Is there a cyber security skills gap? Plenty of surveys and anecdotal evidence seem to say that’s the case. For example, an end-of-year survey of IT professionals conducted by ESG found that 53 percent of organisations reported a shortage of security skills, up from 51 percent the year before and up from 45 percent in 2016. So, from this perspective, it looks like not only is there a skills shortage, but it is getting worse.

Clearly, having an experienced and skilled cyber security workforce is more important than ever. But could we already have that workforce in place? Are we approaching hiring cyber security workers all wrong?

Crossover with tech

In a HelpNet Security article, Insight Engines CEO Grant Wernick asked whether organisations are looking for the wrong skill sets when hiring security staff.

“Cyber security tends to look for traditional tech credentials. But cyber security is much more than a strictly technical role,” he wrote. “Threats are constantly evolving, new technologies lead to new vulnerabilities, and technical proficiencies can become quickly outdated. At its core, investigating cyber crime relies on curiosity and problem-solving.”

Looking for tech credentials is an old-school approach from the days before there were specific cyber security education opportunities.

Outdated focus

Too often, organisations are looking to fill cyber security positions with a focus on last year’s security issues and last decade’s hiring attitudes. The Information Security Forum (ISF) examined these concerns in a new paper, Building Tomorrow’s Security Workforce. According to the paper, organisations need to refocus their outlook to incorporate new developments in the global security workforce.

Unemployment in cyber security is at zero, and this means skilled professionals aren’t afraid to take their talents elsewhere for more money and better benefits. Hence, organisations, CISOs and Information Security Leaders should focus on understanding the culture of the security workforce and evolving that culture to aid retention.

To build a sustainable security workforce, organisations should adapt to market demands by seeking candidates with diverse competencies and skill sets coupled with providing competitive benefits and structured career development.

Source: Security Boulevard