Building A New-Age Cybersecurity Workforce For Future Cyber Resilience

2020 has proven to be a watershed year for Cybersecurity globally. From running bitcoin scams using hacked Twitter profiles to orchestrating large-scale breaches like the SolarWinds attacks that saw several US federal agencies as victims, the menace of cybercrime has increased in recent times.

Most recently, the attack on Colonial Pipeline Inc, has set alarm bells ringing on the potential economic ramifications of cyberattacks. While the US was able to come out of it relatively unscathed, the same cannot be said about countries like India, South Africa & some Lat Am countries that suffer from a severe lack of cybersecurity talent.

The worldwide information security market is forecast to reach $170.4 billion in 2022.

Combine this with the below risk factors…

• Rise in remote work has led to a corresponding increase in email phishing attacks
• Cloud infrastructure becoming a priority target for cybercriminals
• Cybersecurity skills gap continues rising. ~70% of cybersecurity professionals report a cybersecurity skills shortage in their company
• The rise in connected devices leading to an exponential increase in weak points and causing undue stress to fault tolerance mechanisms

… and it becomes clear why, now more than ever, HR teams need to sit up and take notice of the severe dearth in cybersecurity talent and initiate hiring-at-scale to fill the demand.

What Enterprises Are Doing To Prevent Cyber Attacks

It can be extremely difficult for enterprises to close all the potential threat vectors within their networks through the help of internal IT teams alone.

Some of these common attack vectors include:

• Poor risk assessment
• Social engineering
• State-Sponsored cyber attacks
• System vulnerabilities
• Insider Attack

This has led to a new breed of much-needed startups operating exclusively in the cybersecurity niche, such as DarkTrace(Threat Detection), OneTrust (Privacy, Security & Data Governance), and Cybereason (Endpoint protection), to name a few.

Established cybersecurity companies such as McAfee & Symantec are also investing in solutions for the new age of cloud threats. California headquarters CrowdStrike is among the first to innovate a cloud-native endpoint security platform and counts leading healthcare providers among its clients.

However, a common theme that emerges is that of a crippling lack of cybersecurity talent despite the mushrooming of startups trying to cater to the demand for cybersecurity.

So we have decided to dive deep into the modern cybersecurity team structure & analyze the demand for new-age skills.

New-Age Skills Required For A Cyber Security Team

When you consider that despite a raging pandemic, bad actors targeted hospitals and health care centers, the actual maliciousness of cybercriminals becomes clear.

From manufacturing to logistics, healthcare, media & even public governance, there is a rush to hire talent that can protect critical IT assets & mitigate the effects of common online attacks.

We have analyzed the cybersecurity teams of 100+ leading organizations to better understand critical job roles that will prove pivotal in the coming decade.

The most in-demand cybersecurity job roles for 2021 and beyond were:

• Cyber Security Software Engineer
• Cyber Security Architect
• Cyber Threat Intelligence Analyst
• Penetration Tester/Test Engineer
• Security Risk & Compliance Analyst
• Threat Research Analyst
• Digital Forensics expert

However, the above roles are moving away from the traditional tools of the trade, paving the way for modern tools that leverage Deep Learning, Big Data Analytics, & Blockchain solutions.

For example, AI/ML is used to analyze mass volume of data sources to predict certain outcomes or optimize processes. Blockchain solutions help in improved Public Key Infrastructure (PKI) & reduction of distributed denial-of-service (DDoS) attacks.

Emerging skillsets require analysts to be suitably familiar with:

• AI knowledge, including NLP, ASR & automation
• Machine learning skills like predictive analysis and
• Technology specific skills for blockchain & IoT as these are seeing a 33% increase in demand

In digital forensics, too, analysts are expected to showcase experience with:

• Live response tooling & log aggregation solution
• Big data experience (Hadoop, HDFS, Apache)
• Malware reverse engineering and
• Cloud-based enterprise systems knowledge

Consequently, the latest breed of cybersecurity talent must also be enabled with demonstrable knowledge of the above fields. The present scenario, is bleak, with a severe lack of talent skilled in the above technologies.

Invest In Talent & Build Your Cyber Resilience

Due to the high demand for Cybersecurity professionals, nearly 3 million Cybersecurity positions are expected to go unfulfilled globally in 2021. As the talent gap is expected to widen further, reskilling has become a key alternative for firms to meet the unmet hiring demand.

Below, you can see the sample illustration of how reskilling can provide an alternate career path of Cybersecurity to both tech and non-tech professionals.

Reskilling/Upskilling can also provide a viable career path for traditional IT job roles as well as non-tech professionals towards a highly rewarding Cybersecurity career. As an exercise, we applied our Reskilling framework and calculated the Reskilling Propensity Index (RPI) for a few tech and non-tech roles.

(Note: RPI is our proprietary scoring index methodology for reskilling, which is based on detailed analysis of relevant parameters)

While a Network Engineer has an RPI of 8.6, the RPI for a non-tech role such as Risk Analyst or Sales & Marketing Manager is not too far off behind at ~5.

Interestingly, nearly 30% of global Cybersecurity professionals are from a non-tech background, indicating the power of focused reskilling strategies in mitigating talent shortages.

To read a more detailed analysis into building a robust cybersecurity workforce using reskilling, please download the whitepaper attached to this report.

Draup is an AI-powered talent intelligence platform that delivers HR leaders, workforce planners & talent management teams with data-backed insights into the Cybersecurity talent ecosystem. This enables them to identify, nurture & develop a robust talent pool that will assist and guide them through the ongoing period of increased cybercrimes.