How to Address the Cybersecurity Skills Shortage


Some skills shortages are more perceived than real. For example, when an organization lists a job posting that demands a ridiculous combination of skills and talents, and the “right candidate” for this position never emerges, there is no skills shortage. The right candidate for this job doesn’t exist.

However, in the area of cybersecurity, the skills shortage is real. In fact, a report from Frost & Sullivan expects more than 1.5 million cybersecurity positions will be unfilled by 2020. Part of the problem is that organizations try to fill these jobs by looking for candidates with technical degrees. Because security is or should be a concern for every business and individual, limiting the search to people with a technical background or degree isn’t enough. As research firm IDC points out in a separate study, this skills shortfall will also represent a $101 billion opportunity by 2020 for those seeking to fill the gap.

Another issue is the confusion caused by the explosion of cybersecurity degrees, certifications and other credentials. In addition to higher education, credentials are being awarded by professional organizations, industry groups and other third-party organizations. What do these credentials mean? Which ones are most valuable? Who can I trust?

Some groups have introduced initiatives to make sense of cybersecurity credentials and establish consistent models. The Corporation for a Skilled Workforce and the Lumina Foundation launched a campaign to facilitate collaboration among industry stakeholders to address the cybersecurity skills shortage. The goals are to create a more transparent credentialing system, a common language for skills, knowledge and competencies, and public policy efforts to promote cybersecurity careers. The National Initiative for Cybersecurity Education and the Department of Homeland Security have also joined forces to create a national cybersecurity workforce framework, which outlines seven categories of security work, 33 specialty areas, and 52 work roles.

These and other programs have helped to identify the skills needed for cybersecurity. For example, networking and development professionals can often understand vulnerabilities and take proper action in their areas of expertise more effectively than someone who simply tries to apply best practices. At the same time, a security professional might be best served by becoming an expert in a specific discipline, such as firewalls, and related technology, applications and data analysis tools. Every discipline has its own set of security needs and challenges that are shared by many organizations.

The best cybersecurity job candidates are also leaders who know how to structure and manage a team and delegate responsibilities. Security is as much a business issue as an IT issue, so cybersecurity professionals should understand business concerns and regulatory compliance. They should constantly collaborate and educate themselves to sharpen their skills.

Some organizations have created “new collar” jobs in cybersecurity that value skills, problem solving, and the willingness to learn rather than credentials. New collar jobs require skills that can only be taught with real-world experience and modern educational programs. The Pathways in Technology Early College High School (P-TECH) model has emerged as a training resource for helping students enter cybersecurity careers.

Higher education can play an important role in developing cybersecurity talent. Community colleges and four-year universities can prepare students for in-demand cybersecurity jobs by following the P-TECH educational model and offering dedicated security courses, hands-on training and professional mentoring. Schools should also invest in the kind of technology used in the modern workplace to ensure students are ready for the opportunities that await them.

Again, the cybersecurity skills shortage is very real. Higher education must step up and help to fill the gap.