Security breaches are on the rise across all industries, with cybercriminals improving their playbooks and increasing the volume of attacks. As if trying to stay one step ahead of the enemy wasn’t enough, security leaders are also working to manage another risk: a skills shortage.
Organizations are finding it difficult to attract and retain security professionals – particularly those working in Security Operations Center (SOC) roles as these teams are overworked and face burnout. In fact, 65% of SOC professionals have considered quitting their job. Other security-focused positions that are in demand but difficult to fill are cloud security specialists, network security architects, and penetration testers.
Given the cybersecurity skills shortage, recruiting and retaining skilled professionals inevitably requires creative strategies from organizations looking to fill relevant roles. From leveraging untapped talent pools to finding opportunities for professionals to build and improve core technical skills, here are several ways we can work together to bridge the cybersecurity skills gap.
Provide ongoing training opportunities for existing security professionals
As companies of all sizes struggle to recruit qualified security professionals, executives inevitably worry about retaining the analysts they already have on staff. Providing your team members with opportunities to complete professional development and certification programs not only keeps their skills up-to-date, but it’s also a great way to improve the employee experience and job satisfaction. According to a study by the Society of Human Resource Management (SHRM) Research Institute, 86% of HR managers surveyed say that providing ongoing training helps retain employees.
There are many quality cybersecurity training and certification programs available. One example is the Fortinet Training Institute, which offers a variety of both self-directed and instructor-led training and multi-level certification programs for learners of all skill levels. Programs like these provide participants with the security, networking, and IT skills needed to advance in any role and at any point in their careers. For those just starting out in the industry, these programs provide a solid foundation to prepare learners for future success.
Recruit talent from untapped communities
With a cybersecurity workforce gap of 3.4 million people, companies cannot rely on filling vacancies only with “traditional” candidates – those with a four-year cybersecurity degree or those with equivalent work experience. Attracting new talent to the field is an essential component to addressing the skills shortage and offering accessible cyber training is a great way to recruit professionals looking for a career change.
Veterans are a great example of a talent pool that can be a tremendous asset to the cybersecurity industry. Fortinet recognizes that military members have many transferrable skills—such as leadership, communication, and attention to detail, to name a few—and is committed to helping veterans transition to a career in security. The Fortinet Veterans Program helps prepare veterans for cybersecurity roles by offering training and certification opportunities to develop the skills needed, mentoring and networking programs, and connecting these individuals with employer partners who are actively recruiting for cybersecurity roles.
Also, women make up just 24% of today’s cybersecurity workforce. But a wealth of data illustrates the many benefits of building diverse teams. For women looking to pursue a career in cybersecurity—or for those already working in the technology sector but interested in exploring security-focused roles—there are plenty of resources available to support this transition. Organizations like WiCyS offer members access to industry-leading training and certification programs, networking and mentoring programs, internships and full-time employment opportunities. And SANS Institute offers several educational programs for women interested in roles in cybersecurity, such as the accelerated Women’s Immersion Academy program and the New2Cyber curriculum, which teaches fundamental cyber skills.
Partner with and recruit from higher education institutions
As cyberattacks increase in scope and sophistication, and skills shortages continue to strain security teams, many colleges and universities are devoting more resources to creating or expanding cybersecurity-focused degree programs. Today, nearly 400 higher education institutions have received National Centers of Academic Excellence in Cybersecurity designations from the National Security Agency — a stark contrast to the 12 schools that achieved this by 2010.
Public and private sector organizations also have a role to play here and need to work with educational institutions to collectively build the cybersecurity forces of the future. For example, the Fortinet Academic Partner Program works with over 500 colleges and universities worldwide to integrate award-winning Fortinet Network Security Expert (NSE) training and certification courses into existing curriculum. Initiatives like these help students succeed by giving them the opportunity to earn industry-recognized certifications before they even start looking for a job.
To close the skills gap, you need to think outside the box
Cyber criminals are not going to slow down their operations anytime soon. Demand for cybersecurity talent will continue to grow, and competition between organizations for qualified professionals will only intensify. Our industry can work to close this skills gap in a number of ways, from implementing initiatives to retain existing team members—like offering ongoing professional development opportunities—to expanding the talent pools from which we typically recruit. As a result, we can quickly fill key roles, grow and advance our teams, and ultimately protect our organizations from a growing number of cyber threats.
Learn more about how the Fortinet Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification program, the Academic Partner program, and the Education Outreach program—are increasing access to training to bridge the cyber -Skills to close.
Copyright © 2023 IDG Communications, Inc.