Over three quarters of organisations across all industries plan to increase their cybersecurity spending over the next year. However, cyber skills shortages remain a major issue. What can organisations do if expertise is lacking, asks Pete Sorensen, VP of Strategic Initiatives at ConnectWise.
Amid tumultuous economic times and with working norms shifting in the wake of the Covid-19 pandemic, technology solution providers (TSPs) are also dealing with a massive lack of qualified candidates. This is the case across the entire sector, however, some specialist areas such as cybersecurity, have been hit harder than others.
Despite this, reports suggest that security employees are, on the whole, happy with their jobs.
It is reasonable to ask, therefore, whether one of the reasons for the gaps in this field might be related to the evolution of working practices in recent years and questions around onsite, remote and hybrid working. Just 15 percent of cybersecurity workers indicated an interest in returning full time to the office, which has driven an above average number of resignations in this sector.
It is also worth bearing in mind that changes to jobs themselves played a part in this wave of resignations. With a huge number of employees of all kinds working remotely during the pandemic, it caused a vast amount of extra work for cybersecurity professionals who now had to manage a remote workforce plagued with network vulnerabilities.
Introducing automation to ease the pain
Put simply, we can reduce the crushing demand for skills and narrow the gap by reducing how much we depend on actual people. This is particularly true in the world of cybersecurity, where crucial tasks such as patching, disaster recovery, and threat detection can all be automated, thus minimising the need for human staff.
Here is a brief overview of some of the ways in which automation can boost cybersecurity:
- Enable 24/7 user and customer support
- Automate routine jobs to boost employee satisfaction and reduce human error
- Enhance business insights through real-time data capture and analysis
- Reduce unnecessary threat alerts and service calls
- Speed up threat detection and response times
However, while automation can limit the need for dedicated cybersecurity professionals, IT executives must be careful to not only rely on automation as a panacea for all ills. Highly skilled employees will still be needed to manage and monitor the systems and act as gatekeepers and quality controllers. Automation solves some of the problems, but not all. Leaders will need to ensure a talent development strategy exists as they add automation and AI to their processes, or they risk creating a shortage of talent down the line.
Budget restraints can also put a limit on the roll out of automation solutions. Although the technology is becoming more commonplace and affordable by the day, it can still be out of reach for smaller businesses. IT leaders will need to closely examine potential automation and AI solutions to see how well they fit their business processes and whether they can afford them.
Upskilling employees to bridge the gap
Consider investing in an internal process for professional development to help narrow the IT skills gap in your company. This not only demonstrates your commitment to the long-term success of your workforce, it will also nurture new and improved skills that will help them manage more complex tasks moving forward.
The best approach is to link the internal development programme with individual needs or specialisations. So, by connecting cybersecurity to specific requirements or career paths, such as CompTIA or ISC2, you can shape existing talent to meet their demands. This is especially important in cybersecurity where the lack of skills is so acute.
Expanding the hiring pool
At the same time, we can look at expanding the hiring pool beyond the typical cybersecurity employee profile. Women and minorities are underrepresented in the field: just 24% of women and minorities experience a feeling of belonging within the IT industry compared to 75% of executives who feel like they do belong. How can we shift the needle and make these individuals feel more at home? Mentorship programmes are a useful tool in making minority employees feel more comfortable.
Ultimately, there is talent out there, which we can tap into, while also reducing the burden through automation and upskilling the workforce we already have. By making our existing teams as productive as possible, and reaching out to new hiring pools, we can bridge the IT skills gap and stay ahead of the cybersecurity game.