The Organisation for Economic Co-operation and Development (OECD), in collaboration with Microsoft, has recently published an extensive report that examines the supply and demand of cybersecurity professionals by analyzing over 400 million online job postings from January 2012 to June 2022. The report specifically focuses on Australia, Canada, New Zealand, the UK, and the US, shedding light on the growing worker shortages and increased frequency of cyberattacks that have become a serious concern in recent years.
Amid the COVID-19 pandemic, cybersecurity failures have emerged as one of the top 10 risks that have worsened the most. These failures have heightened the pressure on security teams and have created a demand for skilled cybersecurity workers that surpasses the current supply. In fact, (ISC)², a leading cybersecurity certification organization, estimates that there is a global shortage of 3.4 million cybersecurity workers, with nearly 70% of organizations facing workforce shortages.
To overcome these challenges, it is crucial for organizations to collaborate with policymakers and educators and implement significant changes that will empower current and future cybersecurity professionals. The OECD’s report provides valuable insights into the most in-demand skills in the past decade, including cloud security, cybersecurity frameworks, and threat assessment. By analyzing these trends, companies can assess their current needs and identify gaps in existing education and training programs. However, this also necessitates close partnerships between companies, educators, and policymakers to establish a sustainable talent pipeline capable of meeting the cybersecurity demands of the future.
Based on the findings outlined in the report, there are three main ways in which the private and public sectors can collaborate to expand educational opportunities and cultivate a highly skilled cybersecurity workforce:
1. Offer multiple career pathways within cybersecurity training: It is crucial to provide formal and informal cybersecurity training at various levels, catering to a wide range of job roles. Both long- and short-course formats should be made available, and clear progression pathways between training programs should be established. This will enable individuals to acquire the necessary skills and knowledge to excel in their chosen cybersecurity career paths.
2. Close the workforce gap with skills-based recruitment and formal education: The rapidly evolving nature of cybersecurity requires a range of educational options, including community and technical college programs, as well as skills-based certifications. Formal education is not the only pathway to success in this field. By recruiting individuals based on their acquired skills, organizations can reduce entry barriers for young people and those with less experience, thus narrowing the cybersecurity workforce gap. Investing in mentorship and curriculum co-design programs to meet the demand for cybersecurity skills beyond the technology sector is also necessary.
3. Build basic digital skills first: Digital skills serve as the foundation for cybersecurity competencies. It is essential to offer opportunities for people of all ages, particularly the most disadvantaged, to develop essential online knowledge. Before delving into cybersecurity-specific training, individuals should have a basic understanding of concepts such as cloud computing. By ingraining cybersecurity best practices throughout organizations and emphasizing that cybersecurity is the responsibility of all employees, companies can elevate their overall defense capabilities.
In addition to highlighting the need for a skilled cybersecurity workforce, the OECD’s report also emphasizes the importance of diversity in this field. It suggests that demand for cybersecurity professionals has expanded beyond major urban centers, creating opportunities for individuals from diverse professional backgrounds to enter the industry. To bridge the skills gap and address the current demand, companies must broaden their horizons and consider nontraditional cybersecurity career paths. This will enrich the industry with a range of unique experiences and life skills, ultimately contributing to more diverse and effective solutions to security challenges. A workforce that reflects the diversity of cybersecurity threats can draw upon a broader range of perspectives, enabling more inclusive and robust protection for organizations and their end users.
Addressing the challenges facing the cybersecurity sector requires collaboration between employers, educators, and policymakers. By working together, we can create a safer and more secure environment for all. The OECD’s report offers insights and recommendations that can guide stakeholders in their efforts to build a skilled and diverse cybersecurity workforce capable of effectively combating the ever-evolving threat landscape.