Firms value hands-on security skills over education

By Dylan Bushell-Embling
Tuesday, 14 February, 2017

The cybersecurity skills shortage is continuing to stymie organisations worldwide and is leaving a majority feeling ill-equipped to address cyber threats head on, according to information industry body ISACA.

A global survey from the body indicates that just 59% of organisations receive at least five applications for each cybersecurity opening and only 13% receive 20 or more. Yet studies show that most corporate job openings receive 60 to 250 applicants.

ISACA research also found that 37% of organisational leaders say that fewer than one in four candidates have the qualifications needed to keep a company secure, and that one in four companies report that it can take six months or longer to fill cybersecurity and infosec positions.

The main issue is that most job applicants lack the hands-on experience or certifications required to combat modern cyber threats, according to ISACA CEO Matt Loeb.

“The survey underscores a fundamental disconnect between employer expectations and what candidates can actually bring to the table,” he said.

“Employers are looking for candidates to make up for lost time, but that doesn’t necessarily mean a significant academic investment. Many organisations place more weight in real-world experience and performance-based certifications and training that require far less time than a full degree program.”

Indeed, 55% of hiring managers report that practical experience is the most important cybersecurity qualification, and 69% state that their organisations typically require a security certification for open positions.

But 25% of respondents say today’s candidates are lacking technical skills, and 45% believe that most applicants don’t understand the business of cybersecurity.

For businesses looking to find, assess and retain qualified talent, ISACA recommends grooming employees with tangential skills to move into cybersecurity positions, and engaging with and cultivating students through internships or outreach programs to universities.

Organisations should also invest in performance-based mechanisms for hiring and retention processes, create a culture of talent maximisation to retain existing staff and seek to automate security operational tasks where possible to reduce the overall burden on existing employees.

Image courtesy of Andreas Klinke Johannsen under CC

Follow us on Twitter and Facebook