Suppose you have been keeping a tab on cyber security news over the past few years. In that case, you will have observed variations on the similar story cropping up time and again: employers can’t recruit the people they require for cyber security. Because of this, millions of posts are going blank. The headlines often phrase this as the ‘Cyber Security Skills Gap’.
But how accurate is this? After all, a skill gap is a mismatch between what employers want or demand particular employees to do and what those people can do when they get into work. If you fail to find someone who knows how to run a penetration test, that’s a skills gap.
However, suppose an enterprise automatically discards candidates with hands-on hacking skills but with a specific degree. In that case, it’s not a skills gap it faces but a recruiter expectations gap.
Overly rigid hiring criteria hardly works for anyone. It infers that way too many skilled applicants fall by the wayside, while posts go vacant. Thankfully, however, there’s proof that things are modifying, with an extra 500,000 people entering the cyber security workforce in previous year(up 25% on the previous year’s figures). Employers are being motivated to be more ingenious when the hiring time comes, with more flexibility when it comes to years-of-experience needs and less focus on age-old training routes.
For intending entrants to the infosec profession, this is indeed very good news. If you can report your current skills, fill the gaps in your insight and opt for the type of practical know-how that’s in need, you should be better placed than ever to bridge the gap.
The hiring shortfall in focus
Beneath is a quick snapshot of the current state of cyber security hiring across different parts of the globe.
USA
The reports in Techtarget, according to (ISC)2, the gap between open cyber security positions and those filled presently in the US stands at 359,000.TechTarget’s Bart McDonough of managed IT and cyber security provider Agio said, “Cybersecurity leaders these days must comprehend that talent seldom comes in ‘fully baked’ and will require time and attention to train up.”
Europe
Vacancysoft’s 2020 report, Cybersecurity: Building Business Resilience delineated a shortage of 140,000 cyber security professionals across Europe. An estimated 70% of enterprises are lacking an adequate security team.
UK
Last year, ComputerWeekly represented a huge growth in demand for cyber security applicants outside of the London bubble. Year on year, the amount of advertised jobs in Yorkshire and the North East surged by 138%, along with an 85% hike in the South West. Only 10% of present IT professionals have the cyber security skills the UK’s tech sector presently needs.
India
As per a recent estimate by the Data Security Council of India, the country will shortly seek itself in need of about one million cyber security professionals. 49% of companies surveyed for the 2021 State of Cybersecurity 2021 report say that they have vacant positions in their cyber security divisions. R.V. Raghu who is a member of ISACA’s Emerging Trends Working Group, says, “It is not only mandatory to better prepare new graduates, but also to escort a wider pool from all streams and empower them with the skills required to accomplish in a cybersecurity career”.
Skills Gap vs Hiring Gap
The talent is out there. It’s just that backdated ideas of what it depicts to be “qualified” depicts that there is often a hindrance to recruitment. It is according to a new thinking piece for Forbes by Christian Espinosa, Cybersecurity Engineer, writer of “The Smartest Person in the Room”, and Alpine Security’s founder and CEO .
If employers force on a very firm wish-list on what to expect from candidates, then a so-called skills gap is unavoidable. There simply aren’t going to be adequate college graduates with 5 years+ in-house experience to move around. And the argument of Espinosa’s is that the value of theory-oriented college courses can easily be overstated. Candidates can oftentimes look great on paper; they can ‘talk the talk’, but are lacking in the type of practical know-how that companies actually need.
How are employers responding?
As we mentioned before, the last few years have been reigned by stories of the cyber security skills gap. But presently, there has been a shift: employers are embarking to realise that it’s actually a hiring gap rather than a skills gap. Forward-thinking businesses are becoming flexible in their approach to recruitment, which is good news for the one who has arrived at infosec through contemporary routes.
ISACA, the global IT governance and accreditation body presently published an article giving ideal practice tips for increasing the talent search. These comprise…
- Setting out clear, accomplishable expectations in job postings and more reliance on practical skills tests.
- Flexibility with years of experience requirements.
- Dodging over-reliance on formal qualifications and aiming for up-to-date know-how.
- Looking for general proof of inquisitiveness, willingness to learn, problem solving and communication skills.
Where does this leave potential cyber security employees?
If you would like to transition to a cyber security role for your existing employer, what specific skills does the business need? If you are approaching cyber from a wholly different background, what’s the ideal way to get started? If companies are going to respond to the increasing risks out there, the only way forward is going to entail greater flexibility in bridging the hiring gap. For would-be employees, this is the ideal time to focus on targeted, hands-on training to bridge their own skills gaps.
