Demand for cybersecurity skills continues to surpass availability. Here’s how innovations and reskilling can both improve your security posture and support your IT workforce.
ARTICLE | 6m read
April 13, 2020
The pace of digital business is rapidly accelerating, and with it the escalating threat of cybercrime. With the global cost of cyber crime estimated to reach a staggering $6 trillion, IT departments everywhere face growing risk from threats like distributed denial of service (DDoS) attacks, ransomware, and credential theft. But as new threats intensify, many IT teams find their security infrastructure and processes are struggling to scale. This is driving organizations to increase investments in people and technology that mitigate cybersecurity threats.
But while the Bureau of Labor Statistics estimates there will be 31 percent more cyber security workers by 2029, today the demand for security skills is far outpacing the supply. That means organizations can’t simply hire their way out of their security skills shortfall. In this article, we’ll examine the current state of the cybersecurity jobs gap, and how organizations can use both reskilling programs and automation to meet security needs today and into the future.
To understand the high demand for cybersecurity skills, consider how much has changed in IT—especially in the last year. From a rapid increase in cloud migrations to a huge shift toward remote work, IT teams everywhere have been forced to adapt quickly to keep up with the changing needs of their organizations. However, the rapid expansion of technology and explosion of remote work has kept IT busy enough. They don’t have the capacity to adequately handle responsibilities ranging from regular security hygiene to the patching and forensics surrounding the latest zero-day threat. This explains why Deloitte identifies rapid IT changes and rising complexities as the number one cybersecurity challenge.
So while it’s no surprise cybersecurity is a thriving career path, there simply aren’t enough security experts to go around. The New York Times estimates there are 3.5 million unfilled cybersecurity positions globally, and less than 25 percent of cybersecurity job applicants are actually qualified for these critical jobs. This cybersecurity talent crunch means you need to find alternative (and innovative) ways to build your organization’s security talent and capabilities.
With the difficulty of recruiting, hiring, and onboarding new cybersecurity experts from a small talent pool, consider investing in retraining your workforce to organically grow needed cybersecurity skills. Besides avoiding a lengthy headhunting process, this also makes clear economic sense. According to the Harvard Business Review, it can cost six times as much to hire from the outside rather than build talent from within. In addition, focusing on retraining opens up career progression for your best employees—building their skills, morale, and loyalty to your organization.
Here are some leading practices to help design reskilling programs for and foster cybersecurity talent in your existing employees:
One concern about reskilling programs is where IT teams will find the time for training in their continually busy schedules. This is where security automation plays a critical role. By automating mundane security tasks like network monitoring and reporting incidents, IT can take back this time for reskilling while AI and machine learning technology flag any unusual activity for human attention. “As attackers get smarter, security needs to be agile while growing the tools in their arsenal, including leveraging automation,” said Citrix CISO Fermin Serna, “Machine learning can empower security teams with real-time insights into user behavior, helping IT stay one step ahead of threats and identify unusual activity before it turns into a costly breach."
MACHINE LEARNING CAN EMPOWER SECURITY TEAMS WITH REAL-TIME INSIGHTS INTO USER BEHAVIOR.
When you integrate automation into your security processes, it’s important to emphasize how these technologies will support your IT team rather than replace them. 81 percent of employees are worried about their jobs being taken by AI and algorithms, making them reluctant to hand over even their most boring work to automation. This in mind, don’t just tell your employees AI is going to free them up for more interesting work—train your employees for that interesting work so they feel empowered rather than nervous.
The future of cybersecurity will offer a myriad of mission-critical jobs, from help desk workers to digital forensics specialists to compliance experts. Each of these roles will require both regular training and specialized automation technology to be successful. By investing in security reskilling and automation across your organization, you can address your security needs today and empower your experts to drive optimal security outcomes for years to come.
Chief Security Officer, Citrix
As Chief Security Strategist for Citrix, Kurt Roemer leads security, compliance, risk and privacy strategies for Citrix products. As a member of the Citrix CTO and Strategy Office, Roemer drives ideation, innovation and technical direction for products and solutions that advance business productivity while ensuring information governance.