Upskilling is Critical to Closing Cybersecurity Skills Gaps
Cybersecurity is the number-one skills gap in 2022, surpassing cloud computing as the top-ranking area of focus for individuals and organizations, according to a Pluralsight survey of more than 700 tech professionals.
Respondents with access to modern upskilling options demonstrated more confidence in their skills and trust in their organizations. These technologists had access to multiple types of upskilling resources and said they felt stronger personal satisfaction and connection to overall organizational strategy.
The main barriers to upskilling range from low bandwidth to tight budgets and include roadblocks such as lack of awareness of what’s available, a focus on hiring rather than upskilling and a lack of leadership support, the report revealed.Â
The survey also found more than half of respondents (52%) said they have considered changing jobs because they are not given sufficient resources to develop tech skills.
The Future of Upskilling
Mark Arnold, vice president of advisory services at LARES Consulting, an information security consulting firm, said discerning whether the current trend persists given the ever-changing geo-political, technological and threat landscapes remains difficult.
“It is more likely that cloud and security upskilling will vie for the top spot for the foreseeable future,” he explained. “Companies adopting cloud strategies and undergoing digital transformation will require evolved security strategies to meet market demands. Cloud upskilling requires security upskilling in the marketplace.”
He pointed to Cyberseek.org, which has been tracking job openings for some time, noting that the data indicated that the gap remains and continues to grow.
He added that despite the emergence of several cybersecurity platforms as well as AI and ML-assisted technology in recent years (some more affordable than others) to counter the shortage of skilled technologists and security practitioners, the gap persists.
“I am not certain that new solutions are the answer. There is no shortage of platforms,” Arnold said. “The disconnect for me is that the industry often fails to connect the upskilled with gainful, meaningful employment that makes use of their newly earned skills.”
How Organizations Can Help
He said organizations can do at least two things to help their IT security people stay up-to-date and upskill themselves.
“First, organizations should establish and maintain security awareness programs that are informed by the current and evolving threat landscapes,” he said. “Stewards of security awareness programs should build continuous learning opportunities that are both contextual and relevant for their workers.”
Secondly, Arnold explained that an organization should ensure that security staff is immersed in the larger security community which provides pockets of learning like OWASP, BSides, Cloud Security Alliance, DefCon, etc. for upskilling.
“Allowing security staff time off to be exposed to other practitioners can only broaden their outlook and keep their skills current,” he added.Â
Davis McCarthy, principal security researcher at Valtix, a provider of cloud-native network security services, said he expects the skills gap in cybersecurity to continue to be a major source of concern going forward.Â
“Security changes daily, and the skills vary across tech stacks and industries; SOC analysts might need more communications skills, whereas a reverse engineer benefits from a computer science background,” he said. “The threats that impact a bank also differ from those that impact industrial control systems. Skill crossover does exist, but niche experience often comes from a small talent pool.”
From his perspective, upskilling the current cybersecurity workforce will likely be cheaper than purchasing a new product that consequently requires training to be effective.
“However, if a lack of cloud computing skills is a close second, the enterprise should consider building security into their cloud environment from the start–don’t count on the cavalry coming to save the day during an incident,” McCarthy added.Â
He said security was often overlooked because it came from a place of, “What if?”, but given that cybercrime is a multi-billion dollar industry, the enterprise needs to embrace the “Not if, but when” mindset, instead.
“It continues to blow my mind,” he added. “Why wouldn’t a company invest in a team that prevents their business from falling off a cliff?”
McCarthy pointed out that professionals in cybersecurity know what they don’t know; allowing individuals to plot their own educational path will satiate their curiosity, and keep them happy and up-to-date.
“Newcomers might need guidance, and while managers often have limited resources—if the prospect wants to learn it all—hold on tight, you’ll be lucky if you’re able to retain them,” he said.
