{"id":23341,"date":"2024-09-27T22:57:16","date_gmt":"2024-09-27T18:57:16","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cybersecurity-talent-shortage\/23341\/"},"modified":"2024-09-27T22:57:22","modified_gmt":"2024-09-27T18:57:22","slug":"cybersecurity-talent-shortage","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cybersecurity-talent-shortage\/23341\/","title":{"rendered":"Cybersecurity talent shortages: the roots and the solutions"},"content":{"rendered":"

Skills shortages in the cybersecurity industry are hardly a new phenomenon; however, in recent years it has become painfully acute. The trigger was the coronavirus pandemic, which provoked rapid digitalization of most everything in the world, and an equally rapid increase in the number of cyberattacks. This led to demand for cybersecurity professionals seriously outstripping supply.<\/p>\n

ISC2, a leading cybersecurity expert-certification company, publishes its Cybersecurity Workforce Study every year. According to its latest report<\/a>, the number of cybersecurity specialists in the world increased by 8.7% between 2022 and 2023. Sounds great. The problem is, however, that the talent shortage<\/em> also grew \u2013 by 12.6% over the same period. When the report went to press, the global staffing shortage in the cybersecurity industry stood at a whopping four million employees. So what\u2019s going on?<\/p>\n

Cybersecurity in higher education<\/h2>\n

\nTo get an answer to this question, we conducted a massive survey<\/a> of more than a thousand cybersecurity professionals from 29 countries. We interviewed employees across the board \u2013 from entry-level technicians to directors and SOC heads.<\/p>\n

Some interesting facts came to light as a result. Most interestingly, not all experts in the field had studied cybersecurity at college or university. The figures vary by region, but on average no more than half had done a dedicated course. What\u2019s more, the majority of respondents spoke of a lack of specialized cybersecurity courses in higher education on the whole.<\/p>\n

\"Availability<\/a>

Respondents rated the availability of specialized cybersecurity courses in higher education institutions as poor. Source<\/a><\/p><\/div>\n

As for whether higher education is a must for a career in cybersecurity, respondents\u2019 views were decidedly mixed<\/a>: only half consider a degree to be either very or extremely useful; a quarter have a neutral opinion; and another quarter believe a degree to be totally useless.<\/p>\n

The main problem with formal cybersecurity education is that it forever lags behind real-world developments. Tools, technologies and threats are evolving so rapidly that knowledge acquired on a course becomes largely obsolete by graduation day.<\/p>\n

The surveyed cybersecurity specialists also noted that higher education often neither provides sufficient hands-on training, nor helps develop the skills needed to build a career in the field. So young professionals are often sorely unprepared for what awaits them in the real world.<\/p>\n

Consequences for business<\/h2>\n

\nThe lack of hands-on experience means that many aspiring professionals make poor decisions, which can have major knock-on effects for employers. As nearly half of the respondents (46%) noted, it took them more than a year to get settled in their first job.<\/p>\n

At the same time, more than half (51%) admitted making serious mistakes in their first few years on the job. These were the top five mistakes mentioned:<\/p>\n