At least every couple of months a new report comes out outlining the crippling skills shortage the cyber security industry is facing. It’s a recurring topic that comes up again and again.
For instance, the recent Institute of Information Security Professionals report reveals the proportion of respondents reporting a dearth of skills as a challenge growing to 18%, up from just 8% in 2015.
This issue is worsened by the increasing number of cyber threats hitting businesses and the rate of advancement in new security technologies. However, the way businesses are currently going about it isn’t working. This has been a hot topic for some time, yet not much seems to have changed.
The problem is many organisations focus on young people still in schools or even colleges that have already chosen set of subjects and career path. But by this point, it’s too late to encourage young people towards a STEM (Science, Technology, Engineering and Maths)-related path.
>See also: ‘Most women have decided against a cyber security career before 16’
Of course, a cyber security career doesn’t always have to consist of studying these subjects – but they do help in shaping an analytical and curious mindset. In order to encourage more students to go down this path, organisations should be reaching out to students at a much younger age.
The OWASP foundation, for example, has been involved in running events with schools – at all levels – where they learn from security professionals and can see the benefits gained from them. During these workshops, students witness security professionals walking through cool projects and techniques. They also go on to describe what excites them about their day-to-day jobs.
This results in leaving students interested and wanting to expand their cyber security knowledge further. Interestingly, in a recent session run by OWASP, they found the students that performed the best were the girls. They held focus throughout the event, were able to think outside the box and solve complex problems with minimal effort: key skills needed for a role in cyber security. And key skills anyone could harness, whatever their gender.
Sadly many women and young girls have been put off jobs in technology. Bar their raw talent in the sought-after skills in the area. In fact, ISC projected a shortage of 1.8 million cyber security workers by 2022. And women make up only 11% of that workforce – based on Frost & Sullivan’s 2017 Global Information Security Workforce Study.
Luckily there are various initiatives, such as the training scheme by Protection Group International (PGI) and Hawker Chase aiming to bring more women in cybersecurity. PGI outlined that candidates don’t need previous experience or qualifications, only aptitude. This programme will prepare women for an entry-level career in the space.
>See also: EXCLUSIVE: Women in the cyber security industry
In addition, we must ensure that when students select a technical root in college, they are taught the skills required in today’s workforce. This might sound obvious, but many university courses are outdated and not practical enough for today’s workplace, whereby cybercriminals find new and innovative ways to exploit application vulnerabilities on a daily basis. And most graduate developers come straight into the industry from education, where they are taught poor habits, such as focusing on getting the software ready as fast as possible, often leading to insecure code.
This helps explains the climbing number of cyber attacks at the application layer – hackers know this layer is often left unprotected. But it’s why organisations, are focused on creating freely available resources and syllabuses that are very relevant – working closely with universities – and providing organisations with best in class approach to security implementation, processes and procedures. Application security needs more analytical, curious and creative individuals in the industry. So, let’s continue to inspire the next and current generation to give it a go.
Sourced by Owen Pendlebury, Global Board of Directors at OWASP Foundation
