The global IT security skills shortage has now surpassed four million, according to (ISC)2

In the United States alone, current estimates suggest a shortage of cyber security employees of 1.8 million by 2022.  Indeed, their recent survey of the job market for cyber security professionals reveals that most countries need significant increases and sustained improvements in their cyber security workforces.

The certifications organisation compiled its latest Cybersecurity Workforce Study from interviews with over 3200 security professionals around the world. The (ISC)2 data indicates a necessary cybersecurity workforce increase of 145%.

The study provides  insights and strategies for building and growing strong cybersecurity teams as many organisations struggle with a proliferation of attacks by hackers.

The report estimated the current global workforce at 2.93 million, including 289,000 in the UK and 805,000 in the US.

  • The number of unfilled positions now stands at 4.07 million professionals, up from 2.93 million this time last year.
  • This includes 561,000 in North America and a staggering 2.6 million short-fall in APAC.
  •  In the US market, the current cyber security workforce estimate is 804,700 and the shortage of skilled professionals is 498,480, requiring an increase of 62% to better defend US organizations.
  • The shortage of skilled workers in the industry in Europe has soared by more than 100% over the same period, from 142,000 to 291,000.

To tackle the problem in the the US the Dept of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), has awarded $2 million to an initiative that will build a national network of cyber security technical institutes.

The aim of new US cybersecurity technical institutes is to shrink the cyber security workforce shortage. 

Referring to cyber security workforce needs, the report found that “the majority of US critical infrastructure is owned and operated by private companies, making its cybersecurity workforce vital…. Also, the Federal government depends heavily on its cyber security workforce, supplemented by contractors.”

(ISC)2 Report stresses the need to attract new workers from other professions, or recent graduates with tangential degrees, as well as seasoned professionals from consulting and contracting sectors.

Organizations should look to strengthen from within by cross-training existing IT professionals where appropriate. The biggest role needs in security teams are, in fact, not what we would traditionally classify as cybersecurity roles, they’re cyber-enabled roles.

 A cyber-enabled employee should have an above-average understanding of cyber security, but does not need the breadth and depth of knowledge that a dedicated cybersecurity practitioner has.

Companies also need to invest in their workforce strategies and training. It’s important to create, tailor, and deliver upskilling solutions to employers based on their unique workforce requirements and roles. That means a need for modular, skill-focused education that allows employees to acquire new knowledge in shorter amounts of time without sacrificing work productivity.

Source: Cyber Security Intelligence