A deepdive analysis into the current state of the cybersecurity workforce was provided by (ISC)2 during day one of the Cloud & Cyber Security Expo at ExCel, London, UK.
Chris Green, head of communications, EMEA, at (ISC)2, provided detailed insights into the accreditation body’s 2021 Cybersecurity Workforce Study, going beyond the headline findings. Green began by noting that the latest survey, which included 4753 individuals responsible for cybersecurity at their organization, took place during “arguably one of the most challenging times for the sector.” This is because the COVID-19 pandemic drove a “drastic and lasting digitization of society, and cybersecurity operated very much at the heart of this.”
Looking at cybersecurity professionals’ qualifications, Green revealed that under half (48%) have a post-graduate qualification, meaning the majority hold a BA or less. He noted this statistic highlighted the “increased non-education routes into cybersecurity.”
Generation x and boomer generations continued to represent a significant majority of the cybersecurity workforce, with generation z and millennials comprising just 39% of respondents. In fact, “the number of younger professionals coming into the sector is declining,” a fact Green described as “concerning.”
The study also revealed the changing pathways into the sector. In the latest report, under half (47%) of cybersecurity professionals entered the industry from a background in IT, and an increasing variety of entry points emerged. For example, over half of respondents entered the sector from a background unrelated to IT, including legal, sales and marketing. This demonstrates the need for cybersecurity to enable “non-conventional hiring practices,” according to Green.
An interesting variation in salaries between different regions was observed in the report. For example, the average cybersecurity salary for workers in North America was $119,898 per annum, for the US alone, it was $90,900 and for Europe, $78,618. Green highlighted that respondents holding at least one cybersecurity certification earned an average of $33,000 per annum more.
In regard to the well-publicized cyber skills gap, there remains a shortage of 2.72 million, although this is a significant improvement on 2021 (3.12 million), according to (ISC)2’s analysis. With a current active workforce of 4.1 million worldwide, there is a need to grow the profession by 65% to meet demand, meaning this remains a daunting task.
The shortage of skilled workers appears is having major implications for organizations’ security. Over two-thirds of respondents admitted there is a cybersecurity workforce shortage at their organization. Of these, a high proportion outlined security risks that could be tackled with a fully-fledged team. For example, nearly a third (32%) said they could prevent misconfigured systems with a fully staffed workforce, while 30% would have adequate time for risk management.
When asked about the biggest challenges they faced as a result of the cyber skills shortage, by far the biggest one listed by the respondents was development and retention of staff (42%), followed by recruitment and onboarding (31%) and development of future staff (23%).
Green then moved on to people investment plans organizations have, highlighting three prominent areas. These were: providing more flexible working conditions (33%), hiring for attitude and aptitude, train for technical skills (28%) and establishing a mentoring program (26%). Green said this highlights that “organizations are realizing they need to provide more opportunities for a mobile workforce.”
The survey also revealed a growing appreciation of the importance of non-technical attributes in cybersecurity teams. These include problem-solving skills (38%), curiosity and willingness to learn (32%) and communication skills (32%). Regarding the latter, Green noted that one of the biggest challenges cybersecurity teams have “is around the ability to communicate, particularly upwards to the c-suite.” In particular, “making them aware of the gravity of the situation” in respect of cyber-threats.
Finally, Green highlighted positive changes for cybersecurity professionals that have emerged from the pandemic period. These include improved workplace flexibility (58%) and interestingly, bringing teams closer together by establishing feelings of a common mission (23%).