The Cybersecurity Skills Gap - Causes & Possible Resolutions

The cybersecurity skills gap is the phrase used by professionals to describe the discrepancy between the large number of open cybersecurity jobs and the number of qualified candidates with the proper background needed to fill these positions. According to the (ISC)^2 Cybersecurity Workforce Study, this gap grew by 26.2% from 2021 to 2022 across the globe and is an issue that has plagued the cybersecurity industry and industries across all sectors for years. 

Many employers who are hiring for cybersecurity positions believe that this is primarily caused by a shortage of qualified talent in the applicant pool, meaning that though job postings may be attracting applicants, the folks opting to apply are not fitting the openings well. Despite this commonly held belief, this is not the only factor that appears to be causing this ongoing issue. Other factors include companies having difficulty keeping up with turnover/attrition as well as lacking an adequately competitive salary for such positions. Each of these causes are impacted by a business’ budget to a degree, but it goes further than that -  the press release for the study included a quote from Clar Rosso, (ICS)^2’s CEO, stating, “Professionals are saying loud and clear that corporate culture, experience, training, and education investment and mentorship are paramount to keeping your team motivated, engaged, and effective.” In addition to employer and potential employee expectations, the demand for cybersecurity-related positions continues to grow and grow, making the task of closing the skills gap even more difficult.

These are the most widely agreed upon causes for the cybersecurity skills gap, which now totals an estimated 3.4 million people, however, there are some things that can be done by many different key players to help lessen the severity of this gap.

• Offer In-house Training – Companies looking to close the cybersecurity skills gap experienced internally may want to opt for an in-house, skills-based training program. This helps to target cybersecurity education specifically to your business’s needs, and is something beneficial to your current and future staff. 
• Automation to Bridge the Gap – Though not feasible for all positions, utilizing automation of certain functions where possible can help to relieve your cybersecurity staff of some of the tasks involved in their positions. This not only helps your business to operate more efficiently, but it lessens the burden on your IT team and allows them to focus their efforts on the areas where a human is necessary. 
• Increase Interest in Cybersecurity in Young People – College students often respond well to learning more about a career from an existing professional in that given field. Local businesses should work with nearby universities and colleges to help pique interest in young people trying to determine their future professions. Educational institutions should prioritize this themselves, but you can go one step further on your end by offering to speak during a class. This can also be done on a lower level at K-12 schools, particularly those that have programs with an emphasis on STEM education.

Image by creativeart for Freepik.

‍