Most everyone in the cybersecurity industry will tell you that there's a staggering shortage of talent entering the field. Now an old saw repeated over and over in our marketplace these last few years, this commonly discussed reality has seen some executives growing tired of hearing about it. The problem, though, is that this absence of talent is having major impacts on organizations' data-security capabilities and operations.
A recent study's results inject some pretty interesting viewpoints on the matter, revealing quite succinctly just how this dearth of good pros is impacting companies worldwide and what these companies' CISOs think should be done to address it. The findings are a little worrisome.
Undertaken by Intel Security, in partnership with the Center for Strategic and International Studies, the research showed that, among those corporate IT leaders involved in cybersecurity decision-making who participated in the survey, about 70 percent said the current talent shortage is causing direct, measurable harm to their networks. In fact, one in four admitted that their businesses have lost proprietary or critical data because of the lack of cybersecurity skills on hand within their organizations.
The study, which was based on interviews with some 900 IT decision-makers from organizations with at least 500 employees situated in the U.S., U.K., Australia, France, Germany, Israel, Japan or Mexico, also saw over half of participants stating that the cybersecurity skills shortage is worse than those faced by other IT professions. Some 76 percent of these leaders said their respective governments are failing to invest enough in building specialized talent. And a meager 23 percent said educational programs actually are preparing students to enter the industry.
Yet, in the last couple of years, the scarcity of qualified pros has become a more prominent political focal point for some, prompting the likes of President Obama and other countries' leaders to urge greater support for the information security field and its professionals' growth and development. Still, such initiatives seem to be slow in forging any real results in the form of sound and palpable programs.
What's needed, the study's executive participants explained further, is some hearty on-the-job training, which takes precedent over a mere university degree (though individuals looking for a role in their companies must have formal educational credentials to garner any serious consideration). As well, more vigorous continuous education, engaging instructional opportunities and non-traditional methods of learning – such as hands-on exercises, hackathons and more – likely would prove an additional boost to strengthening the talent pool.
In this regard, information security industry conferences and events – especially those boasting more varied and practical learning experiences – have become more vital and, as a result, well attended by seasoned pros and newbies alike. Still, there's also nothing like the benefits that come from mentors – both those with whom we all hope to work and those with whom we've kept in touch over the years because we continue to gain and adapt new ideas and beneficial practices from them.
Evolving your own skills and capabilities by understanding and learning from the often vast experience and knowledge of those who have seen a thing or two over the years is critical to us all. And such continuous growth and learning should last a lifetime and happen in every organization in which we find ourselves.
Yes, formal educational programs and initiatives are critical to the continuous growth of this industry's talent and many others, but there's also much to be said for what individual professionals can learn from the accomplished masters with whom we can only hope we have the honor to work. It is in finding mentors with varied experiences and insights – either while on the job or within the industry in which we toil day-to-day – from whom we can gain new viewpoints and wider enlightenment. If we couple the benefits and constant growth stemming from these critical relationships with making and growing from our own mistakes, honing and strengthening the skills demanded by our respective crafts, and developing and refining an ethically based professional philosophy, it is then that we can nurture a continuous and hopefully more acute intrinsic drive that results in a little talent and wisdom.