We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
As the massive shortage of security talent and skills continues, sub-par recruitment processes and outdated training for cybersecurity professionals are exacerbating the problem, according to a new survey. If hiring and training processes are adjusted, however, retention of workers and the availability of crucial cyber skills can both be improved, said Adi Dar, founder and CEO of security skills development platform provider Cyberbit, which conducted the survey.
In the U.S. alone, job tracker Cyber Seek estimates that there are currently about 460,000 openings in cybersecurity — and these positions take an average of 21% longer to fill than other IT roles.
The SOC Skills Survey from Cyberbit gathered responses from 100 cybersecurity professionals, in 17 countries, from organizations with a security operations center (SOC) team larger than five and an IT budget of more than $20 million.
The survey found that on-the-job training is the main technique used to get SOC team members up to speed, with 41% of respondents saying that was how they were taught. The main training technique for 26% of respondents was courses, while simulation-based training — such as cyber labs, cyber ranges, or red vs. blue training — is used by just 22%, according to the survey.
In the high-stakes realm of cybersecurity, “on-the-job training is really not the way to go,” Dar said. “On-the-job training means that the first time you see ransomware is when it hits you.” The Ra’anana, Israel-based company offers a cyber range that simulates attacks and cyber labs tools that help develop hands-on security skills.
Many cybersecurity professionals also reported that they don’t feel prepared for key aspects of incident response. In the area of intrusion detection, only 45% of respondents said they felt their team was adequately skilled, while in network monitoring, only 42% reported feeling their team was prepared.
Recruitment of security professionals is another weak spot, according to the survey. Just 33% of respondent reported that human resources recruiters for their company usually or always understand the requirements for working on a cybersecurity team. Additionally, 70% of respondents said that cybersecurity candidates are being assessed in the same way as other workers — through interviews — rather than using available tools to assess their practical skills.
“HR is following the traditional way of hiring,” Dar said. “But what the industry needs is to hire people based on their hands-on experience. You need to assess people based on their capabilities.”
Taking these issues together, many hires of cybersecurity workers end up being mis-hires, leading to low retainment and more open jobs, he said.
Ultimately, Dar said, “we must change the balance between the continuous investment in technologies and tools and the almost non-existent budgets that are invested in the cyber teams.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.