You’ve heard it now many times: the security industry suffers from a shortage of skilled talent to fill roles in security departments around the globe. An estimated 3.5 million cybersecurity positions will be unfilled by 2021, according to a 2017 report from Cybersecurity Ventures. Some refer to it as a “industry crisis”.
At this year’s Black Hat event in Las Vegas, several vendors in the talent and training space introduced new concepts and ideas for addressing the so-called skills gap.
Among them is Cybrary, a company that offers a library of training and education content focused on security career development. Ryan Corey, CEO and cofounder of the company, said one of the messages he is be evangelizing this year is the concept of security enablement, which is the philosophy of putting security skills into the hands of those not tasked with traditional risk-mitigation responsibility in organizations.
“We see large companies with pockets of users on the site that are in IT,” said Corey. “An enterprise organization needs to be prepared for an ever-changing landscape, and they see they have a security gap in the middle of the tech organization and across work roles. You have people working on the tech lifecycle that are not security enabled.”
Corey believes the skills gap in security is so pronounced due to both a lack of security enablement – and because the industry is what he called “high friction” to enter. Employers require certain skills and certifications that can be difficult, expensive and time-consuming to obtain. For their part, Cybrary aims to address this knowledge gap by offering training content, some of it free, to those working in IT roles who want to gain security knowledge.
In addition to offering education and training to those who want to work in security, Cybrary is also planning to roll out a platform that will be intelligence-based and offer both organizations and job seekers more targeted information for ways to obtain and fill roles.
Another company working on the skills gap issue is CyberSN, a talent acquisition firm focused on cybersecurity professionals, which debuted their KnowMore platform at Black Hat.
Deidre Diamond, founder of CyberSN, said the challenge compounding the problem of the skills gap is the difficulty in finding and matching job openings with the right person, with the appropriate background.
“I don’t think there’s a shortage of people with cybersecurity expertise that are interested and qualified for the open jobs posted today,” said Diamond. “They just aren’t able to weed through the noise to find those employers that have the better opportunities.”
The KnowMore platform, she said, addresses issues like inaccurate and unappealing job descriptions, vague resumes, and recruiters who are unable to speak the language of cybersecurity.
The platform, she said will provide anonymity and uses a common language for job descriptions and profiles.
“We want to take all of the time and frustration that has been wasted and match job seekers with jobs that could fit,” said Diamond.