The Ever-Growing Cyber Security Talent Gap--and How to Bridge It

CYRIN Newsletter

News for the Grid—The Ever-Growing Cyber Security Talent Gap—and How to Bridge It

Cyberattacks are growing in frequency and intensity. Every day there’s a new hack or breach reported in the news. We’re more connected than ever—and our devices are connected, too: refrigerators, cars, televisions, phones, doorbells, you name it. Plus, we continue to store increasing amounts of vulnerable and private information online, documents like medical records. In many ways, the electric grid is America’s first line of defense, which means it needs a powerful and impenetrable cyber line of defense—well-trained professionals able to fight the inevitable battles ahead. And the problem is there aren’t enough skilled cybersecurity professionals to protect us, our data, our grid, and our intellectual property. Individuals, companies, government entities, cities and towns—we are all facing a catastrophic cybersecurity talent gap.

“A war is raging for cybersecurity talent,” Dave Barton writes in Security. Everyone—from the government to the private sector—is “scrambling for talent.” There is a shortage of well-trained professionals. “By one estimate,” Barton writes, “there will be 3.5 million unfilled cybersecurity jobs by 2021.”

What’s more, due to the shortage of cybersecurity talent, many companies are hiring people who are unprepared for the job at hand, leaving everything—from data to intellectual property—more vulnerable to attack. Sometimes security positions remain unfilled for months.

It's one thing if a company’s data or intellectual property is not protected adequately. It’s another thing entirely if the electric grid is vulnerable to cyberattacks. “If a mass power outage were to result from a successful cyberattack on the electric grid, national security and economic stability would be threatened,” Constance Douris writes in Forbes. “This is because hospitals, banks, factories, pipelines, financial networks, water systems, telecommunications and military bases would simply not function without electricity.”

Douris explains that two systems comprise the electric grid in the US: the distribution system and the bulk power system. “One vulnerability of the U.S. grid is that cybersecurity standards do not exist for the distribution system,” she writes. But in reality that means both systems are vulnerable—because the bulk power system is linked to the distribution system. “A successful cyberattack on one or two utilities could create a ripple effect, destabilizing electricity in large areas.”

Martin Mickos reports in Forbes that “a global study from ESG and ISSA confirmed ‘that the cybersecurity skills shortage is exacerbating the number of data breaches,’ with the top two contributing factors to security incidents being ‘a lack of adequate training of non-technical employees’ (31%) first and ‘a lack of adequate cybersecurity staff (22%)’ second.”

The cybersecurity workforce must grow by 145% to fill the talent gap, Valerie Bolden-Barrett writes in HR Dive. She reports that the 2019 (ISC)2 Cybersecurity Workforce Study “showed that 65% of companies reported a cybersecurity staff shortage, and for 36% of respondents, the lack of skilled cybersecurity specialists was their top concern.” She continues, “Demographically, women in the study accounted for 30% of cybersecurity professionals, 23% of whom had IT security job titles; more than a third of respondents were below age 35; and 5% were below age 25.” The study reveals that the top recruiting sources included “recent college graduates, consultants and contractors, other departments within a company, vendors of security/hardware and career switchers.”

According to Barton in Security, the cybersecurity talent gap is an industry crisis. It’s a systemic issue—and in Barton’s view, “it starts and ends with education.” There aren’t enough middle- and high-school students interested in STEM; as a result, there aren’t enough college graduates being trained in technical disciplines, which means there aren’t enough PhDs either. “Cybersecurity should have been a Bachelor of Science degree 15 years ago,” Barton writes.

So what do we do now? The talent gap is large and seemingly growing—and so are the threats to cybersecurity. “Employers are recognizing that upskilling is one way to close the skills gap,” Bolden-Barrett writes. And employees are hungry for upskilling, too. This means companies can and should provide opportunities for training and professional development.

Mickos insists in Forbes that the traditional classroom is not the primary solution to the talent gap. Most ethical hackers are self-taught, he argues. He sees real promise in new educational tools that are on the rise. And others agree. Hacking and the lack of talent to protect us are “out of the box” problems. They need an “out of the box” solutions—solutions that can be implemented now, in your workplace, at your company, by the people you’ve already hired or hope to hire in the future.


Who are we? We are CYRIN®—a business unit of Architecture Technology Corporation, headquartered at their ATC-NY cyber security division in Ithaca, NY. We train you in all things CYBER, from potentially leaky Web Applications to Denial of Service attacks to Forensics Investigations. We think the best way to train is to actually do it.

CYRIN lets you use real tools, real attacks, and real scenarios to hone your skills in a virtual environment. CYRIN training supports the current generation of cybersecurity professionals while developing the next generation of cybersecurity leaders—and even more importantly, can help save your organization from a disastrous cyberattack. CYRIN trains you in the next-generation of cybersecurity skills from your own desktop. With virtual cyber-security training in a real-world environment, CYRIN lets you test your cybersecurity skills on your own schedule with no custom software or travel necessary.

One way to combat the shortage of cyber security professionals is to invest in training. CYRIN offers unlimited on-demand training opportunities for you and your team with three levels of training including 30+ cyber labs, multiple training exercises and now several attack vectors on SCADA/Industrial networks for the utility industry. Come see for yourself. Our site is always open.

< Read other CYRIN Newsletters

Contact Us for details to Set Up a CYRIN Demo

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit Your Utility