The continuous advance of digital threats and crimes continues to drive the demand for cybersecurity professionals. There are many reports that highlight the shortage of these professionals in the face of the growing cybersecurity needs. A gap that continues to widen year after year. Until when and how will this demand grow?
Cybersecurity experts continue to be one of the professional profiles most in demand today, something that has accelerated in recent years due to the growing evolution of cyberthreats.
According to the data from the report ‘Analysis and Diagnosis of Cybersecurity Talent in Spain’ prepared by ObserveCyber, last year there was a cybersecurity workforce in Spain of around 149,774 professionals. This would place the talent gap at 24,119 experts, a figure that is expected to continue to increase in the coming years.
The forecasts in this report suggest that, in 2024, the demand for cybersecurity talent will double the supply, when more than 83,000 professionals are required in this field.
Worldwide, the data is not more rosy: there are currently 3.4 million cybersecurity professionals missing, a figure that has increased by 26.6% compared to the 2.72 million experts that the market demanded last year. This is how it stands out the (ISC)2 Cybersecurity Workforce Study reportin which a thread of hope is launched: 72% of organizations expect to increase their cybersecurity team next year.
And it is that the recruitment of this talent is not proving to be an easy task for organizations. As part of the IT segment, the cybersecurity market is constantly changing and professionals must be constantly updated on new threats and possible existing solutions.
40.1% of Spanish organizations are committed to recycling talent from other departments to the cybersecurity area
Added to this is the fact that, according to the firm CyberSeek, the requirements for cybersecurity skills have increased markedly in the last 12 months. Furthermore, it is a profession that continues to expand into specialized fields, especially such as auditors, software developers, cloud architects, and help desk engineers.
All this confirms the need to have people trained in this sector. However, the shortage of talent is leading, according to the aforementioned report, to 40.1% of the Spanish organizations surveyed recognizing that, as a solution, they are committed to recycling talent from other departments towards the cybersecurity area.
Training, essential for cybersecurity professionals
An important point made by the (ISC)2 report is that the main cause of the deficit between supply and demand is the lack of qualified professionals. It is no longer just a question of having professionals with knowledge in cybersecurity, but of having enough knowledge to carry out all the tasks that managing cybersecurity in a company requires today.
A problem to which other issues such as low wages, lack of development opportunities within the organization, the ‘burnout’ syndrome, working conditions and insufficient training are added.
Only 2 out of 10 internal professionals receive training to carry out their work successfully
Precisely, training is one of the most crucial aspects for professionals since they need a constant update of knowledge to develop their work. The data indicates that only 2 out of 10 internal professionals receive training to carry out their work successfully, which shows the need to reinforce their preparation to face current and future cybersecurity challenges.
But neither do those who leave the university with the aim of dedicating themselves to the world of cybersecurity consider that they have received a formation according to market needs. This is at least supported by 90% of Spanish professionals, according to the survey ‘Needs and future of training in Cybersecurity’ carried out by IMMUNE Technology Institute and Constella Intelligence to more than a hundred professionals from the Spanish IT sector.
In it, 90% of the professionals surveyed indicate that they receive training in cybersecurity in their companies, although more than half do so only once or twice a year and only 10% do so regularly once a month.
Only 7% of experts working in the field of cybersecurity have been trained in this specialty through a degree or traditional university degree.
In fact, 40% of professionals working in the field of cybersecurity indicate that they have been trained through bootcamps and intensive courses, while 30% have done so through specialized master’s degrees. It is surprising that 23% of professionals confirm that they have trained independently.
This highlights the importance of adapting the training of these professionals to the current needs of organizations so that they are prepared to face cybersecurity threats of today and of the future.
That’s why it’s more important than ever to build strong talent pipelines to ensure a safer digital world. It’s critical not to leave holes in your cybersecurity defenses simply because you don’t have enough trained workers to plug them.
The automation of cybersecurity, an option that is gaining followers
This shortage of professionals is leading more and more companies to resort to other options to guarantee their security while making the most of the resources available to them. This is where the commitment to the automation of cybersecurity comes into play.
According to the report ‘State of Cybersecurity Automation in Companies in 2022’ From ThreatQuotient, companies are focusing on automating different elements of their security strategy that have different degrees of maturity. This has led to their increasing confidence in the results of automation, which is why 89% of the professionals surveyed are confident that their budget for these tasks will continue to increase in the coming years.
Threat intelligence management and incident response are the tasks that are automating the most, according to 26.5% of the firms surveyed, while 26% are committed to phishingand 25% vulnerability management.
However, only 18% are automating alert triage, despite being a potential avenue to reduce the burden of manual review and prioritization.
37% of organizations already automate key cybersecurity processes
Last year, 37% of organizations were already automating key processes, and 45% planned to do so this year. This 2022, those who planned to undertake automation this year have already begun with their implementation. Cybersecurity automation is acting as a foundation to support evolving security border protection.
Another option that organizations choose is to have the support of IT partners to design, access, manage and secure the network and data of organizations.
The decision to select an IT service provider or managed services (MSP)or managed security services (MSSP) is key for any organization since it must meet a series of requirements and enjoy maximum confidence.
However, these are proposals that contribute to optimizing the cybersecurity of organizations until the long-awaited balance between the supply and demand of professionals in this sector is produced. Will it come some day? For now, it is a goal that is still far away, but not unattainable.
initial image | katemangostar
