Are you prepared for the IT security skills gap?
It’s long been accepted wisdom in the Information Technology sector that an alarming and growing skills gap exists when it comes to cyber security. It is expected worldwide spending on cyber security products and services to eclipse $1 trillion for the five-year period from 2017 to 2021. In fact, research from Frost and Sullivan puts the number of unfilled posts in the field at 1 million worldwide and tips this number to hit 1.5 million by 2020.
This issue should be of serious concern if you run a company of any size in any sector. 50% of small businesses in the US suffered a data breach of some kind in 2015 and as the number of devices and data streams grows, so to do the number of threats.
But how do you ensure you get the right IT team in your company if the talent pool is not, generally, up to scratch? As IT Security Recruitment Company of the Year two years running, we believe we're ideally placed to help. Let’s try to answer the question by looking at the causes of the IT security shortfall and consider the best solutions for preventing it from negatively affecting your business.
The shortfall explained
The new technology problem
Cloud Technology, the Internet of Things, the mobile workplace: all have brought increased levels of efficiency and flexibility in terms of how we work. But they’ve also brought new threats. From DDoS attacks to network disruptions, the menu of potential ways cyber criminals can interrupt your business evolves with every technological update.
This has put a strain on IT operatives, as the skillset needed to keep up with all of these new threats becomes more sophisticated. In recent years, it has become clear that the standard IT operative with a solid basic knowledge of the field will simply not be enough to keep a company’s data and network secure. Rather, a new generation of highly specialised IT professionals is needed, with experience and training in specific areas of a company’s operations.
Currently, however, that generation has not emerged in the numbers needed worldwide.
The long term problem
It would be wrong to categorise this issue as a new one. In fact, the problem has been festering for some time. Of all the data vulnerabilities found in 2015, around 21% had been active for more than three years, while around 5% had been active for more than a decade.
The UK problem
While the issue exists across the globe, the UK suffers specifically from the IT security skills gap. This is partly due to the mass outsourcing of positions in the field to India that began in the 1990s and continues to this day. This decreased the number of people pursuing related degrees in British universities and drained the native talent pool.
Finding the right team
It’s easy to look at these circumstances and feel hopeless. After all, if the right candidates for your IT security positions simply do not exist, why try to fill them at all? Better to not waste time on the recruitment process, hire a few professionals with solid, general IT knowledge and hope for the best, right? Wrong.
Because the right candidates do exist – highly qualified, highly skilled, highly experienced experts in all aspects of IT security. In fact, there are quite a number of them out there right now looking for work. Specifically, they are looking for companies that understand what they want from an IT security team and will ensure they continue to develop their skillset and knowledge.
So, while the professionals exist, finding them, hiring them and keeping them with your company is not so simple. Here are some pointers on how to do it right:
Use a dedicated Security recruitment service
These candidates know they are in demand. Furthermore, they know that the majority of recruiters do not fully understand their sector. That’s why you will not find highly skilled IT security specialists answering ads on a general recruitment website or applying for positions on Indeed.
They seek out similarly specialised recruiters who understand the value of their qualifications and match them to companies that will pay them, treat them and train them in line with that value. That’s why you should trust a security recruiter with a proven track record and a long history of participation in the security community to source the candidates for you.
Do not settle for second best
You might think that given these skills are rare, you should lower your expectations regarding the level of the person you hire to do the job. This isn’t the case, you just need a way to identify candidates with those skills and approach them directly rather than waiting for them to apply to a job advert.
Security is one of the most important issues facing anyone doing business today. Entrusting this area to an underqualified IT graduate is like securing your home with a fire alarm that only works 50% of the time. Set the bar high. If you’re not sure what specifically you should be looking for in your candidates, ask a specialised IT recruiter for advice on what your expectations should be.
Training must be constant
Once you have the right team on board, look after them. Invest seriously in training to keep each member of the team at on top of their security game. As we’ve mentioned, every time the technology develops, so to do the threats.
By offering dedicated training to your employees, you ensure they stay equipped with the knowledge and skills to prevent new attacks as they become more commonplace. This will also help you hire and keep a squad of ambitious, driven IT professionals.
That there is a skill gap when it comes to IT security is simply undeniable.
The evidence is there, in the IT departments of companies across the world. This does not mean, however, that you should submit to the likelihood of cyber-attacks damaging your business. Experts armed with up-to-date skills are out there. By using the right sources and creating the right conditions in your company, you can get the expertise you need to safeguard your business.