informa

Cybersecurity In-Depth

5 min read
The Edge

The Cybersecurity Talent Shortage Is a Myth

We have a tech innovation problem, not a staff retention (or recruitment) problem.

Over 47 million Americans voluntarily quit their jobs in 2021. This unprecedented mass workforce exit was dubbed the "Great Resignation." Spurred by the COVID-19 pandemic and the long-term trend of workers rethinking their relationships with the labor market, those who quit cited low pay, a lack of advancement opportunities, and feeling disrespected as their top reasons for leaving, according to Pew Research

The cybersecurity industry was not immune to this wave of disruption. Despite the fact that the US added more than 250,000 people to the cybersecurity workforce between 2020 and 2021, the need for cybersecurity professionals increased by 30% in that same time. The demand for workers in cybersecurity is growing, driven by unprecedented levels of cyberattacks on governments, Fortune 500 companies, local businesses, and everywhere in between. But the supply of cybersecurity expertise is coming up short.

The cybersecurity talent shortage clearly has real impact, but it may not be as tied to retention strategies or the Great Resignation as many people think. We have a shortage of staff because we are not using security staff efficiently. Better technology that leads to better utilization of the people we have can ease the problem.

New Solutions, Stronger Workforce

Weak cybersecurity leaves organizations vulnerable to breaches, data loss, and regulatory penalties. Organizations tap vendors for a robust array of cybersecurity technologies to alleviate these evolving issues. Vendors consume massive budgets to cultivate, hire, and retain an army of workers with the right innovative mindset and technical capabilities to create solutions that address sophisticated, next-generation cyber threats.

But cybersecurity vendors can't create those solutions because they're having trouble retaining enough people in the workforce, right? Well, not exactly.

The superficial reason for the workforce shortage is the booming labor market. In industries where low pay, few promotion opportunities, burnout, general work/life inflexibility, and poor job benefits are the reason workers are fleeing, there is an absolute need for comprehensive solutions to address those new-normal problems. For cybersecurity, however, the reality of the talent shortage is that technology isn't meeting the moment.

The talent pool may, in fact, be dwindling. But the technology platforms and solutions we have need to be better at making life easier — both for current talent and to enhance the capabilities of customers vulnerable to a host of attacks. Automation is key to meeting those goals.

What if cybersecurity vendors solved the issue and helped talented people out there right now by unlocking the ability to embrace true innovation? What if vendors make it easier for everyday users to operate products for effective cybersecurity? The tools themselves need to be simplified and reliable. If there were no need for an overly specialized and multitudinous amount of effort in the workforce, then there would be no technical debt.

Let's be clear: We're not suggesting taking away the expertise of cybersecurity professionals. This is about innovating enough to alleviate the complexities of the solutions and give every customer control during a threat situation. Adopting security automation is the core of cybersecurity democratization.

So what would that look like?

Automation and Democratization

It's on industry leaders to facilitate new tools for the everyday user. Think about it from the perspective of the type of tech that regular workers take for granted each day.

Google's G-Suite gives users easy, intuitive access to products like Docs and email; Wix helps users drag, drop, and easily create an entire personalized website; Canva turns anyone into a designer, not just people with hours of Photoshop experience; and so on. These were previously cumbersome processes and difficult-to-use sets of products before innovation tipped the balance toward everyday, intuitive use. This is what needs to be done for cybersecurity.

To be proficient, companies need to develop technology that's going to help empower the everyday user with tools and knowledge that give them understandable visibility into cyberattacks. Here are the elements such automated and democratized technology would need to cover.

  • Detection: By automating proactive threat detection and prevention capabilities, people can stay a step ahead of cybercriminals without the need for specialized security skills.
  • Response: Ideally when you identify a cyber alert, you need to know what to do with it. Normally the reaction is panic. Incident responses via automated tools need to tell users step by step what to do to mitigate the spread of the attack and improve their cyber resilience over time.
  • Integration: Security architectures may be unique, but new solutions must be open source enough to connect any tool in an existing security stack with additional out-of-the-box integrations as threats evolve.

The talent shortage will continue if we don't look at the problem in a different and radical way. Making advanced tools more accessible for all businesses and verticals will foster innovation and solve the talent shortage that is leaving business and consumer data vulnerable. Solutions should become as easily accessible as sending and receiving an email or swiping through your iPhone. The tools and ability to innovate are already here — they just need to be distributed.