The Next Gen of Cybersecurity Could Be Hiding in Big Tech

COMMENTARY

The world is facing an unprecedented number of cyber threats and historic low numbers of cybersecurity staff. While cybersecurity and IT aren't one-to-one industries, software developers, coders, and other experienced tech workers have relevant hard skills that transfer well into cybersecurity. So why aren't we developing this talent for cyber?

The cybersecurity industry has been facing skills and labor shortages for years. Additionally, the cyber talent gap in combination with the overall trend of growing cyber threats means businesses and public infrastructure are more at risk from hackers than ever before. As the digital transformation era continues, technology innovation grows as does the number of folks equipped to build it. It's not a stretch to believe they can defend it, too.

Why the Cyber Talent Gap Is Growing

The need for cyber solutions is growing exponentially due to three main reasons. The first is the increased attack surface, with over 15 billion connected devices in 2023, and more expected over the coming decade. As the attack surface expands, it increases the already daunting risk of cyberattacks. Moreover, the number of attacks occurring yearly is growing, along with the frequency, sophistication, and impact of these attacks. Ransomware attacks, government-to-government espionage, and more frequently dominate the news cycle, showcasing the need for tighter security against a multitude of attack strategies. Last, increasing regulations continue to add pressure to the cybersecurity talent gap. For example, TSA recently unveiled emergency cybersecurity requirements for airlines and airports, increasing the demand for cybersecurity talent at the federal agency level. In all of these cases, the need is mounting, but the amount of talent can't catch up.

In specific areas such as operational technology (OT), an increasing number of companies are adopting IT security talent to also be trained in OT cybersecurity. This move has been accelerated by IT-OT convergence — where legacy OT technology previously not connected to the Internet is now integrated within IT systems. It's a natural way to address the talent gap by moving cyber talent over from the IT field, which has proven to be successful.

How Technology Talent Can Make the Jump to Security

The main chicken-and-egg conundrum with the cybersecurity skills gap is that most companies looking for cyber talent have limited resources and may be able to make only one or two cybersecurity hires. As such, they might only employ a CISO or senior cybersecurity strategist who can handle the breadth of security threats the organization might face. As a result, there aren't many entry-level opportunities for new cyber hires. Without good entry-level positions, it's hard for those entering the workforce to gain the prerequisite expertise, further exacerbating the shortage of experienced cyber talent at higher levels.

Hiring IT talent and retraining them with cybersecurity skills helps alleviate this issue. Most technology companies provide basic security training and classes, and there's a high level of transferable skills between the two industries. There are currently more than 500,000 open positions in the cybersecurity field, and current or former technology workers have a unique opportunity to gain cybersecurity experience to fill these gaps.

One of the benefits of hiring talent from other industries is the added value. While simultaneously addressing the talent gap, these hires add diversity of thought and experience. That diversity could help to improve operational resiliency and efficiency, a key focus of technology companies and skills you may not get when hiring only cyber-focused talent.

Protecting Public and Private Systems

When it comes to cyberattacks, it's not always an even playing field among industries. Organizations suffering the most from cybercrime include the critical infrastructure sector due to the potential for greatest harm compared with other sectors. In the last two years, 80% of hospitals have experienced a security breach, with most of these breaches tied directly to ransomware attacks. Additionally, in 2022, manufacturing companies had the highest rate of cyberattacks among the leading industries worldwide, with 25% of cyberattacks. When it comes to talent entering this space to help protect these vulnerable systems, it's crucial that we mitigate the risk of these attacks with both solutions and people.

There are vast differences in the cyber resources available to public and private infrastructure. With the private sector's main objective being profit, private organizations have an incentive to ensure their cybersecurity defenses are strong, whereas the public sector works for the public good and relies primarily on public funds.

Security platforms that focus on the highest priorities in their risk-mitigation strategy are helpful even for organizations with limited resources. Furthermore, the government has introduced resources to help bring new talent into the public sector. These include increasing cybersecurity budgets for public organizations, imposing more regulations and guidelines, and working more closely with the private sector. Ultimately, private-public partnerships are crucial for bridging the cybersecurity talent gap. The public and private sectors must collaborate to automate and optimize, reducing the growing need for talent and resources.

Overall, the cybersecurity sector is growing and holds great potential for those looking to make the jump. Instead of zeroing-in on joining the Googles or Metas of the world, I encourage professionals to consider cyber roles instead, where you will be an integral part of your organization's business resiliency strategy, gaining exposure to C-suite stakeholders, and doing important work that can protect human safety or societal stability.

The Future's Cybersecurity Landscape

Moving forward, I would like to see a world where there are more private and public partnerships between working groups leveraging technology. The World Economic Forum has paved the way for these partnerships by modernizing infrastructure in affordable ways and improving the quality of life in local communities. However, this is just the beginning. To bridge the cybersecurity talent gap, we must look to strengthen these partnerships and utilize the existing technology talent already available. Technology talent can make the jump to cyber, and now is the time to act.