Cyber Skills Gap Grows Along With Threats
A corporate job opening typically draws as many as 250 applicants with varying qualifications. In stark contrast, a new survey of the growing cyber security skills gap reveals that just over half of U.S. companies looking to fill corporate IT security positions receive five applications. Of those, fewer than one in four candidates possess the qualifications companies are seeking.
"As enterprises invest more resources to protect data, the challenge they face is finding top-flight security practitioners who have the skills needed to do the job," information security executive Christos Dimitriadis told the RSA security conference this week. "When positions go unfilled, organizations have a higher exposure to potential cyber attacks."
Fifty-five percent of respondents to a cyber security skills survey said they place greatest emphasis on hands-on experience. Nevertheless, 25 percent said candidates lack technical skills. Hence, most recruiters emphasize performance-based certification and training over candidates with college degrees in cyber security.
More than two-thirds of respondents "view certifications as equally, if not more, important as formal education," according to the workforce study released this week by the cyber training and certification group ISACA.
Sensing an opportunity, companies such as IBM (NYSE: IBM) have moved to address the cyber security skills gap with automation tools based on its Watson cognitive computing platform. In one scenario, security teams dealing with hundreds of thousands of security events each day could hand off lesser threats to automated systems to reduce the amount of time wasted on false positives.
A new IBM research projects code-named Havyn based on a voice-powered security assistant leverages Watson conversation technology to respond to verbal commands and natural language from security analysts, the company said this week.
Indeed, cyber security organizations such as ISACA endorse the use of emerging cognitive tools as a way to close the cyber skills gap and address the more mundane but critical aspects of cyber security. "Where security operational tasks can be automated, it can decrease the overall burden on staff and thereby help make best use of staff that an organization already has," the study recommended.
It also recommended that companies take steps to retain and invest in its cyber defenders as demand for those talents increases in parallel with threats to corporate networks. The urgency to retain cyber specialist was underscored by another finding: Roughly one in four companies surveyed reported that the time to fill priority cyber security and information security positions can be at least six months. In Europe, almost one-third of cyber security job openings remain unfilled, the study found.
Another factor at work in the cyber realm is a phenomenon known as "security fatigue," defined as "weariness or reluctance to deal with computer security." Hence, unremitting cyber attacks and the mundane nature of the cyber security are contributing to the cyber skills gap, the study warns.
The cyber security workforce study can be downloaded here