue is larger than just filling jobs. It’s about creating an environment that prioritizes cybersecurity.