via Dark Reading
The Organisation for Economic Co-operation and Development (OECD), in partnership with Microsoft, recently released an extensive report analyzing over 400 million online job postings from January 2012 to June 2022 to better understand cybersecurity workforce supply and demand. Centered around insights from Australia, Canada, New Zealand, the UK, and the US, the report comes amid a backdrop of growing worker shortages and increased cyberattacks.
Cybersecurity failures are among the top 10 risks that have worsened the most since the pandemic. These failures have put more pressure on security teams and have caused the overall demand for skilled cybersecurity workers to outpace the current supply. (ISC)2 estimates that we have a worldwide shortage of 3.4 million cybersecurity workers, with nearly 70% of organizations dealing with a worker shortage.
If organizations want to overcome this hurdle, they’ll need to come together with policymakers and educators to create a series of sweeping changes that empower current and future cybersecurity workers.
The OECD’s report reveals a number of insights into the most in-demand skills over the past decade. These include skill sets throughout cloud security, cybersecurity frameworks, and threat assessment. By examining these dynamics, companies can better measure their current needs against existing education and training programs to determine where gaps exist. However, this also means that companies will need to partner closely with educators and policymakers to create a sustainable talent pipeline that’s equipped to meet the cybersecurity needs of tomorrow.
Based on the findings laid out in the report, here are three ways that the private and public sectors can work together to expand educational opportunities and create a more skilled cybersecurity workforce:
- Offer multiple career pathways within cybersecurity training: Formal and informal cybersecurity training should be offered at various levels for a broad range of job roles in both long- and short-course formats. Additionally, organizations must work to establish clear progression pathways between training programs.
- Close the workforce gap with skills-based recruitment and formal education: Cybersecurity skills are evolving quickly. Many types of education are relevant, including community and technical college programs, as well as skills-based certifications. Formal education is not the only path. Recruiting workers based on acquired skills can close the cybersecurity workforce gap by reducing entry barriers for young people and people with less experience. Investing in mentorship and curriculum co-design programs to meet the demand for cybersecurity skills beyond the technology sector also is worthwhile.
- Build basic digital skills first: Digital skills are the foundation for cybersecurity skills. People of all ages, especially the most disadvantaged, need opportunities to develop essential online knowledge. For example, before engaging in cybersecurity-specific training, workers should first have a basic understanding of cloud computing. By embedding cybersecurity best practices throughout the organization and making cybersecurity the responsibility of all, organizations can raise the bar for defense across the board.
How Diversity Can Help Fuel Cybersecurity
In addition to insights around highly sought-after skill sets and job titles, OECD’s report also reveals that demand for cybersecurity professionals has spread beyond the confines of major urban centers. It calls for a more decentralized workforce to meet demand in underserved areas.
This landscape creates an opportunity for employees from more diverse professional backgrounds to break into the cybersecurity field. If companies are to close the skills gap and meet the current demand for cybersecurity workers, they will need to broaden their horizons to account for more nontraditional cybersecurity career paths. In doing so, they will enhance the industry with a broader range of unique experiences and life skills.
Recruiting more diverse candidates also allows companies to approach security challenges from different angles and identify solutions that may not have been considered otherwise. When a workforce is as diverse as the cybersecurity threats an organization faces, it can pull from a broader range of professional and personal experiences to more effectively and inclusively protect themselves and their end users. Additionally, weaving diversity throughout the recruiting and retention process helps ensure that security measures are effective for all users — regardless of their backgrounds or abilities.
The challenges facing the cybersecurity sector are steep, but with the right collaboration among employers, educators, and policymakers, we can come together to create a more secure environment for all.