Working to Close the Cybersecurity Skills Gap

As of January 2022, 4.95 billion people can connect to the internet. This number represents 62.5% of the planetary population, with more people getting online every day. More people are connected than ever, making cybersecurity one of the most important fields in the modern world. Despite this growing need, there often aren’t enough people in the field to protect critical cyberinfrastructure. Necessary positions are going unfilled simply because there aren’t enough talented experts to go around. Cyber attacks are becoming more common every year, with numbers hitting record highs during the COVID-19 pandemic. What can we do to close the cyber security skills gap and why is it so important?

Five Years and Counting

Hacks and cybersecurity breaches have been around nearly as long as the internet. It’s become a fixture in pop culture. Hackers with fingers flying over keyboards, taking down the big evil corporation (Hackers, 1995). Hackers saving the world with their skills (The Core, 2003). The problem lies in the portrayal. While a subset of hackers, known as white hats, use their skills to protect the cyberinfrastructure, bad actors aren’t hacking the planet to make things better for the little guy. They’re targeting vulnerable systems or gullible people and using their skills to steal money, information or both.

Healthcare providers have been a frequent target in recent years. Healthcare information sells for a premium on the black market or dark web. There aren’t enough trained individuals available to shoulder the workload — and it’s a problem that’s been persisting for five years. When surveyed, cybersecurity professionals reported having to shoulder a heavier workload. Most blamed unfilled positions or worker burnout for contributing to the problem. Upwards of 95% of those surveyed believed that the situation hasn’t improved in multiple years. 

What’s Causing the Cybersecurity Skills Gap?

With such a massive demand for these skills, why is there such an enormous gap in the cybersecurity industry?

Requirement Perceptions

The majority of cybersecurity job listings require, at minimum, a four-year degree and various security certifications. While these are valuable tools, they aren’t strictly necessary to succeed as a cybersecurity professional. Some of the most talented white hat hackers in the industry are all self-taught. One survey found that upwards of 79% of hackers taught themselves the needed skills. Companies have bug bounties to reward people for finding and reporting security vulnerabilities. Many who claim those bounties don’t even work in the industry. There is a ton of potential here. Locking it behind a four-year college degree and thousands of dollars worth of certifications makes it more challenging to bring in new blood. 

Job Listings

Anyone who’s looked for a job in the last decade or so has seen this trend. Companies are demanding a degree, a variety of certifications and multiple years of experience for a junior or entry-level position. Job listings ask for 10 or 15 years of experience in technology that has only existed for five years. People aren’t going to go out of their way to get all of these certifications, only to have to fight for an entry-level position. 

Lacking Diversity

Tech, in general, has always been a male-dominated field and cybersecurity is no different. Research has also shown that colleges in poor or minority-dominated districts tend to receive less federal funding. This makes it harder for black students or those that belong to minority groups to get their foot in the metaphorical door. Less than 20% of the cyber security workforce identifies as female, which is another place where recruiters and business owners could make changes to support better recruiting tactics. 

Time for Learning

One of the biggest challenges for existing cyber security professionals is staying on top of all the new technologies and ways they can be broken. A majority of surveyed cyber security workers stated that they have difficulty keeping up with all the learning they need to do to maintain and hone their skills. A trained cyber security expert is only as good as their knowledge base. Hackers and their tactics are changing every day. These pros need all the help they can get to stay ahead of the curve and prevent significant breaches. 

A Managerial Disconnect

There’s often a big difference between what a cybersecurity expert says is necessary and what a business owner or manager is willing to do. Unfortunately, this managerial disconnect could put companies at risk for a cyberattack. 28% of surveyed security professionals stated that these teams need to form stronger working relationships to ensure safety in cyberspaces. 

Is There a Real Skill Gap?

While most cybersecurity professionals will tell you that there is a considerable skills gap in their industry, some disagree. However, one thing that everyone agrees on is that there is a growing need for cybersecurity professionals in a variety of industries. One writer believes that the problem lies in the industry’s perception rather than the number of cybersecurity people. The actual gap lies between a business’s expectations and the value they receive from hiring cybersecurity professionals. That communication breakdown has led those outside the industry to believe that there is a skills gap simply because they don’t have the slightest clue what they’re paying for. 

Ask anyone who works in cybersecurity and you’ll find out quickly that this is false. Those who have spent time in the industry can tell you how they are overworked and underappreciated. They could go on at length about how adding more skilled cybersecurity pros to their ranks could help lighten the load and make their jobs more accessible and efficient. 

Growing Risks

Experts expect to see more than 7.5 billion people connected to the internet by 2030 — that’s the majority of the human population. All of those connection points mean that there are that many more potential vulnerabilities, and that number continue to grow every year. We could potentially see 75 billion IoT devices online by 2025 and over 200 billion by 2031. 

Cyberattacks today are also expensive. Between 2016 and 2019, companies and individuals worldwide lost $26 billion. In 2021 alone, people lost $133 million to online romance scams — and those are only the ones reported to the FBI. 

The risks aren’t just to your wallet. Networked and connected medical devices are also at risk. Things like insulin pumps and pacemakers that use wifi to report data or receive adjustments could provide hackers with a way to cause harm to the patient. Hacking into a pacemaker could give them the ability to interfere with a person’s cardiac rhythm or even stop their heart. Hacking into an insulin pump could allow them to deliver a fatal dose of the otherwise lifesaving medication. 

Securing The Future

Closing the cybersecurity skills gap isn’t something that’s going to happen quickly or easily. Despite this, it will be essential to ensure that the internet continues to be safe for individuals and businesses to use as we move forward. Business owners looking to employ cybersecurity pros need to educate themselves on exactly what they should be expecting from this service. The industry itself also needs to take advantage of all of this home-grown talent that might otherwise be overlooked because they can’t afford a four-year degree.