In this Help Net Security interview, Koma Gandy, Vice President of Leadership and Business at SKILLSaddresses critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas such as AI and cloud computing.
Gandy advocates training that combines technical expertise with essential power skills to meet the evolving demands of the industry and secure the future cybersecurity career opportunities.
What are the main factors contributing to the cybersecurity skills gap? Are there specific areas of cybersecurity that are more affected than others?
Several factors in the tech industry are responsible for the cybersecurity skills gap, including lack of representation and diversityand insufficient training opportunities given the rapid evolution of cybersecurity threats and tools. 56% of IT executives anticipate a skills deficit in the next one to two years.
Technologies such as AI and the rapid growth of cloud computing have accelerated the sophistication of cyber threats and attacks. The WEF also found that the percentage of executives who do not have employees with the necessary IT skills has increased from 6% in 2022 to 20% today. Our recent C-Suite Perspective report revealed a similar gap among IT leaders, with 35% of respondents identifying cybersecurity and AI as top areas for training investment.
The cybersecurity skills gap will only continue to widen if organizations do not address these and other issues with deliberate and intentional investments. Talent developmentCompanies should look to upskill and reskill existing talent in critical areas such as application security, cloud computing, secure coding, and incident management/response. Given that meeting today’s cybersecurity needs requires a multidisciplinary approach, companies should look to a variety of traditional and non-traditional backgrounds to find motivated talent interested in cybersecurity roles.
What advice would you give to those considering a career in cybersecurity? Are there any particular skills or experiences that could improve their employability in this field?
Professionals and future professionals should focus on developing a comprehensive skill set in which they can continually improve skills and to develop technical skills and tools, but also to demonstrate competencies in power and leadership skills. As technologies evolve and new challenges emerge, it is critical that organizations and talent take a holistic approach to skills, investing in power skills such as interpersonal communication, problem solving, executive presence, and creative thinking, as well as technical skills and knowledge of how malicious actors leverage threat vectors to proactively defend the organization against potential threats, and how to communicate incidents and responses in a way that different audiences can understand (e.g., senior management, board, etc.).
Additionally, earning certifications can help demonstrate expertise and competence, which are critical elements in proving aptitude and readiness for positions. We continue to move toward an economy where certain skills may be in higher demand than degrees, work experience, or both. Certified individuals often find themselves with greater market power, having earned certifications that are widely recognized as reliable assurances of their abilities. World Economic Forum Report shows that 91% of companies are willing to pay for training and certification for their employees.
How effective are current education and training programs in preparing individuals for cybersecurity roles? What improvements are needed to these programs to better address the skills gap?
An effective one training program Training should be multimodal, with on-demand virtual courses as well as interactive, AI-driven, and instructor-led elements. After all, when it comes to the technical skills required in cybersecurity roles, a “learn by doing” approach is most effective for retaining knowledge and then applying it later. For example, learners can practice coding through secure, simulated hands-on scenarios that mirror real-world projects in which they can easily make mistakes—and learn from them.
Perhaps most importantly, embedding skills metrics and benchmarks into training programs so organizations and professionals can better understand where their skills gaps lie and how best to fill them, particularly among populations historically excluded from the cybersecurity ecosystem. Understanding where you are in your cybersecurity skills journey, where you need to go, and what training is needed to get there is critical to building a secure enterprise, a strong talent pipeline, and succession planning for key positions.
How can technology and automation help alleviate the cybersecurity skills shortage? Are there any particular tools or technologies that are making a significant impact?
Organizations can support their skills development initiatives with technology and tools, such as competency frameworks, to better understand where the gaps lie among current teams and individuals. When we know where we’ve come from, we better understand where to go next; tools like competency frameworks can help leaders implement plans to address problem skill areas and streamline career progression.
AI-powered learning experiences can also accelerate and transform skills upgrading. Using AI coaches and simulators to act as mentors can help learners during practice skillsespecially in situations like communicating the effects of a cyberattack to non-IT executives or discussing a new software vulnerability with a legal team before communicating externally. AI coaches can model best practices and provide immediate, personalized feedback while encouraging reflection to accept more feedback and then confidently master new skills.
AI can also be used to automate tasks, reduce workloads, and fill skills gaps. In cybersecurity, for example, AI can automate repetitive tasks and detect patterns faster, so developers can focus on creating unique code and finding bugs. However, automating Automation should complement, not replace, the human worker. There must be a “human in the loop” to limit unintended consequences, including AI hallucinations and inaccuracies that can harm customers, employees, and even the organization’s reputation. Talent using automation in their workflow must also be well-versed in risk, compliance, and ethical skills to avoid unconscious bias or misinformation produced by these technologies.
What trends do you see in the cybersecurity job market? How might new technologies or changes in the industry impact the demand for cybersecurity professionals?
Resource, budget constraintsand talent retention are at the forefront of IT leaders’ concerns as they build a strong and resilient cybersecurity program within their organizations. increased concentration Development programs and new cybersecurity programs at universities have helped fill this gap, but new entrants to the field have lagged behind the need. Companies are and will continue to look to upskilling current employees, not only to address retention issues, but also as a more effective long-term solution to building a deep, talented, and diverse core skills base. Finding a position in cybersecurity in particular can be challenging, but candidates may have best chance to find an entry-level IT position before specializing.
Industries critical to the supply chain, such as manufacturing, rely heavily on cybersecurity. As attacks increase, sophisticated With the help of AI and machine learning, familiarity with these tools is almost essential for effective cyber resilience. two-thirds of executives across industries said they would not hire someone without AI skills (66%) and would hire a less experienced candidate with AI skills over a more experienced candidate without them (71%). Having evidence of skills that give workers the insight needed to spot and properly manage cyberattacks will become the gold standard for cybersecurity jobs.
Fill out the form to get your free eBook:
