By Sandra Wheatley | May 27, 2020
The cybersecurity skills gap continues to pose challenges for organizations of all sizes and across all industries and changes to the economy as a result of the COVID-19 pandemic are compounding the skills gap. As the concept of remote work becomes the norm and infrastructures become more distributed, the need for IT professionals that have timely security skills and knowledge will only grow.
In addition to full-time teleworking strategies changing how organizations manage security, there is another factor that has consistently been a significant driver behind the widening skills gap: digital innovation. As organizations adopt new technologies to stay competitive and ensure business continuity, their attack surface expands, opening the door for cybercriminals to exploit network environments. This potential for attack has resulted in a more substantial need for specialized security talent. But as the number of cybersecurity professionals remains stagnant, the demand for their expertise to address new segments of the distributed network continues to grow.
Understanding the Widespread Impact of the Cybersecurity Skills Gap
Fortinet recently commissioned a report highlighting survey findings conducted by MaritzCX that surveyed individuals responsible for cybersecurity at their organizations. The goal was to understand the true extent and impact of the skills gap. This Fortinet report sheds light not only on the challenges faced by those employees who are directly affected by this issue, but also on what can – and should – be done to address the skills gap.
This Fortinet report highlights the following three trends.
All Types of Organizations Are Impacted
Respondents to this survey reiterated a widely known truth about the cybersecurity skills gap: this issue affects organizations everywhere. 68% of respondents reported that their companies struggle to recruit, hire, and retain cybersecurity talent. This issue is even more severe in Canada, where 78% said that their organizations were facing these challenges. When considering that 76% of respondents noted that a lack of skilled security professionals is creating new risks across their organizations, it is clear that the skills gap is more than just a theoretical issue.
Approximately 73% of respondents reported having at least one intrusion or breach in their organization over the past year as a direct result of the shortage of skilled security professionals, and 47% noted having as many as three in the past 12 months. Without a fully built-out security team, organizations run the risk of losing customer data, private company information, or trade secrets.
According to respondents, security architects and cloud security architects are among the most challenging job roles to fill. This is likely due to the high demand for such individuals as the networks of most organizations are increasing complex due to things like operating dynamic clouds, and the prioritization of the security of these environments. However, security administrators, an entry-level position, also fall within the top three most difficult roles to fill. To combat this challenge, organizations heavily promote roles like this on job sites and focus on retention by offering high salaries, maximizing opportunities for advancement, and providing a healthy work culture.
Organizations Recognize the Value of Security Certifications
The data highlighted in this report illustrates the need for organizations to go beyond traditional means of recruiting talent to fill security roles. This includes employers highly regarding individuals with technology-focused certifications as they recognize that such certifications demonstrate knowledge and expertise in various cybersecurity concepts.
These certifications also provide value to those already within security roles, with 81% of respondents having earned certifications themselves, and 85% reported to have others on their teams that are certified. This value is further exemplified by the fact that 94% stated that their certifications helped to better prepare them for their current roles. Considering these responses, it is no surprise that most organizations (82% of respondents) prefer to hire candidates that have certifications that validate their awareness and knowledge of cybersecurity.
The cybersecurity field is one that is continually changing, and certifications are a valuable way to keep up with the evolving threat landscape, as well as enable those without a technical background to obtain training so they can transition into a career in cybersecurity. Certifications can also build on the value of collegiate studies by helping professionals update their cybersecurity knowledge each time they choose to renew. They can also help non-traditional candidates transition into a cybersecurity career by providing the knowledge they need to succeed in a variety of entry-level roles. By stressing the value of certifications, organizations can expand their talent pool to cover non-traditional candidates, degreed professionals from other fields, and other groups that may have not been considered in the past.
Veterans Play a Critical Role in Closing the Skills Gap
Upon leaving active duty, military service members can provide significant value to the cybersecurity field with the skills and traits they further developed throughout their years of service that complement the industry. The Fortinet report found that most organizations recognize this value, with 57% of U.S. respondents noting that their cybersecurity team had hired at least one veteran. While the roles of veterans vary, almost half (45%) transitioned into their civilian careers by starting as security administrators or SOC specialists.
Outside the realm of entry-level positions, 43% of U.S. respondents stated that at least one C-suite executive at their organization is a veteran or is married to one – a majority (80%) that fall within this category have or had worked for their company for at least five years. These workers typically demonstrate a strong work ethic, attention to detail, and are successful in fast-paced, high-stress environments, as noted by their colleagues (40%).
Despite the presence of veterans in cybersecurity roles and executive management positions, only 49% of U.S. respondents reported that their organizations have a hiring program specific to veterans, and only 22% have one specific to military spouses. Because veterans and their spouses can play a vital a role in closing the cybersecurity skills gap, organizations have an opportunity to do more to recruit them to fill critical roles. To get the most out of what these individuals have to offer, organizations should invest in the appropriate resources to fully leverage their specialized skill sets – this includes training programs and specific hiring processes.
Addressing the Talent Shortage Takes a Village
The cybersecurity skills gap is very real, impacting organizations in a way that can increase the potential for data breaches and network intrusions. This Fortinet report not only demonstrates the reality of the talent shortage, but also reveals what organizations can do to build out and strengthen their teams. By emphasizing the importance of certifications for both new hires and current team members, including hiring veterans to fill critical roles, companies across industries can bolster their security strategies while also helping to bridge the skills gap. Fortinet’s Network Security Expert (NSE) Institute consist of the NSE certification and training program and Fortinet Veterans (FortiVet) program to do just that.
Additionally, partnerships across businesses, government, academia, and NGOs is very critical to close the skills gap. Recognizing the import role both the private and public sectors play, at Fortinet we’ve focused on building strategic partnerships with organization such as the World Economic Forum as a founding partner of its Centre for Cybersecurity, as well as with the Global Threat Alliance, CompTIA and multiple university research programs to address the talent shortage. As both a technology company and a learning organization, Fortinet is committed to solving the skills shortage that plagues our industry through our NSE Institute programs and partnerships.
Find out more about Fortinet’s NSE Institute programs, including the Network Security Expert program, Network Security Academy program and FortiVet program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.
