The Small Idea With a Big Impact on the Cybersecurity Talent Gap
14 Sep, 2023
The cost of cybercrime is expected to reach $8 trillion globally this year, yet the scarcity of security talent is becoming more pronounced. With more than 750,000 cybersecurity positions unfilled in the U.S. and 3.5 million positions worldwide unfilled, the race is on to close the skills shortage that is estimated to contribute to 80% of all security breaches.
In 2022, cyberattacks increased by 38%. The global average cost of a data breach reached $4.35 million, while the average cost of a data breach in the U.S. reached $9.44 million, according to a report by IBM and the U.S.-based Ponemon Institute.
Bringing on more technical talent is central to companies in order to stop these threat actors. “Cybercrime can be very lucrative. And the reality is, talent is your best line of defense,” said Donna O’Shea, chair of cybersecurity at Munster Technological University (MTU) in Cork, Ireland.
Easing the Talent Crunch With Bite-Sized Learning
As the digital economy evolves, more opportunities for malicious attacks are coming to the fore. Creative approaches aimed at increasing the pool of security professionals are emerging–and bringing down the barriers that once kept people from pursuing these lucrative roles.
“There has been a lot of progress made in terms of the way that we deliver cybersecurity education,” O’Shea said.
Micro-credentials are small, accredited courses that allow candidates to pursue highly focused upskilling and reskilling that respond to niche labor market needs. Experts predict that lowering the time and costs involved in post-graduate studies will attract more learners and help address the cybersecurity talent scarcity.
In 2020, the Irish Universities Association (IUA) was awarded €12.3 million through the country’s Department of Further and Higher Education to become the first European country to establish a national framework for nationally accredited micro-credentials.
“This is a real innovation in workforce development and lifelong learning,” says Aisling Soden, talent transformation & innovation manager for IDA Ireland. The cyberskills micro-credential programs are administered through academic institutes, co-designed by industry and, in time, will be transferrable across Europe. Because they are offered online, Soden also sees micro-credentials as a way to help companies upskill staff with specific cybersecurity skills to an international standard of education.
These highly specific cybersecurity short courses will also benefit companies looking to upskill internal staff or access new talent in 25+ critical areas such as network systems, security standards & risk, security architecture, malware, reverse engineering and more.
Soden envisions the micro-credential standards playing a bigger role on the global stage: “In the future, I can see these standards being recognized worldwide.”
Underrepresented Communities: An Untapped Resource
In 2022, Ireland was one of only a few countries to make headway in the quest to narrow cybersecurity talent shortages. Most regions around the world reported an increase in their cybersecurity workforce gap, according to a report by (ISC)², the world’s leading cybersecurity professional organization. Last year, Ireland closed its cybersecurity skills gap by 19.5% while the global gap grew by 26.2%.
O’Shea stressed the need to do a “much better job globally of reaching underrepresented populations to fill these open positions.” Especially now, she says, as micro-credentials bring down the cost, time commitments and previously required masters-level studies for training for cybersecurity jobs, opportunities must increase for women, military veterans, minority groups and people from financially disadvantaged communities. There’s also an untapped market of individuals displaced from hospitality and other service sectors during the pandemic.
Society needs to do a better job of fostering cybersecurity talent across the entire hiring spectrum, said O’Shea. This should start with thought-provoking conversations that help leaders understand the barriers that exclude certain populations from participation in the industry.
“We need far more meaningful action on this topic to give equal opportunity to talented learners irrespective of gender or ethnicity, and regardless of whether they’re from disadvantaged or privileged communities,” she says.
Collaborations are Building Unique Curricula
Recently, O’Shea sensed a lot of anxiety from start-ups that are finding they must be able to prove that their products will not succumb to cybersecurity attacks. Investors are seeing this as a key requirement. She points to manufacturing, operations, financial services and health care as among the industries most likely to be held hostage by security breaches. This added dimension increases costs, but also means that now, even early-stage companies need cybersecurity expertise.
Dell, Mastercard and Analog Devices, all of which have large Irish operations, are a few of the companies that have turned to CyberSkills to boost their cybersecurity teams. CyberSkills, which runs from MTU, responds to industry skills and needs in a rapid and responsive way. For example, despite employing a substantial software development team, Mastercard reached out to the program for help in closing their gap in software security.
“We designed a custom educating pathway designed to upskill their workforce to code in a secure way and perform security assurance testing,” O’Shea said. Microsoft, Google, Meta, SAP, Cisco and many other American tech firms are also tapping into the micro-credentials program to find staff in areas that extend beyond cybersecurity.
Collaborations that bring together universities, research organizations, government agencies and industry stand the greatest chance of creating curricula able to address the very distinct needs of specific industries and individual organizations and give us the ability to respond more quickly to a threat landscape that is evolving faster than the training. As the initiative rolls out to the EU and beyond, this could be the small change with the greatest impact.
The above article was authored by Anne-Marie Tierney-Le Roux, Head of Department, Enterprise Technology, IDA and was originally posted on securityboulevard.com.