While cybersecurity professionals earn a decent salary, averaging $95,000 a year, there is a sharp shortage available in the workforce. To be exact, there is a shortfall of about 40 percent in the U.S. alone with the shortfall increasing to 3 million positions worldwide. As businesses continues to digitize for efficiencies, they step further into being at risk for data breaches. Given the shortages in staff, how should enterprises handle staff shortfalls?
High expectations and inadequate training
The ideal candidate every business advertises for holds at least a bachelor’s degree in programming or computer science. Enterprises want cybersecurity certifications and experience in specializations such as intrusion detection, secure software development, and network monitoring.
Of course, this is reflective of ideal cybersecurity professionals. But amazing cyber pros can be found with less requirements ticked off. In fact, it’s most likely not all categories will be covered.
Almost no pro over the age of 30 has a degree in cybersecurity, and many pros don’t have degrees in computer science. Ideal candidates can reflect a set of personality traits. Most important is curiosity, knowledge of the current threat landscape and a strong passion for research and learning. With these traits, ideal cybersecurity professionals can be trained via a community college or boot camp style learning environment.
Unfortunately, enterprises expect too much from professionals coming through the door. Similarly, (ISC)2 performed a study and learned that enterprises are not doing enough to equip and power their IT staff with education. The study found that 43 percent of enterprises provide inadequate security training resources. And universities are not offering adequate training, either. While 85 percent offer undergraduate degrees in cybersecurity, diversified computer science programs which have substantially more students do not mandate a single cybersecurity class.
Future for cybersecurity professionals
However, future training is no so bleak. Several government agencies are developing on the job training in cybersecurity centers. Also, there is discussion regarding a Cybersecurity Peace Corps.
For enterprises in the need now, cyber boot camps and community colleges offer cybersecurity training programs for individuals already working in the field. IBM has created jobs which prioritize skills, knowledge and willingness to learn over degrees. Cybersecurity professionals pick up their skills on the job, including industry certifications and community college coursework.
Since 2015, 20 percent of Big Blue cybersecurity hires have come from IBM’s training program.
Training on the job for individuals is the best outcome for larger businesses. However, most small businesses do not have the resources or time. In fact, small businesses are at a larger risk due to weaker defenses and access to larger company data via partnerships.
One option as a stopgap for a labor shortage is partnering with a third party who has the software and staff necessary for network monitoring and intrusion detection. Using a vendor to cover security needs will ensure you enterprise has the security necessary while being cost efficient at the same time.
For more information on how MobileWare can help your enterprise with your security needs, read here.