Cyber Sunday: Cybersecurity dealing with ‘skills gap’ | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Field is constantly changing, with not enough people

“Skills gaps” are an issue talked about across the county, and the IT/cybersecurity skills gap is at the forefront of the issue.

Due to the explosion of technology, skilled information technology and cybersecurity employees are more important than ever.

ISC2, an association of cybersecurity professionals, reported that the global cybersecurity workforce gap is almost 4 million people, and the North American gap is 521,827.

The bottom line is that cybersecurity skills are fundamental to the resiliency of your business. Unfortunately, the skills are varied and take years to hone.

Employee burnout

One of the side effects of your business being unable to find and hire skilled IT/cybersecurity staff is that you may have to heap extra duties on your existing staff. If this goes on long enough, the cumulative stress and workload will cause emotional and physical harm to them.

Often these system administrators or IT directors feel strong ownership and pride in their environment and are unwilling — or don’t have the time — to job search. These overworked and sometimes abused staff will eventually leave your business or leave the profession altogether, making the overall problem worse.

Spark curiosity early

IT and cybersecurity should be more diverse, and if you look around our subculture, everyone generally looks the same.

Unfortunately, because of the talent pool, employers are unable to leverage a largely untapped population of women and underemployed groups.

Speaking to employers, the talent pool for IT and cybersecurity is often not diverse, and even though they may have the best of intentions, the result is the same.

The best concept is to encourage everyone to experiment and learn computer or security concepts from a young age. IT is for girls, too. This could take the form of learning Raspberry Pi, Hack the Box, Flipper Zero, or Python.

Every year in October, the Quad Cities hosts CornCon, dedicated to cybersecurity, which features a fantastic kid track that teaches soldering Arduino chips, cracking passwords, lockpicking, a capture the flag competition, and a kid’s version of Hacker Jeopardy. When youths understand how to defeat security, they are primed to understand defense best practices.

Train employees

Employers’ expectations for new cybersecurity hires often can be too high.

It’s a recurring joke in cybersecurity is that many job postings for an entry-level position require three years of experience with a professional certification.

Even if your employees are operating at a high level, the cybersecurity landscape changes constantly, so lifelong learning is a must.

Please carve out a training budget and time for your staff to level up their skills each year. If this is neglected, their skills soon will become obsolete, and their ability to adapt to better technology will atrophy.

If you have software developers, it might be a good idea to send them to an OWASP (Open Worldwide Application Security Project) class, or a SANS Institute course so they are informed in the latest secure development practices.

All learning is good, and it never ends.

Bottom line

As a country, we are behind the curve for cybersecurity, and we need to think ahead to the next decade.

This can be done by being more welcoming to those starting out and for those looking to make a career change. Imposter syndrome is real, and it can be daunting for newcomers to address knowledge gaps in an ever-changing world.

Brandon Blankenship is a cybersecurity consultant at ProCircular and a board member of SecMidwest, a Cedar Rapids-based nonprofit focused on cybersecurity education; Comments:


Click Here For The Original Source.

National Cyber Security