Minding the (skills) gap for cybersecurity talent

The increase in cyberattacks in 2020 was a tall order for the cybersecurity industry to tackle, given that the industry was already in dire need of additional, skilled professionals. Even with more than 2.8 million cybersecurity professionals globally, the industry needs millions more to properly defend organizations against ever-present threats.

For financial services organizations, this skills gap is especially alarming since they face the highest rates of attack of any sector and are the source of one-third of all data breaches. In the three months from February to April 2020 alone, cyberattacks against the financial sector more than tripled.

In cybersecurity, there are simply not enough trained professionals with the proper skills required to fill all essential positions. This trend has continued for years, if not decades, so it might be time to start talking about the “cybersecurity skills gap” as a new normal.

Sign up for the free BAI Banking Strategies newsletter and get industry insights delivered to your inbox.

With 74 percent of companies reporting the skills gap as impacting their ability to secure sensitive information and 58 percent of chief information security officers reporting concern that the gap will continue to widen in 2021, financial services providers will be directly impacted by unfilled cybersecurity positions, if they aren’t already. Given the complexity of today’s interconnected world, all security professionals must work together to protect the enterprise.

Pair AI with skilled professionals

The challenge is clear, but the solution is a little cloudy. One way many organizations are choosing to tackle the skills gap is with security solutions powered by advanced artificial intelligence. Security technology powered by AI can help businesses of all sizes improve their ability to detect ongoing or impending attacks when security personnel are scarce or strained by automating manual processes and threat alerts.

Another way to help bridge the gap is to shift away from traditional university degrees and specific academic backgrounds. While higher and specialized education is certainly preferred, it can be beneficial to take a closer look at scouting, hiring and training the right people with the right skill sets. Do they have the abilities for the position, but not the degree? If so, consider investing in them and look for:

  • Proven experience identifying and mitigating the impact of cyberattacks
  • Experience with cloud infrastructure or cloud security skills
  • DevOps experience and application security skills
  • Cybersecurity certifications and an understanding of advanced cybersecurity concepts
  • Relevant past work experience and other strengths in non-technical soft skills

Banks and other financial services organizations can open the door to a wider pool of professionals when they look for talent outside of the conventional pipeline.

Diversity bolsters creativity

The cybersecurity skills gap isn’t just about increasing headcount. A variety of viewpoints tend to yield creative solutions to complex problems, so shouldn’t security teams be as diverse as the problems they are trying to solve?

Although minority representation in cybersecurity is higher than the overall U.S. workforce (26 percent versus 23 percent), these professionals are disproportionately in non-management roles. Further, women make up only 20% of the cybersecurity workforce and nearly two-thirds are paid less than their male counterparts.

AI, machine learning and other security software might make companies more efficient and productive, but ultimately, it’s the people who make the critical security decisions. Without people, AI is rendered useless.

So, how can all institutions put the right foot forward? Here are a few tips that will help the financial sector begin building a diverse cybersecurity team:

  • Re-imagine traditional talent channels by hiring and recruiting outside university education, conventional fields and long-established qualifications
  • Invest in junior hires that your company can train and move up the ladder
  • Set up a diversity and inclusion group or program

Bridging the cybersecurity job and skills gap does not have one answer, but rather many. Technology is a great answer, but diversity and education also play important roles. Wesley Simpson, chief operating officer at (ISC)2, said it best: “Knowing where we stand and the delta that needs to be filled is a powerful step along the pathway to overcoming our industry’s staffing challenges.”

Alex Hernandez is vice president, emerging technology, at DefenseStorm.