The cyber security skills shortage and what organisations can do to help improve the situation

The shortage of skilled cyber security professionals is a well-known issue in the industry, but what is being done about it? At the moment, there are initiatives like the UK Cyber Security Challenge being put in place to increase the number of professionals, but much more can be done elsewhere.

Organisations that are suffering first-hand from the shortage need to take matters into their own hands and avoid waiting for the education system to catch up with today’s demand.

The current state of the situation

According to ESG Research, 25% of enterprise and mid-market organisations claim that they have a “problematic shortage” of IT security skills. Additionally, 42% of organisations that are planning to increase IT headcount in 2014 have said that they will hire IT security professionals.

It’s not surprising to see a large percentage of employers reveal their lack of skilled staff. It is surprising, however, to see that 39% of organisations have said that they lacked adequate staff, while 28% claimed that they lacked the adequate analysis skills. It’s now clear that many organisations are under-staffed and under-skilled.

How organisations can improve the situation

As I’ve previously stated, the educational system may take some time until it’s producing a sufficient number of security professionals. In the meantime, there are a couple of other options for organisations:

1. Hire within your organisation

Organisations that are struggling to find a suitable security professional are advised to look at their current staff.  An organisation that offers an attractive cyber security learning programme has the capacity to train current staff and turn them into the cyber professional they are searching for.

While skilled cyber security professionals are hard to find, a large portion of other IT positions are not. If you find a hard worker in the depths of IT department who is looking for a change, then don’t be surprised if they come knocking on your door enquiring about the cyber security training programme.

2. Offer the most attractive benefits

To find the best cyber security staff you have two options; pay the best or offer the most.

Organisations that:

  • offer a continuous training and education programme,
  • create clear job titles, defining responsibilities,
  • build IT security career paths, and
  • expose the security staff to the community of vendors and researchers

stand a much better chance of finding or creating the best security professionals.

Alan Calder, Founder and Executive Chairman of IT Governance says, “Organisations should change their mind-sets and not think of employee education as purely an expense, but as an investment in their company’s security.”

IT Governance’s Cyber Security Learning Pathway develops skills in cyber security strategy development, as well as the practical expertise required to implement plans effectively.