Due to a shortage of cybersecurity experts, engineering schools feel the need to make the field more attractive. They communicate widely about the benefits of IT security professions.
The shortage of cybersecurity profiles, already known for many years in the industry, has become worse due to the pandemic.
A cybersecurity shortage?
Results of an international survey conducted in August 2021 by Enterprise Strategy Group (ESG) for ISSA (Information System Security Association), among 489 IT and cyber security professionals speak for themselves:
- 95% of respondents believe the cyber security skills gap has not been filled
- 44% believe it has become worse
- 57% of companies say they are affected by the shortage of skilled cyber security workers
The reason behind these results are to find behind the fact that cybersecurity is often seen as a technical sector. Profiles are therefore concentrated in IT, whereas company needs are varied: governance, organizational, and business skills are sought after in the sector. This makes the technical prism of the sector too limiting compared to the needs.
In addition, training for excellence in IT security implies mastering many technical skills. This makes the training of experts a long process which cannot be shortened without risking a quality loss in the education provided. Finding professors with sufficient experience to design practical tutorials has become a problem too.
A study by the International Systems Security Certification Consortium also found gender diversity to be nonexistent in the cybersecurity sector. Indeed, according to the research, women only account for 11% of the workforce in cybersecurity. Stereotypes also tend to persist, according to the same study. One out of three women interviewed associates IT security professionals with "geeks".
In a context of talent shortage such as it exists today in cybersecurity, feminization represents an undeniable opportunity. Attracting women to so-called "male" professions remains a challenge that companies, public authorities and the world of education must urgently address.
If companies can’t find the profiles they are looking for in mass recruitment processes, they may want to retrain existing employees to cybersecurity. Apart from saving on a time-consuming recruiting process, focusing on retraining may motivate in-house employees by increasing their skills and increase their loyalty to the company.
With technology being increasingly integrated into our lives, cyber risks are becoming more common and diverse. This encourages the private and public sectors to invest in improving cyber protection measures which must support the training of cybersecurity professionals to bring this shortage to an end.