A shortfall of qualified cybersecurity professionals signals the need for specialised cybersecurity courses at college level to ensure the availability of ready cybersecurity talent.
It is logical that as the cyber threat landscape expands, the need for specialised cybersecurity skillsets will increase. However, most companies – both large and medium-sized – face massive challenges in finding the right set of infosec professionals to fill up critical cybersecurity positions. Skill shortage in cybersecurity is nothing new, but now it seems more crucial as AI-driven threats increase in numbers and complexity leaving consumers and companies vulnerable to major attacks.
A study by Kaspersky shows that more than 40% of companies worldwide are facing a shortage of qualified and employable cybersecurity professionals. Even as the demand grows for infosec professionals, the level of expertise keeps declining.
The Kaspersky survey titled “The portrait of the modern Information Security professional” conducted with 1,012 InfoSec professionals in 29 countries including India, showed that it takes companies more than six months to fill an average cybersecurity position. As expected, recruitment for senior level positions takes the longest, with 36% of companies saying it requires almost a year or more, while junior jobs can be filled in the shortest time – one to three months, according to 42% of respondents.
These figures are alarming since companies that operate for long periods of time without the necessary staff are at huge risk, as the absence of cybersecurity personnel provides cybercriminals ample opportunity to penetrate business infrastructure and damage business processes. Another challenge that organisations face – this can be called the big one – is finding and hiring the right infosec professionals.
Kaspersky’s study revealed that 52% of the respondents found a discrepancy between certification and real practical skills, and 49% said that the lack of experience of the infosec professionals hired also posed a challenge. So, we see that even if there is access to certified infosec professionals, companies want people with proven professional expertise to avoid the high cost of additional training.
The reason behind the shortage and skillset discrepancy
When we see the curriculum offered in leading technical and engineering colleges across the country, there are very few dedicated courses in cybersecurity that would enable students to gain skills and be employment-ready in the cybersecurity industry. Another challenge with formal cybersecurity training is the lag behind real-world cyberthreat events. Most courses, currently focus on what has already occurred and not what are to come. This becomes even more challenging with AI/ML-driven cyber threats taking precedence in real-world cybersecurity scenarios.
We also find that tools, technologies, and threats are evolving very rapidly which outpace the knowledge gained at universities. This throws another curve ball at the newly minted talents. Cybersecurity personnel do not have sufficient hands-on training nor the right skillsets to build a career in cybersecurity. Most of these new professionals are often sorely unprepared for what awaits them in the real world. Even as they join a company’s cybersecurity team, they have to be upskilled before they can be handed any responsibility.
Addressing the talent shortage issue in the bud
The rapidly evolving nature of cyber threats means that educational programs often struggle to ensure their content is up to date, leaving the students learning cybersecurity with knowledge gaps. This is where the change has to be brought in. Universities need to ensure continual learning and adaptation for young professionals by integrating the leading expertise with educational curriculums to combine practical hands-on experience and theoretical knowledge.
The new set of cybersecurity curriculum should look at a multi-faceted approach focused on academic learning, latest threat trends and technologies, workforce requirements, and businesses that need a highly skilled talents.
Here are four ways the new skillsets can be developed:
#1. The education system needs to upgrade through partnerships: Higher education institutions can upgrade their curriculums by partnering with cybersecurity players and integrating the latest industry knowledge into their training programmes. Some leading cybersecurity companies do have special programmes for universities to integrate the latest in cybersecurity expertise. These programmes enable the colleges to access world-class knowledge on cyber threats, security experts to offer lectures and training sessions, as well as the latest technologies.
#2. Learning through real-life experience: Young professionals need to supplement their academic training with real-life job experience. They should seek internships in information security or R&D departments of organisations. They can also look at interning with leading cybersecurity companies to get hands-on experience on cyber threats and solution development.
#3. Participating in hackathons and competitions: Cybersecurity students or young professionals can take the opportunity to develop their skills by taking part in cybersecurity competitions and hackathons. These throw various cybersecurity challenges at them, and they are expected to solve them in real time. This helps to build an understanding of the rapidly changing world of AI-driven cyber threats and how they need to be managed in an organizational setup.
#4. Reskilling and upskilling on the latest threat trends and technologies: Cybersecurity is such a dynamic industry that continuous learning is vital for all infosec professionals to stay relevant. This is more crucial now with the fast emergence of AI/ML-driven threats. Opting for continuous learning, and undertaking additional training courses and certifications is key to staying relevant for an organisation’s cybersecurity needs. Getting trained on AI/ML-driven cybersecurity technologies also helps in a big way to remain competitive in the job market.
In Conclusion
The problem of cybersecurity staffing shortage is, of course, too big for a quick-fix solution. Only with a long-term planning and comprehensive approach will it be possible to fill the deficit of qualified specialists. There are two major ways the cybersecurity industry has to address this.
The first is to establish more effective cooperation between cybersecurity companies and educational institutions. Higher education institutions need help to adapt their programmes to real-world developments to make them more current. They have to ensure that graduates are employment-ready and meet employers’ requirements.
The second is to harness the power of AI to transform cybersecurity training and to encourage human critical thinking to complement the hard skills required of cybersecurity professionals in evaluating complex situations and making informed decisions.
{ Authored by Jaydeep Singh, General Manager for India Region, Kaspersky }
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
