By now, the majority of industry professionals are aware of the cybersecurity skills gap and its impact on organisations’ abilities to consistently protect their data and networks.
The coronavirus pandemic has only amplified the issue, manifesting the economic strain that has forced many business leaders to make budget cuts and furlough, or even lay off, critical employees. Meanwhile, cybercriminals saw the pandemic as an excellent opportunity to execute attacks on vulnerable networks as more employees shifted to remote work.
Fortinet’s NSE Training Institute’s programs enable IT professionals, students, veterans and more to learn new cybersecurity skills, reskill or upskill as a way to address the growing talent shortage our industry faces.
The Cybersecurity Skills Gap: Implications for 2021 and Beyond
In a recent survey of industry leaders, it was found that 68% of responding organisations struggled with recruiting, hiring, and retaining cybersecurity talent.
For such a critical branch of business, it’s an alarming statistic. Perhaps even more troubling was the discovery that 73% of surveyed organisations had experienced at least one intrusion over the past year that could be partially or wholly attributed to the cybersecurity skills gap.
When organisations lack a large enough team of qualified, experienced cybersecurity professionals, their networks, customer data, and even operational technology are far more vulnerable to threats.
At the same time, the number – and level of sophistication – of cyberattacks on commercial businesses is steadily climbing. When successful, such attacks can be debilitating, costing hundreds of thousands of dollars in downtime or reparations.
To help address this risk, organisations must shift their mindset away from traditional hiring and work to implement new, agile solutions that leverage untapped resources, without burning out their employees. Organisations should invest in reskilling and upskilling current employees, which can effectively help bridge the skills gap.
Identifying the Right Individuals for the Job
One of the biggest issues in cybersecurity hiring has to do with the sets of skills and attributes hiring managers believe are mandatory in a “qualified” individual. All too often, these wish lists grow much longer than what any individual could have possibly attained over the course of a 5-, 7-, or even 10-year career in the industry.
Worse, hiring according to a set list of qualifications tends to rule out some of the most talented and capable recent graduates – those who are eager to learn and most excited about the profession.
By restructuring the hiring model to prioritize innate strengths over “X years of experience,” organisations will end up with employees who are happier to do their jobs and fit in more seamlessly with the rest of the team.
Interviewing for, say, communication skills and leadership ability, analytic sharpness, level of comfort with abstract ideas, mathematical and modelling skills, independence and autonomy, and other such “soft” skills may reveal much more about a candidate’s chances for long-term success than his or her resume alone.
Then, organisations must put programs in place for on-post training, whereby talented and apt new hires pick up the technical, hands-on skills they need to monitor networks and mitigate threats. But this should not be the sole focus of these cybersecurity training programs. Even tenured employees appreciate and benefit greatly from opportunities for continued education, whether via in-person or online courses, seminars, or conferences.
Many organisations have found some of their best cybersecurity professionals by looking elsewhere in their IT departments, encouraging individuals who may no longer be stimulated in their current roles to move laterally into a cybersecurity position by completing training programs and/or certifications.
These workers bring a new, fresh perspective, benefiting the organisation in more ways than one – this alone demonstrates why upskilling and reskilling should be considered essential when looking to build out security teams.
Bridging the Skills Gap
Fortinet is committed to helping close the cybersecurity skills gap through its technology, the NSE Training Institute programs and Corporate Social Responsibility initiatives. Employers and aspiring network security professionals alike should be able to access the resources needed to close the skills gap – whether via training and certifications, professional networking opportunities, or mentorship.
The NSE Training Institute programs provide IT professionals, students, veterans and more the opportunity to expand and learn new security skillsets. The NSE Training Institute’s flagship NSE Certification Program, which has issued more than 500,000 certifications worldwide, has eight levels of certifications, ranging from cybersecurity fundamental education courses to advanced solution-based training.
Additionally, Fortinet has made its entire catalogue of self-paced NSE courses available free of charge for anybody interested in learning new skills or upskilling. Through the Information Security Awareness Training service, Fortinet also provides organisations with free training for their employees to be cyber aware to identify and prevent threats.
By implementing cybersecurity training programs for all employees and diversifying the overall hiring strategy, companies across industries will see a marked improvement in their overall security program’s fortitude, as well as a greater degree of employee satisfaction and far less turnover.