skills gap
// (ISC)²
C LO S I N G T H E
SKILLS GAP
(ISC)² STUDY REVEALS GLOBAL CYBERSECURITY WORKFORCE SHORTAGE TO REACH 1.8 MILLION AS THREATS LOOM LARGER AND STAKES RISE
T
he latest study from the Global Information Security Workforce Study (GISWS) calls for employers to look to new recruitment channels and consider workers with more diverse skillsets and non-technical backgrounds to attract and retain cybersecurity talent
UNDERSTANDING THE SKILLS GAP As far as I can remember, cybersecurity has long faced a gap between the supply and demand of professionals, leaving businesses, and by extension all of us, vulnerable to cyberattacks. Our research programme, the biennial Centre for Cyber Safety and Education’s Global Information Security Workforce Study (GISWS), has tracked the state of the workforce over the past 13 years. The most recent report – which surveyed over 19,000 professionals from the cybersecurity profession – revealed a widening chasm; a projected shortfall of 1.8 million cybersecurity workers worldwide by 2022, if current hiring trends continue. This is up 20% from the same figure projected in 2015’s report, with the issue directly leading to data breaches, and in turn impacting us as consumers. In the Middle East & Africa alone, 67% of respondents this year indicated that they felt their departments consisted of too few information security workers; with reasons for the workforce shortage ranging from a lack of qualified personnel (40%), business conditions can’t support additional personnel (45%) and requirements not being understood by leadership (50%), to security workers being too difficult to retain (30%) and there being no clear information security career path (39%). This month sees the third release of data from the Global Information Security Workforce Study 2017: Benchmarking Workforce Capacity and Response to Cyber Risk, which was conducted by Frost & Sullivan for the Centre for Cyber Safety and Education, with the support of (ISC)2, Booz Allen Hamilton and Alta Associates; offering up a deeper exploration of that growing cybersecurity skills gap and outlined recommendations to remedy this. Globally, it was revealed that data exposure was the top
// 4 / NETWORK MIDDLE EAST SECURITY SUPPLEMENT 2017 /
Adrian Davis, managing director, EMEA, (ISC)2
concern for those study participants, regardless of their geographic location. There were however, some regional discrepancies when considering other top-of-mind threats. Data exfiltration was a top worry in North America and Asia Pacific (APAC), but in Latin America (LATAM) and Europe, it was ransomware that was top of mind. While in the Middle East & Africa, the broad act of hacking was identified as a primary concern, suggesting professionals here are affected by a broad set of motivations and outcomes instead. This data clearly demonstrates that much work is yet to be done to secure businesses, government agencies and organisations of all sizes, and the critical importance of having a properly staffed, agile and reactive workforce.
HIRING ON THE RISE Globally, a third of hiring managers are planning to increase the size of their departments by 15% or more. But for the Middle
// (ISC)²
East, Africa and APAC, lower rates of hiring will be expected, though one in four hiring managers in each of these regions still expected to see their departments grow by 15% or more. Globally, the most sought after positions were Operations & Security Management, with 62% of the workforce indicating that there are too few who occupy this position, followed by Incident & Threat Management and Forensics, at 58% globally. In fact, the latter position is in greater demand in LATAM (63%) and the Middle East & Africa (65%) than any other position.
EMBRACING A CHANGING WORKFORCE As the fastest growing demographic, millennials will be critical for filling the employment gap, but I believe existing attitudes must change if we are to entice valuable candidates. Recruiters are currently not hiring enough recent university graduates, instead opting for those with more prior experience – 93% of respondents indicated that this was an important factor when making their hiring decisions. Yet, employers could be doing much more to attract and retain younger people. The study found that millennials value organisation training, as well as mentorship and leadership programmes. As a demographic that holds personal development in such high regard, businesses need to be catering to these needs to attract crucial young talent. In addition to the widening skills gap, diversity within the workforce remains low. Our study also revealed that women form just 5% of the workforce in the Middle East and 9% in Africa; levels that have remained virtually unchanged since 2004. There are also signs of a rampant gender pay gap, with male professionals more likely to earn more on average than their female counterparts. This is despite female cybersecurity professionals tending to be better educated, with a higher proportion of them occupying managerial positions. A workplace where women are both paid less and more likely to be subject to discrimination can make it harder to promote such a profession
Diversifying the (IT) workforce will provide the necessary basis for a safer world, especially in today’s increasingly plugged-in society.” to women. The lack of women also creates a self-perpetuating cycle, with few established female role models to encourage the new generation. But there are clear steps that can be taken to attract more women into cyber, and at the same time, address the growing need for more staff. Much like with millennials, employers need to create inclusive work places that support and value women, via sponsorship and mentorship programmes that tie to the success and satisfaction of women at all levels. Equally as important, organisations must end pay inequity, and also draw from a wider set of backgrounds and degrees, including humanities and arts degrees, where there tend to be higher proportions of females – currently only 29% of respondents in the Middle East and Africa came from non-IT/ Engineering backgrounds (among those who did not start in cybersecurity initially). Fundamentally, this is no longer just an issue of increasing workforce diversity, but an issue of economic and national security. The cybersecurity skills gap is growing wider every time we survey our workforce, and governments across the world are increasingly recognising that cyberattacks are critical national vulnerabilities. Attracting more millennials, women and those from more varied backgrounds into the industry would not only significantly help reduce this shortfall in skills, but by diversifying the workforce, will provide the necessary basis for a safer world, especially in today’s increasingly plugged-in society. // 2017 / NETWORK MIDDLE EAST SECURITY SUPPLEMENT / 5
C LO S I N G T H E
SKILLS GAP
(ISC)² STUDY REVEALS GLOBAL CYBERSECURITY WORKFORCE SHORTAGE TO REACH 1.8 MILLION AS THREATS LOOM LARGER AND STAKES RISE
T
he latest study from the Global Information Security Workforce Study (GISWS) calls for employers to look to new recruitment channels and consider workers with more diverse skillsets and non-technical backgrounds to attract and retain cybersecurity talent
UNDERSTANDING THE SKILLS GAP As far as I can remember, cybersecurity has long faced a gap between the supply and demand of professionals, leaving businesses, and by extension all of us, vulnerable to cyberattacks. Our research programme, the biennial Centre for Cyber Safety and Education’s Global Information Security Workforce Study (GISWS), has tracked the state of the workforce over the past 13 years. The most recent report – which surveyed over 19,000 professionals from the cybersecurity profession – revealed a widening chasm; a projected shortfall of 1.8 million cybersecurity workers worldwide by 2022, if current hiring trends continue. This is up 20% from the same figure projected in 2015’s report, with the issue directly leading to data breaches, and in turn impacting us as consumers. In the Middle East & Africa alone, 67% of respondents this year indicated that they felt their departments consisted of too few information security workers; with reasons for the workforce shortage ranging from a lack of qualified personnel (40%), business conditions can’t support additional personnel (45%) and requirements not being understood by leadership (50%), to security workers being too difficult to retain (30%) and there being no clear information security career path (39%). This month sees the third release of data from the Global Information Security Workforce Study 2017: Benchmarking Workforce Capacity and Response to Cyber Risk, which was conducted by Frost & Sullivan for the Centre for Cyber Safety and Education, with the support of (ISC)2, Booz Allen Hamilton and Alta Associates; offering up a deeper exploration of that growing cybersecurity skills gap and outlined recommendations to remedy this. Globally, it was revealed that data exposure was the top
// 4 / NETWORK MIDDLE EAST SECURITY SUPPLEMENT 2017 /
Adrian Davis, managing director, EMEA, (ISC)2
concern for those study participants, regardless of their geographic location. There were however, some regional discrepancies when considering other top-of-mind threats. Data exfiltration was a top worry in North America and Asia Pacific (APAC), but in Latin America (LATAM) and Europe, it was ransomware that was top of mind. While in the Middle East & Africa, the broad act of hacking was identified as a primary concern, suggesting professionals here are affected by a broad set of motivations and outcomes instead. This data clearly demonstrates that much work is yet to be done to secure businesses, government agencies and organisations of all sizes, and the critical importance of having a properly staffed, agile and reactive workforce.
HIRING ON THE RISE Globally, a third of hiring managers are planning to increase the size of their departments by 15% or more. But for the Middle
// (ISC)²
East, Africa and APAC, lower rates of hiring will be expected, though one in four hiring managers in each of these regions still expected to see their departments grow by 15% or more. Globally, the most sought after positions were Operations & Security Management, with 62% of the workforce indicating that there are too few who occupy this position, followed by Incident & Threat Management and Forensics, at 58% globally. In fact, the latter position is in greater demand in LATAM (63%) and the Middle East & Africa (65%) than any other position.
EMBRACING A CHANGING WORKFORCE As the fastest growing demographic, millennials will be critical for filling the employment gap, but I believe existing attitudes must change if we are to entice valuable candidates. Recruiters are currently not hiring enough recent university graduates, instead opting for those with more prior experience – 93% of respondents indicated that this was an important factor when making their hiring decisions. Yet, employers could be doing much more to attract and retain younger people. The study found that millennials value organisation training, as well as mentorship and leadership programmes. As a demographic that holds personal development in such high regard, businesses need to be catering to these needs to attract crucial young talent. In addition to the widening skills gap, diversity within the workforce remains low. Our study also revealed that women form just 5% of the workforce in the Middle East and 9% in Africa; levels that have remained virtually unchanged since 2004. There are also signs of a rampant gender pay gap, with male professionals more likely to earn more on average than their female counterparts. This is despite female cybersecurity professionals tending to be better educated, with a higher proportion of them occupying managerial positions. A workplace where women are both paid less and more likely to be subject to discrimination can make it harder to promote such a profession
Diversifying the (IT) workforce will provide the necessary basis for a safer world, especially in today’s increasingly plugged-in society.” to women. The lack of women also creates a self-perpetuating cycle, with few established female role models to encourage the new generation. But there are clear steps that can be taken to attract more women into cyber, and at the same time, address the growing need for more staff. Much like with millennials, employers need to create inclusive work places that support and value women, via sponsorship and mentorship programmes that tie to the success and satisfaction of women at all levels. Equally as important, organisations must end pay inequity, and also draw from a wider set of backgrounds and degrees, including humanities and arts degrees, where there tend to be higher proportions of females – currently only 29% of respondents in the Middle East and Africa came from non-IT/ Engineering backgrounds (among those who did not start in cybersecurity initially). Fundamentally, this is no longer just an issue of increasing workforce diversity, but an issue of economic and national security. The cybersecurity skills gap is growing wider every time we survey our workforce, and governments across the world are increasingly recognising that cyberattacks are critical national vulnerabilities. Attracting more millennials, women and those from more varied backgrounds into the industry would not only significantly help reduce this shortfall in skills, but by diversifying the workforce, will provide the necessary basis for a safer world, especially in today’s increasingly plugged-in society. // 2017 / NETWORK MIDDLE EAST SECURITY SUPPLEMENT / 5
