According to a report by the Information Systems Audit and Control Association (ISACA), the cybersecurity skills gap issue may be far from being resolved, despite the significant investment in training professionals around the world. While the volume of training has increased the number of entry-level professionals, organizations are still struggling to find experienced cybersecurity personnel.
ISACA highlights the problem of a hyper-focus on the perceived worker shortage to fill open cybersecurity positions. This approach fails to address duplicate job postings and the perspectives of aspiring cybersecurity professionals who have invested time and money in completing pathway programs but are unable to secure employment in the field. The report warns that the failure to resolve this issue will only exacerbate the problem of students and career changers being unable to obtain employment due to a lack of experience, despite their acquired knowledge, skills, and credentials.
The annual ISACA report, conducted during the second quarter of 2023, surveyed more than 2,100 professionals worldwide. The survey was sent to individuals with ISACA Certified Information Security Manager (CISM) certification or those with registered job titles in the information security field.
The report also highlights that the average age of the cybersecurity workforce continues to increase. While the largest percentage of respondents (34%) fell between the ages of 35 and 44, the age distribution showed a shift towards older professionals. The percentage of respondents in the 45 to 54 age range increased by two percentage points (32%), and those in the 55 to 64 age range increased by three percentage points (19%), compared to the previous year. This trend raises concerns about the loss of skilled professionals to higher-paying jobs in different industries.
There has been ongoing discussion in the IT industry regarding the hiring and training of recent graduates, only to have them leave for better-paying opportunities elsewhere. Jo Stewart-Rattray, CISO and ISACA ambassador, Oceania, emphasizes that cybersecurity companies and departments acknowledge the importance of training and upskilling to address the shortage of cyber staff. While efforts are being made to train new professionals, the increasing age of the workforce suggests that retaining experienced personnel is equally crucial.
The report by ISACA underscores the need for a comprehensive approach to address the cybersecurity skills gap. It is not enough to simply focus on recruiting new talent; strategies must also include initiatives to retain and further develop experienced professionals. This could involve offering competitive salaries and benefits, creating clear career progression paths, and providing ongoing training and upskilling opportunities. Additionally, organizations should collaborate with educational institutions to ensure that cybersecurity programs align with industry needs and provide relevant skills and certifications.
To bridge the skills gap, it is crucial for industry leaders, organizations, and educational institutions to work together and invest in the future cybersecurity workforce. By addressing the challenges of both entry-level professionals and experienced personnel, the industry can build a robust and diverse workforce that is equipped to tackle evolving cyber threats.