Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Wednesday, 13 April 2022 15:14

How to cope with Australia's coming cybersecurity talent shortage

By Christopher Cochran, cybersecurity advocate at Axonius
Axonius cybersecurity advocate Christopher Cochran Axonius cybersecurity advocate Christopher Cochran

GUEST OPINION: Australia's recent budget ushers in the nation's 'biggest ever' cybersecurity spend, with $10 billion pledged to see electronic spy agency Australian Signals Directory (ASD) double in size and ramp up its ability to launch offensive cyber operations.

That's great news for the IT industry, but the expansion is also likely to usher in a huge demand for cybersecurity jobs.

Already, the increase of cybersecurity incidents has more than doubled the demand for cybersecurity professionals. Some sources state that around 3.5 million cybersecurity jobs are likely to go unfilled worldwide between 2022 and 2025.

Considering the impact of cybersecurity incidents and the number of open jobs, why is it so difficult to staff cybersecurity professionals?

So let's dissect the scarcity problem.

On the surface, it seems as though there are not enough qualified professionals to fill all the job requirements. But let's dig deeper. By the end of 2021, it was estimated that there were 1,053,468 employed cybersecurity professionals and 597,767 job openings. Organisations often look for the following four cybersecurity roles:

1. Cloud security: Focuses on implementing and managing the security of critical assets in cloud environments.

2. Security analysis and investigation: Focuses on in-depth analysis of threat intelligence and security event artifacts for proactive investigations.

3. Application security: Focuses on developing and configuring mobile and web application code using secure coding best practices and monitoring.

4. Security orchestration and automation: Focuses on leveraging machines to help prioritise and drive process standardisation for cybersecurity operations.

It can be tough to find a suitable candidate with the right combination of skills, certifications (depending on your industry), and experience. The practitioners that have the opportunity to raise skill levels and deploy creative solutions are sought out by some of the world's top employers who can afford to offer higher pay and other benefits, making it hard for smaller organisations to compete. This also leaves these smaller organisations struggling to fill available roles due to budget and resource constraints.

But it's also the case that employer expectations may be unrealistic. Although numerous data and stats show the scarcity of skilled workforce in the cybersecurity industry, the hiring process is also to blame. Hiring managers and recruiters often miss collaborative opportunities to set realistic expectations, understand the technical discipline required, and post job descriptions that are tailored to suitable candidates.

Organisations should consider the skills gained through the personal pursuits and not only the years of professional experience. Furthermore, organisations prefer candidates with experience over potential and this is not scalable for our industry.

What will be the repercussions from the talent shortage? Open roles affect team members who are already at the organisation. As the complexity of cyberattacks increases, the complexity of deploying, configuring, and managing security solutions increases too.

These security solutions create multiple alerts, and if not tuned properly will flood teams with false positives and cause what we call 'alert fatigue'.

Alert fatigue is when team or member who is already stretched thin may not be able to handle the influx of alerts and is likely to experience team members' burnout. Those burned out security practitioners will likely make more mistakes. In this way, organisations suffer at the hands of the very problem they created.

So how do we combat the cybersecurity skills crisis?

Today, the crisis affects over 57% of organisations. It's challenging to fill the workforce shortage without organisations changing their hiring strategy. The sizeable ones should look for alternatives.

For instance, a cybersecurity team member can provide guidance and help develop a robust cybersecurity program. Hiring managers can focus on assessing aptitude rather than exclusively testing skills. Some vendors might even offer interested candidates the opportunity to learn and receive mentorship outside of the workplace and provide continued education to new team members.

Organisations ready to take major steps toward filling open cybersecurity roles should:

1. Encourage cybersecurity education and provide required certification courses to support professionals at all job levels.

2. Eliminate pay gaps and provide more flexible working conditions.

3. Diversify management and hiring team practices for providing essential guidance to interested candidates.

4. Promote and encourage women, minorities, and under-represented groups who have the required qualifications for leadership roles.

5. Implement cybersecurity automation to help refocus human efforts and reduce the daily workload.

Read 1330 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments