Technology’s role in the cyber skills shortage

Cybersecurity is now reported to be the most sought-after technology skill in the UK. There’s insufficient new blood coming into the industry, with an annual shortfall of 14,000, according to a DCMS (Department for Culture, Media and Sport) report, and a brain drain at the top, as experienced professionals either retire or seek pastures new. So how did we get to this point? Has technology become part of the problem rather than the solution and is there a way for it to help solve the skills shortage?

The annual exodus usually sees around 4-7,000 exit the profession but the reality is that we’re now seeing many more become disillusioned and join the ‘Great Resignation’ post-pandemic. A key cause of this is the technology they use to do their jobs. Cybersecurity professionals now need to monitor security stacks comprised of multiple proprietary point solutions. In order to do so, they’ll have had to learn how those work, so now have non-transferable skills, and the solutions themselves often generate high false positive rates, leading to alert fatigue. Altogether this is resulting in burnout rates, with research from VMWare revealing that over half feel extremely stressed leading to 65% of them considering quitting. 

Old and new expertise

 

From a technology perspective, the exodus means a loss of experience and less of those around who know how these systems work. This is particularly true for legacy systems, for example, mainframes are still used for mission critical processes in sectors such as banking, telecoms and retail, with IBM revealing 67 out of out of the Fortune 100 rely on them. The likelihood is that these systems will continue in operation for at least another decade while these businesses digitally transform yet those with the skills to maintain them are diminishing. 

At the other end of the spectrum, we find there are not enough people skilled in emerging disciplines, such as cloud, AIOps (artificial intelligence for IT operations) which covers data analytics, machine learning and artificial intelligence, and DevSecOps (development and security operations). According to a recent ISACA survey of technology professionals,48 percent think there is insufficient investment in training to navigate the changing technology landscape, while an ISSA survey found nearly a quarter were not receiving the 40 hours plus training per year needed to maintain and advance their skillsets.

The repercussions for the enterprise are only just beginning to be felt. It’s becoming increasingly difficult to manage existing infrastructures but it will also be very difficult to move forwards and to adopt new technology. This effectively puts businesses in a state of limbo which will likely be exacerbated by the current economic conditions. But it could also make them more vulnerable. Attackers, funded by organised crime and nation states, will not be disadvantaged in the same way, meaning they are well positioned to exploit any slip in security. Indeed, a survey by the World Economic Forum found 60% think the skills shortage will compromise the security team’s ability to respond to a security incident.

Tech as an enabler

 

Automation in the form of machine learning is now beginning to make an impact and the hope is it will help to alleviate workloads. We’re seeing continuous monitoring solutions emerge in a number of different fields, from Cloud Security Posture Management (CSPM) for the cloud to Continuous Automated Red Teaming (CART) for security testing and compliance, for example. 

In theory, these solutions should help by automating the mundane, freeing up professionals to use their intuition and giving them the time to learn new skillsets. At this moment in time its clear that that is not happening. Despite the investment in cybersecurity solutions, 82% of those questioned in the ISSA survey found their existing job requirements were preventing them from developing their skills so clearly there are still very high workloads that are acting as a barrier to progression.

We can also expect some convergence in the security space as solutions combine and prioritise third party integration and open standards. This should help to whittle down the security stack which currently averages between 20-70 point security solutions within medium to large organisations. Not only will this result in less systems to monitor but it should help modernise things so that professionals also stand to benefit from transferable skills which they can then use when they switch employers. 

 

From a recruitment perspective, technology is helping to focus hirers on more than just certifications. There’s now a growing appreciation for soft skills and problem solving, making aptitude tests and video interviews now part and parcel of the recruitment process. But we have some way to go yet in reaching raw talent and convincing them to apply. Somewhat shockingly, a a survey of Generation Z (16-24) candidates revealed almost half thought the subjects they studied at school would preclude them from entering the profession even though they were interested in doing so.

Thus far it’s clear that technology has been focused on improving the security posture of the organisation but often at the expense of the workforce. Recruitment processes have been too narrowly focused with employers asking for too much experience. And candidates are either disillusioned or feel dismissed. Going forward, the hope is that technology will help to correct these issues and become the enabler that allows people’s careers to thrive and through automation will do the heavy lifting, encouraging them to remain in the sector.

Jamal Elmellas

Jamal Elmellas is Chief Operating Officer for Focus-on-Security, the cyber security recruitment agency, where he oversees selection and recruitment services. He previously founded and was CTO of a successful security consultancy where he delivered secure ICT services for government and private sector organisations. Jamal has almost 20 years’ experience in the field and is an ex CLAS consultant, Cisco and Checkpoint certified practitioner.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...