How do you fill 4.5 million cybersecurity jobs – the number that the IT industry will need to protect itself by the end of the decade? If you’re an IT giant like Cisco, you set aside $10 million to fund a training program for qualified candidates that provides courses, mentoring, and certification in Cyber-Ops, equipping them with the skills needed to defend the business.
CEOs across the globe were telling Cisco that their ability to innovate was hampered by their security concerns in the digital world, according to Cisco Services VP Jeanne Beliveau-Dunn. Cisco’s program, said Beliveau-Dunn, is just a start to addressing the current talent shortage.
That’s great if, like Cisco, you have $10 million to spend on training people. Unfortunately, not all of us are that lucky. The competition for qualified workers is already out of hand, with average salaries topping $150,000 for new hires.
How this situation came about is subject to debate. The proliferation of cyber-crooks and a failure of academia to keep up with industry trends (according to a recent study, only a handful of the 50 top university computer science programs in the US require that students take even one cybersecurity course) are most likely the leading culprits. But there’s time enough to play the blame game; for many organizations — enterprises, hospitals, municipalities, and anyone else with a large operations center to staff and a small budget to do it with — the urgent question is how they can find the qualified personnel they need to protect themselves from cyber-attacks, even if they don’t have $10 million to invest.
Fortunately, there are a few options:
1. Cyber internships: As word spreads among college students that cybersecurity is the IT industry of the future, more of them have expressed interest in developing cybersecurity skills – but many don’t have ways to learn those skills because their college or university doesn’t offer the appropriate courses or skills training. By offering that training, companies can acquire cyber-battle “foot soldiers” who can take over some basic tasks (checking out logs, installing patches, etc.), freeing up more experienced personnel for more important tasks.
2. Software boosts: Fortunately, there are automated solutions that are making it easier for security teams to do their jobs. The biggest bottleneck in security operations today is understanding the many alerts that surface each day and investigating suspected breaches. A new generation of solutions is automating the complex investigation process and presenting the results visually so that less experienced security analysts can respond. They collect data needed for investigation automatically, to save time on routine, manual tasks. Automating cyber investigations can go a long way towards closing the personnel gap.
3. In-house training: Companies that cannot afford to hire top-flight cybersecurity staff must develop ways to upgrade the skills of the staff they already have. Fortunately, there are lots of people out there who are happy to help, via professional seminars and conferences, certification courses in the cybersecurity software or systems the company uses, strategy consultation with experts, and training in new products. Guiding the effort should be an experienced manager who can allocate resources and training, evaluating the talents of each staff member and deciding what skills they need to acquire.
There is, of course, a risk in doing this: A newly trained cybersecurity expert could just pick up and move on to a better paying job (Heaven knows there are plenty of them out there). But as word spreads about what the company is doing, other top-flight, ambitious personnel who appreciate the opportunity to develop new skills will show up to replace departing workers – and the cycle can start again.
Obviously, there’s nothing like hiring a top cybersecurity grad to head a defense effort – if you can find one, that is (forget about being to afford one!). An approach that leverages some of these ideas may not be as good as a Cisco certification program, but it will hopefully keep organizations safe as the world catches up and begins bridging the void between cybersecurity needs and talent.
Shai Morag is CEO and cofounder of SECDO.