Building Cyber Resilience – The Time To Prioritize Cybersecurity Is Now

Share this post:

Recent events have forced rapid changes in the world of cybersecurity, as it has in all facets of operations. While remote work is not new for some job roles, especially in technical fields, the workplace-wide shift to remote work has been sudden and wide-ranging, leaving security professionals with little time to respond. Similarly, while cloud services have been making inroads for well over a decade, the cloud has quickly moved from luxury cost saver to absolutely critical in today’s economic environment. 

Adding to the pressure, security professionals have had to address the transition to remote work within extremely short timelines. Some companies made the leap to remote work literally overnight, even while security professionals were unable to work from the office themselves. How smoothly this transition has been handled around the globe is a tribute to the skill and resilience of cybersecurity professionals at every level. 

According to IBM CEO, Arvind Krishna, “Cybersecurity will be the issue of this decade. As our dependency on technology continues to grow so will the scale and sophistication of cybersecurity threats. For businesses, the intensification of cybercrime can be explained by Sutton’s law: that’s where the money is. The cost of cybercrime – already in the billions of dollars – rises each year and continues to increase in frequency, scope, and severity of impact.  While some attacks are costly and inconvenient, others can be crippling. With cybersecurity quickly becoming a new battleground for state competition, businesses and government share a collective responsibility to collaborate on preventing cyberattacks that could have a devastating impact or prompt national or global crises. We must join forces now to shore up the security of the critical infrastructure that keeps our society functioning.”

Cybercrime is estimated to cost the world US$6 trillion annually by 2021, an increase of 50% just a year ago. In the first half of last year alone, there were 301 known breaches that exposed more than five million sensitive records, many of which were related to hacking and malware.

Growth of Cybercrime Underscores the Need for More Awareness

The fight against malicious cyber intent begins with professional expertise. It is imperative that companies make cybersecurity awareness, prevention, and practices a crucial part of their culture for the cyber battle to be won. To help create a strong foundation of digital awareness across society, increasing public awareness through targeted education about cybersecurity continues to be important. Cyber literacy is a necessary ingredient in the building of cyber resilience and offers a timely opportunity for greater engagement and partnership between the public and private sectors.

According to the International Information System Security Certification Consortium, there are now more than 4.07 million unfilled cybersecurity positions across the world. Despite high entry salaries, recession-proof job security, and plentiful career opportunities, there are simply not enough trained cybersecurity professionals to fill the skills gap.

The ever-looming Cybersecurity skills gap crisis

Cyber literacy and awareness are certainly of great importance in the continued struggle against bad actors and ransomware—but what about preventing and/or fixing the issues? Finding the security professionals to tackle these roles is essential, but given the way ransomware has flourished, it’s clear that this needs be made a bigger priority.

According to Cyberwire, one of the biggest issues facing the cybersecurity industry is the perception of a career in this field. To get a career in tech, individuals commonly believe that the only route is a four-year degree from university or college. However, given the increasing costs of attending college, a lot of people who have the potential to be cybersecurity professionals do not meet that college requirement.

Research has also shown that with schools and colleges in historically poor and non-white districts having less access to federal funding, Black and Minority Ethnicity (BAME) students face a significantly harder route to higher education and careers. While females are under-represented in the tech space in general, minority women are unsurprisingly under-represented in cybersecurity, with less than 20 percent of the workforce composed of people who identify as female.

All of this has led to a situation where not only is there a “hard” skills gap in cybersecurity, but a lack of “soft” skills too. When the cybersecurity industry is composed mainly of individuals with a traditional college background, it lacks the diversity of thinking vital in pursuits such as threat detection, prevention, and prediction.

Demand for skilled workers in this field is much higher than the number of qualified job applicants.

With so few qualified cybersecurity professionals entering the job market, those who have the skills to work in this industry are quickly hired by larger companies looking to strengthen their security teams.

Demand for skilled workers in this field is much higher than the number of qualified job applicants. Almost four million people — a 145% increase — need to be added to the workforce worldwide to close the global cybersecurity skills gap.

However, with a survey finding that only 9% of millennials want a cybersecurity career, the industry must make a significant change in strategy to close the gap. Today’s messaging and lack of career paths will result in a bigger gap between needs and people.

Bridging the disconnect between employers and employee to fix the cybersecurity talent shortage.

Many students are not aware that many tech careers offer well-paying jobs without a college degree. The ISC reports that the average salary in North America for cybersecurity workers is $90,000, and the average increases from $76,500 without certification to $93,000 with it. The study also found that 68% of cybersecurity professionals don’t have a well-defined career path, which may contribute to the skills gap. So how can businesses and educational institutions work together to reduce the cybersecurity workforce shortage and reskill the workforce?

Adopting a Skills First hiring approach

A large number of  businesses are changing their requirements for cybersecurity professionals to hold a degree in cybersecurity. This is because these companies both recognize that college is increasingly inaccessible and that it does not always teach real-world employability skills that businesses need. IBM coined the term New Collar to refer to the many technology careers, such as cybersecurity, cloud application development and mobile application development, that focus on skills instead of requiring traditional degrees.

Helping build a robust and diverse cyber force

Today, every adult has the opportunity to develop technology and professional skills regardless of background, education, or life experiences on IBM’s free learning platform – SkillsBuild. We will also partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to build a more diverse U.S. cyber workforce. At IBM’s CyberDay4Girls, preteen and teenage girls learn about how to protect themselves online as well as basics about threat modeling. They also get to talk with people who work in the industry to learn what it’s like and ask questions. Since the program began in 2016, more than 39,000 middle and high school girls have joined, narrowing the skills gap.

Leading with stacked credentials to verify skills

Research shows that people want short-form programs that are laser-focused on skills and will help them in the workplace as quickly as possible. Many either can’t afford full degree programs or don’t have the luxury of waiting for the deferred payoff that comes after two or more years of study. IBM skills are recognized and valued around the world, so having an effective way to easily share your knowledge and expertise with your professional network is essential for your growing career. When you earn an IBM credential, complete one of IBM’s many assessed learning activities or achieve other noteworthy activities, you will be able to easily and quickly share a verified record of your achievement wherever and whenever you decide. Programs like the IBM CyberSecurity Analyst Professional Certificate on Coursera provide the learners with the opportunity to earn multiple verifiable digital badges.

Building hands-on work experience for entry-level jobs

A large number of companies are actively supporting the efforts to build talent pipelines with hands-on experience in high-demand professions through apprenticeships and internships. Apprenticeship programs give an opportunity for candidates without advanced degrees to build new technical skills while getting paid at the companies offering the opportunity. When you join IBM as an apprentice it is not just about training and qualifications. We have your long-term professional career in mind. This is an intensive work-based 6-18 month long development program, with comprehensive learning, focused hands-on training, and mentorship. Check out the positions here

Internship programs are an opportunity to learn from the best and develop skills that will make you stand out in today’s rapidly-evolving market. At IBM, you will work alongside a global community of 6000+ interns in a workplace that champions inclusion and a culture of giving back. These are 10-12 week summer programs and an opportunity to work on projects that have a lasting effect on the world we live in and define the technology of tomorrow. Apply here

The cybersecurity field is brimming with variety and allows people of all interests and backgrounds to pursue a career path that fulfills them. Here are some resources referenced in this article:

Burning Glass Report on 2021 Cybersecurity Skills

CyberSeek – detailed, actionable data about supply and demand in the cybersecurity job market.

The NICE Framework is a fundamental reference for describing and sharing information about cybersecurity work.

IBM Security Skills and Learning Community

IBM Cybersecurity Analyst Professional Certificate on Coursera