As the world moves into an increasingly digital space, a technology skills gap has appeared and the chasm is only growing wider by the day. While research from CompTIA, one of the world’s largest technology associations, revealed nearly half of all IT and business executives polled believe skills shortcomings within their organizations have grown during the past two years, these gaps are not restricted to the technology sector by itself.
From marketing to sales to business development, business executives outlined the issues their organizations are having when it comes to a professional’s range of abilities. Unfortunately, the most troubling skills gap of all may be in the cybersecurity industry.
Cybersecurity: A Dangerous Shortfall
Cybersecurity professionals work to protect our most important and private information, from bank account details to sensitive military communications and beyond. However, there is a dangerous shortage of cybersecurity workers in the U.S. that puts our digital privacy and infrastructure at risk.
In fact, The Cybersecurity Skills Gap infographic highlights the widening skills gap in cybersecurity, pointing out the notion that there are currently more than 300,000 cybersecurity job openings in the U.S. while 59 percent of enterprises report having unfilled security positions. Making matters worse, Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity positions by 2021 and this dearth of talent could cost businesses $6 trillion.
These statistics not only highlight the growing gap in cybersecurity skills, but they also illustrate the fact that cyberattacks are the fastest growing crime in the U.S., and with each day they seem to be increasing in size, sophistication, and cost. And with researchers predicting cybercrime will more than triple during the next five years, the number of cybersecurity professionals employed to prevent hackers and bad actors from incurring damages will not come close to keeping pace with this threat.
Why the Cybersecurity Skills Gap is a Problem
As the cyber world grows, so does the world of cybercrime. It’s not just about more sophisticated tools and techniques, it’s equally as much about the growing number of human and digital targets and our inability to effectively secure them. Unfortunately, the rate of internet connection is outpacing our ability to properly protect it.
As evidenced by the lost $6 trillion mentioned above, the risks posed by cyberattacks are enormous. From the damage and destruction of data to stolen money, lost productivity, the theft of intellectual property, the theft of personal and financial data, embezzlement, fraud, post-attack disruption to business operations, reputational harm and beyond, the consequences surrounding a security breach are among the most dire our society faces.
All of this cybercrime creates damage to both private and public enterprises, and it drives up IT security spending across industries. In fact, a 2016 forecast from Gartner Inc. claimed worldwide information security spending would grow 7 percent to reach $86.4 billion in 2017 and will climb to $93 billion this year.
The challenges posed by cybercrime are not expected to go away anytime soon. Per CompTIA’s “Evolution of Security Skills” study, 33 percent of companies surveyed reported that security is a significantly higher priority for them today than it was just two years ago, and 49 percent expect that cybersecurity will be a significantly higher priority in two years than it is today.
The reality is as more businesses and households connect more devices to the internet, more data will be gathered, which will need to be both understood and protected. Consequently, we will need to be able to recruit and retain more employees with cybersecurity skills.
The Role of a Network Engineer in Cybersecurity
One such position is the network engineer. Information security requires a different set of skills than information technology does, and network engineers ultimately are responsible for the planning, designing, construction, management, and improvement of the network system to ensure an organization’s efficiency. These types of positions obviously require quite a bit of technical expertise.
But as the cybersecurity industry expands in particular roles, including network engineering, additional skills gaps are being revealed. Today, a network engineer’s responsibilities need to be multifaceted as they have to ensure the network is as secure as possible.
The networking landscape is rapidly changing, and so are the network engineering skills needed to secure those networks. Network engineers have become siloed, from the basic “network person” split to vendor-, technology- and service-specific skills, which is concerning given the overall trend in the industry toward increasing automation of networking infrastructure deployment and management.
One common misperception about the skills needed to work in cybersecurity surrounds certification. Despite being told how important certain certifications are, most certifications do not matter. Some cybersecurity certifications are like icing on a cake, but without cake, the icing is worthless. Vendor-specific certifications caused this silo mentality to develop as people turned away from helpdesk work to certification in order to help them get jobs and progress their careers.
While networking equipment vendor certifications certainly have their place when put in the context of a network engineer’s general knowledge, but when the vendor certification makes up the majority of what that engineer knows, it results in an engineer who struggles in real-world situations when the bullets are flying, so to speak. They haven’t been exposed to enough real-world examples to get their head around the practice. As a result, these individuals tend to have trouble with the heterogeneous networking environments that have become so popular today.
Additionally, because the network and server environment is growing and converging, there’s an increasing need for people that can understand the interactions between the two and be able to apply their knowledge to the software-based tools that will be at the heart of such network deployments.
Bridging the Gap
In order to bridge the network engineering skills gap, training for new skills should emphasize basic concepts behind building a network, whether it's software-defined, intent-based or disaggregated. If companies and engineers shift their mindsets to focus on the networking basics that don't change, rather than on things that do, the networking skills, training and requirement gaps seen across the cybersecurity industry can be bridged.
Companies who reported skills gaps said the shortage results in increased employee stress levels, difficulty meeting quality objectives, delayed hardware and software deployments and delays in new product or service development, among other issues.
From a board of directors or company executive’s point of view, it’s important to understand that cybersecurity is not a rigid collection of duties and that the roles require much more than technical acumen. Consequently, more companies are starting/needing to seek out non-traditional engineers with different types of skills.
Beyond technical depth and a thorough understanding of the latest technologies, security principles, and protocols, network engineers should possess strong multitasking skills, an enthusiasm for detail and the ability to problem-solve, thinking one step ahead of cybercriminals. They should also be well prepared to deal with high-stress situations and thrive in fast-paced environments.
In the end, most network engineers and cybersecurity companies recognize the rapidly shifting networking landscape. Companies are realizing issues with finding suitable candidates for network engineering roles, and many nascent candidates fail to understand IP networking, system administration, network services (such as DNS) and basic security or lack the experience necessary to get the job done.
Consequently, as security becomes a higher priority, the new skills being developed must also come with a new mindset: building an impenetrable perimeter is no longer practical, and proactive security efforts can help find problem areas before attackers discover them. The first step in closing the skills gap is understanding that security is an advanced area built on an understanding of IT basics, especially for the technical aspects of security.
Modern cybersecurity not only requires an understanding of the technical aspects of security but soft skills like the ability to multitask, being detail-oriented, problem-solving and communication such as the ability to articulate and present innovative ideas or discuss complicated issues. In order to secure the future, a new awareness is needed.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.