I’ve seen dozens of 2016 information technology and security predictions over the past few weeks – ranging from possible to probable to occurring. Many center around 2016 becoming the year of IoT attacks and the cyber criminal’s ever-evolving arsenal of exploits. Regardless of whether any of these 2016 predictions are realized, a highly probable concern for 2016 is the widening cybersecurity skills shortage.
In 2015 we saw high profile attacks on organizations such as OPM, JP Morgan, and Anthem and thousands of other less high profile attacks. During this time we also saw unprecedented demand for cybersecurity professionals. A Stanford University study estimated 209,000 unfilled cybersecurity jobs in the U.S., up 74% over the past 5 years. Cisco warns that the worldwide shortage of cybersecurity professionals has exceeded 1 million. The Bureau of Labor Statistics expects the demand for cybersecurity professionals to grow by 53% by 2018.
As we move in to 2016 we will continue to see the demand for cybersecurity professionals outpace the supply. This cybersecurity workforce shortage will lead to increased exploits of organization’s networks and data, many of which could be prevented with common security practices. There just aren’t enough cybersecurity staff to implement, maintain, and monitor the organization’s security protections. It’s easy to see that gaps in cybersecurity workforce = gaps in enterprise security.
Why aren’t more people pursuing cybersecurity careers? Especially since U.S. News and World Report ranked a career in information security eighth on its list of the 100 best jobs for 2015. It’s likely due to poor communication of the types of cybersecurity careers available and paths to pursue them. When many people think of cybersecurity careers they think of the hardcore technical roles that require in-depth computer science and programming skills. However, many of the positions in demand span a breadth of technical and non-technical capabilities. Cybersecurity roles extend beyond the core technology aspects of security to include risk, legal, business, and other non-technical cybersecurity needs. Many people moving into cybersecurity careers have diverse backgrounds including law enforcement, psychology, legal, game development, and management to name a few. Skillsets for those seeking careers in cybersecurity include excellent written and verbal communications, problem solving skills, creative thinking, adaptability, leadership, and mentorship ability. Due to the ever-evolving nature of technology and security, cybersecurity professionals should also have a passion for continued learning and possess strong self-learning skills.
For those interested in pursuing a cybersecurity career, I suggest that you first build a foundation of knowledge through education and certification. There are a number of universities that offer undergraduate and graduate programs in cybersecurity. The University of Virginia’s School of Continuing and Professional Studies offers a Certificate in Cybersecurity Management – an online, part-time, 6 course, graduate level certificate for those interested in the strategy, policy, assessment, ethics, legal, and regulatory aspects of cybersecurity. There are also a number of commercial companies that offer cybersecurity certification including ISC2, EC-Council, and SANS.
Let’s make 2016 the year we start closing the cybersecurity workforce shortage. I am happy to speak with anyone interested in pursuing a career in cybersecurity to provide advice and guidance on your career path. Please feel free to reach out to me and have a happy and secure new year!