According to CNN, in the weeks just before the Colonial Pipeline ransomware attack, the company had posted a job listing for a cybersecurity manager.
Never good to apply for earthquake insurance after the Big One hits. Flood insurance only helps before the water fills your house.
The lesson from security breaches like Solar Winds and Colonial Pipeline is that it is high time – in fact, it’s well past time – for companies to invest in cybersecurity and to build a strong, well trained cybersecurity team.
But there’s a major obstacle standing in the way of doing just that: a massive, long-standing labor shortage in the cybersecurity industry. "It's a talent war," said Bryan Orme, principal at GuidePoint Security. “There's a shortage of supply and increased demand.”
What’s the cost? According to ITIC Consulting, IT services downtime costs companies anywhere from $300,000 to over $1,000,000 per hour, so a financial hit from even a cyber attack of short duration could seriously damage your bottom line.
The cybersecurity labor shortage is not new. Experts have been tracking it for at least ten years. The pandemic and the increase in remote workers had already stressed cybersecurity departments. CNBC reports that the “rapid shift” ushered in by the pandemic was “a tall order for an industry that was already in need of skilled professionals long before the pandemic took hold.” Some cybersecurity workers “were taken off some or all of their typical security duties to assist with other IT-related tasks, including equipping mobile workforces, according to an April survey from global nonprofit (ISC)2.” Cybersecurity teams were outnumbered by bad actors, whether those bad actors were nation-states or cybercriminals.
Now the surge in companies looking to hire after the recent cyberattacks is exacerbating the problem. “The stakes are only growing, as technology evolves and bad actors become more advanced,” Clare Duffy writes in “Wanted: Millions of cybersecurity pros. Salary: Whatever you want.” She reports on CNN that there are an estimated 879,000 cybersecurity professionals in the workforce in the United States – and there is an unfilled need for another 359,000 workers according to a 2020 survey by (ISC)2. The gap is even more pronounced globally – with 3.12 million unfilled positions.
There is a wide range of hiring needs – from entry level security analysts able to identify bad actors to executive level leaders who can see the big picture and inform their boards about risks. Duffy says that the US Bureau of Labor Statistics projects "information security analyst" will be the 10th fastest growing occupation over the next decade, with an employment growth rate of 31% compared to the 4% average growth rate for all occupations.
According to some, it’s a perfect time to increase the diversity of the cybersecurity workforce. For example, “just 25% of cybersecurity professionals are women,” so diversity, equity, and inclusion efforts can focus on recruiting and retaining women in cybersecurity professions. Others suggest there should be a focus on training younger workers to fill this talent gap. And in Forbes, Christian Espinosa argues that employers might be overlooking qualified applicants by focusing on the need for a four-year degree. Espinosa asks, “What if we're passing up plenty of top-notch candidates because we have an outdated idea of what it means to be "qualified" for a cybersecurity position?” He argues that motivation, communication skills, and real-life experience can sometimes prepare people better for cybersecurity positions than what they might learn at a university. “The skills we need in cybersecurity are diverse,” Espinosa writes. “It's not a one-size-fits all industry, and drawing from the same arbitrary talent pool over and over is a liability to the growth and innovation of our field. Especially given our circumstance of this huge talent shortage, we have to start looking at the problem differently and be willing to dismiss the status quo.”
But one thing is clear: cybersecurity attacks are growing. Which means the need for excellent cybersecurity professionals continues to grow too.
CYRIN can help. We have some of the best content including skills development labs, individual or team exercises, and multiple cyber-attack scenarios. CYRIN’s online interactive virtual training platform is designed to improve the skills of IT, engineering and cybersecurity professionals and learners. Each learner or corporate trainee receives his/her own virtual instance of the CYRIN cyber range and completes “learn by doing” courses.
In addition, CYRIN offers two unique features: Performance Monitoring – which allows learners to see their progress and allows instructors to follow individual student progress or track the progress of a whole group – and Exercise Builder, a patented tool that allows you to build your own labs, modify existing labs, or port your content to CYRIN’s training platform. This allows CYRIN to continually build upon and add to the current 50+ interactive labs, individual or team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks. So we have the content, we can track the content and, because of Exercise Builder, we always have more content in development for different pathways, scenarios and courses.
Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!