It has been talked about for years, but the cyber security talent gap, or the ability to hire information security folks with any real expertise, is still massive. In a recent study it was taking some organizations over 6 months to fill a position. Couple that with the ever increasing rise in cyber crime, and it doesn’t look pretty.
I spoke on Cybersecurity Education a few years ago, and the numbers then showed we would have over 1,000,000 unfilled seats by 2019, and from other reports it looks like we are already there. We are seeing more, and more need for individuals that can perform key cybersecurity duties, and a greater lack of skilled candidates than anticipated.
When I spoke, I mentioned we needed to train people using techniques such as gamification, and now a report from McAfee is looking at bring gamers into the field. I think this is a good idea, but they have to want to make the jump. Cybersecurity is a lot of fun, but only for those who are passionate about it. Gamers may be more likely to enjoy it than others because they are used to having an active adversary they are competing against. I know I love it.
One thing that seems to have been lost in the talent gap is how do we retain talent. As an industry we really need to make sure our executives and HR teams understand that it is easier to train someone, than hire the perfect candidate. Offering competitive training and helping your own people to future proof their careers, is a way to keep your best, and most loyal employees, but also to differentiate your organization when you are trying to hire that ever, elusive candidate.
To end with some good news, it is only taking organizations 101 days to discover an incident , down from 416 days in 2011. I mean, it isn’t great but we take any win we can.
