Across the Information Technology (IT) industry as a whole there is a significant skills gap that has existed for many years, but this is becoming even more significant when it comes to the cybersecurity subsection. However, as data becomes increasingly valuable, and an increasingly more attractive target for cybercriminals, and data protection regulations more and more stringent, this is one area that needs to be addressed as a matter of priority. This will require both time and investment and there is no easy fix.
Why the gap?
One of the reasons for this skills gap is that cybersecurity is a highly specialised field that touches all areas of IT, which means that it requires a significant level of skill and experience across multiple areas to reach proficiency. Cybersecurity touches not only data but also hardware, networking, operating systems, applications and more, and requires an understanding and ability to script and code.
There is also no linear path to becoming a specialist in cybersecurity, but it is a highly technical and complex career path that requires solid foundations in all areas of IT and certifications across many of these areas. It is also constantly evolving, which requires a mindset of continuous learning.
Experience is key
Cybersecurity is also an area where a theoretical knowledge can only get a person so far. The true value comes from experience, which is difficult to obtain in the real world. There is a conundrum where we need cybersecurity professionals, and we need them to have skills and experience, but allowing them to learn and make the mistakes necessary to get this experience could be detrimental.
The challenge for many cybersecurity professionals is that it takes time to pass their knowledge on, and letting people learn under supervision takes longer than simply solving the problem. Addressing this problem will require significant investment in both time and effort. Organisations that specialise in cybersecurity need to find creative ways of helping to build out skills and experience to address this widening gap. This also needs to involve a significant mentorship component to allow people to gain the experience they need in a safer environment.
Access to a pool of skills
When it comes to accessing cybersecurity skills, it is often more beneficial to outsource this service, rather than trying to maintain it in-house. Not only are skilled cybersecurity professionals scarce (which also means expensive) they are also difficult to retain and tend to specialise in certain areas rather than generally across the very wide field.
Outsourcing cybersecurity generally results in better security posture because you can access a broad pool of skills and specialists across many areas. In addition, these outsourced partners are in a better position to be the mentors and teachers needed to help address the skills gap, which will eventually contribute to an even wider and growing pool of skills.
Nobody can afford to get cybersecurity wrong, and we need to focus on growing the skills pool. For businesses, an outsource provider can deliver enhanced security and reduce risk. For those looking to enter this field, working with a cybersecurity outsource provider can help with access to learning and mentorship needed to enter this dynamic, complex and highly technical field.
By Simeon Tassev, MD & QSA at Galix Networking