By Simeon Tassev, MD & QSA at Galix Networking
Across the information technology (IT) industry as a whole, there is a significant skills gap that has existed for many years, but this is becoming even more significant when it comes to the cyber security subsection. However, as data becomes increasingly valuable and an increasingly more attractive target for cyber criminals, and with data protection regulations becoming more and more stringent, this is one area that needs to be addressed as a matter of priority. This will require both time and investment and there is no easy fix.
Why the gap?
One of the reasons for this skills gap is that cyber security is a highly specialised field that touches all areas of IT, which means that it requires a significant level of skill and experience across multiple areas to reach proficiency. Cyber security touches not only data but also hardware, networking, operating systems, applications and more, and requires an understanding and ability to script and code.
There is also no linear path to becoming a specialist in cyber security, but it is a highly technical and complex career path that requires solid foundations in all areas of IT and certifications across many of these areas. It is also constantly evolving, which requires a mindset of continuous learning.
Experience is key
Cyber security is also an area where a theoretical knowledge can only get a person so far. The true value comes from experience, which is difficult to obtain in the real world. There is a conundrum where we need cyber security professionals, and we need them to have skills and experience, but allowing them to learn and make the mistakes necessary to get this experience could be detrimental.
The challenge for many cyber security professionals is that it takes time to pass their knowledge on, and letting people learn under supervision takes longer than simply solving the problem. Addressing this problem will require significant investment in both time and effort. Organisations that specialise in cyber security need to find creative ways of helping to build out skills and experience to address this widening gap. This also needs to involve a significant mentorship component to allow people to gain the experience they need in a safer environment.
Access to a pool of skills
When it comes to accessing cyber security skills, it is often more beneficial to outsource this service, rather than trying to maintain it in-house. Not only are skilled cyber security professionals scarce (and hence expensive), they are also difficult to retain and tend to specialise in certain areas rather than generally across this very wide field.
Outsourcing cyber security generally results in better security posture because you can access a broad pool of skills and specialists across many areas. In addition, these outsourced partners are in a better position to be the mentors and teachers needed to help address the skills gap, which will eventually contribute to an even wider and growing pool of skills.
Nobody can afford to get cyber security wrong, and we need to focus on growing the skills pool. For businesses, an outsource provider can deliver enhanced security and reduce risk. For those looking to enter this field, working with a cyber security outsource provider can help with access to learning and mentorship needed to enter this dynamic, complex and highly technical field.