The cybersecurity industry is facing an increasingly widening skills gap that has left many organizations even more vulnerable to breaches. According to a recent Fortinet-commissioned study, conducted by MaritzCX, 73% of respondents reported having had at least one intrusion or breach over the past year that can be directly attributed to a shortage in available cybersecurity talent. And as infrastructures become even more distributed amidst the COVID-19 pandemic, with a large percentage of the workforce now working from home, governments and businesses must work to close the skills gap to effectively secure these networks.
There are only so many seasoned professionals who can immediately offer the depth and breadth of experience that are so essential to so many businesses. As a result, organizations must reframe their expectations around hiring and instead make significant investments into ongoing learning and development initiatives. Time and effort must be dedicated to eliminating barriers to entry and improving internal training programs to build the actionable skills that are needed to protect organizations from sophisticated cyber threats.
Core Challenges in Cybersecurity Hiring
The challenges and industry-wide perceptions that have led to the cybersecurity skills gap are multifaceted. Most industry professionals point to a mismatch in the company’s legitimate needs and the desired skills listed in job postings, combined with a lack of investment into training and certifications after an employee has been onboarded.
They also highlight a lack of open-mindedness when considering candidates whose soft skills – such as attention to detail, autonomy, or ability to cope under pressure – may make them incredibly well-suited to the role after technical training is completed.
The Fortinet survey identified several roles that are particularly difficult for businesses to fill due to the depth of knowledge and expertise required. Most commonly cited was the role of cloud security architect, which is unsurprising due to the fact that 85% of companies now operate across a multi-cloud infrastructure and are urgently in need of experienced professionals to secure their cloud-based networks. And at the same time, few security professionals have had the time to develop this hybrid skill set.
Security architect roles were second most frequently cited, likely for the same reason, followed by more commoditized, entry-level roles, such as security administrator, SOC specialist, and compliance specialist.
Recruiting Untapped Candidates to Fill the Gap
In the Fortinet report, 68% of respondents stated that their organizations struggle to recruit, hire, and retain cybersecurity talent. And the challenge is daunting. A study recently conducted by (ISC)2 found that in order to fully address the current skills shortage, 4.07 million workers would need to be added to the talent pool that only currently possesses 2.8 million professionals. To address these challenges and find the right individuals to build out their security teams, organizations must reframe their ways of thinking.
Many of the best candidates for cybersecurity roles may not be immediately obvious based on their resume alone. With this in mind, organizations should prioritize more than just hard skills and years of hands-on experience with a particular technology stack. Especially when filling entry-level positions, hiring managers must keep an open mind to individuals who may possess the right temperament and soft skills needed to succeed after receiving the proper training, especially given that security professionals often have to fill the roles of technologist and security evangelist within an organization.
Military veterans are a particularly suitable talent pool for organizations looking to fill cybersecurity roles, especially considering the training in both conventional and cyber warfare these individuals have received. These individuals often possess a background and skill set that instills strong leadership skills and often, the rare ability to function well under stress—a critical skill for today’s cybersecurity professionals facing down cyber attacks at machine speeds. Survey respondents also noted a strong work ethic, attention to detail, and a no-quit attitude when discussing their veteran colleagues.
Fortinet Initiatives to Address the Cybersecurity Skills Shortage
Findings from the report demonstrate that one solution to the cybersecurity skills gap is to actively engage in employee development initiatives, whether that means sponsoring certification programs or investing time and resources into more comprehensive employee training and onboarding. Doing so will also improve retention: Employees who feel supported and engaged in their career development are less likely to burn out and more likely to display strong leadership when called upon, even providing training and support to other new hires down the road.
The report notes that 82% of organizations prefer to hire candidates with certifications, and that 94% of cybersecurity professionals believe that their certifications have better prepared them for their current role. In 2015, Fortinet established the Network Security Expert (NSE) Institute, comprised of the Fortinet Network Security Academy (FNSA) program, the Fortinet Veterans (FortiVet) program, and the NSE training and certification program, to help address the widening skills gap through training of IT professionals, students, veterans and more. To date, the NSE training and certification program has issued more than 400,000 Network Security Expert certifications.
Final Thoughts
The impact of the cybersecurity skills gap is felt by most, affecting all types of organizations and their security teams. In terms of recruiting talent, hiring managers must not limit their pool of candidates to the traditional set of experienced professionals and students. Instead, they should look to those with easily transferable skills that are willing to learn and keep up with the latest trends in cybersecurity.
Find out more about Fortinet’s NSE Institute programs, including the Network Security Expert program, Network Security Academy program and FortiVet program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.