There has been a dramatic upsurge in cyber security threats during the last five to seven years. However, big, mid-sized and small organizations are finding it difficult to meet the increasing need for advanced cyber security solutions due to a lack of qualified cyber security personnel.
After the security breaches of high profile networks in 2015, this problem was thrust into the limelight. According to statistics undertaken by the Stanford University of Journalism Project, and subsequently released in 2015 by the Bureau of Labor Statistics by Peninsula Press, more than 209,000 cyber security jobs are unfilled with postings up by 74% in the last five years.
This shortage of cyber security professionals can be deemed as a 'demand-and-supply' dilemma. In 2007, when large-scale hacking attacks on internet connectivity and even the leakage of credit card data transpired, the demand for cyber security professionals overtook the supply.
Cyber security is a complex field, and different organizations require different sets of skills to achieve their specific goals. Finding the right cyber security professional is proving to be a major drawback because not all cyber security professionals have the relevant skills that a team or situation demands. In addition, some skills and experiences are in a higher demand and as a result are harder to acquire.
Besides this complex issue, there is another factor that has led to the shortage of cyber security professionals; demanding salaries. It is important to be aware of how an organization will benefit by keeping a cyber security mechanism in place, since cyber security personnel are now demanding more than USD $200,000 to $250,000 per annum. To address this issue, many large organizations have found ways of dealing with the shortage through internal promotions and education efforts.
The primary goal of organizations is to identify and fix vulnerabilities by developing software, and at the same time reducing the need of manpower. These automated cyber security programs are far from being effective and such measures normally fail to address contingencies. As a result, companies are designing programs to encourage people towards choosing the cyber security field as their career. Today, there is a need for better education and talent development initiatives for both the public and the private sector.
Although there is no quick fix to this problem there are a few ways to handle the issue.
• Large organizations must link up with cyber security training organizations and local universities in order to focus on an optimal utilization of cooperative investment, mentoring programs, training, and internships.
• Security leaders such as HP, IBM, Cisco, Intel Security, and Symantec must conduct individual programs for cyber security education and training. The companies should try to address this issue with a collective approach, pool resources and try out innovative approaches to address this fast growing issue.
Cyber security is not an industry related issue, but it is a national security concern. This problem must be addressed with a plan that cuts across academia, governments, industries, and organizations that provide professional cyber security solutions.