As organizations begin to address the risks of an increasingly complex digital landscape, they are recognizing that cybersecurity challenges are compounded by a lack of available talent and skills to mount a necessary defense. The digital skills shortage in the U.S. is at a critical point, highlighting a need for increased investment in workforce training. The Biden White House recently said that roughly 700,000 cyber-defense-related positions nationally are unfilled.
Clearly, CISOs and leaders across the C-suite are focused on the challenge, and many are investing heavily in shoring up gaps in their cybersecurity approach. In an age when a cyberattack can be an existential threat to any organization, cybersecurity engineers will serve as the first responders to such threats.
But organizations are struggling to fill these roles. Cyber professionals face ever-increasing pressure to keep up with more sophisticated and complex threats. The burnout in the profession is significant. What’s more, there hasn’t been a good understanding of the variety of jobs that there are in cybersecurity, and the various skills that can be leveraged for those jobs.
What complicates the effort to fill these roles are the demands placed on them. A strong cybersecurity professional must have advanced skills and experience in the following: meeting the immediate needs of securing the enterprise while also satisfying regulators and compliance officials; keeping a close eye on protections for customers and their personal data; and, if an incident occurs, navigating those interactions and coordinating with law enforcement. These are skills rarely found together.
In fact, not only is there a challenge in filling day-to-day roles within the cybersecurity portfolio, there is also a leadership gap. Many highly skilled cybersecurity professionals avoid taking leadership positions in the field precisely because they do not feel prepared to take on these multivariate tasks.
The solution rests in a two-pronged approach.
#1. Leverage cybersecurity frameworks and automation.
Organizations need to reduce the demand on crisis cyber defense by deploying automated platforms and technologies, such as zero trust security, to screen out threats and examine their entire value chain — including suppliers, vendors and others who may be the source of the greatest potential risks. As part of this effort, trained cybersecurity professionals should be deployed during the software development lifecycle and across business processes so that security and protections can be embedded by design rather than bolted on later.
#2. Migrate cybersecurity to the cloud.
Navigating the Cybersecurity Career Path
