SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity professional shortage less about numbers and more about expertise
Wed, 7th Sep 2022
FYI, this story is more than a year old

Organisations are falling short when it comes to skilled cybersecurity professionals; however, the reason may be less about the number of professionals in the industry and more about the number of professionals with the right level of skills and training, according to Trustwave.

It is estimated that Australia may need around 16,600 additional cybersecurity workers for technical as well as non-technical positions by 2026. But despite the recent growth in Australia's core cyber workforce, a substantial number of vacant cybersecurity positions remain unfilled because companies can't find the right talent.  

According to the (ISC) Cybersecurity Workforce Study for 2021, the global cybersecurity workforce needs to grow 65% to effectively defend organisations critical assets.  

"At any given time, there are a limited number of deeply-skilled cybersecurity professionals, which is compounded by external factors including pandemics, data sovereignty concerns, reduced student numbers in the pipeline, and the systemic network stressors of a hybrid workforce," says Jason Whyte, general manager for Pacific, Trustwave. 

"All of these factors also contribute to higher levels of burnout and increased talent demand."

According to Trustwave, the demand for cyber talent is further exacerbated by rapid changes to compliance, regulation, and reporting such as the new requirements of the Security of Critical Infrastructure Act 2018. Additionally, organisations are feeling the impact of in-house requirements such as a converged IT and operational technology cybersecurity environment and the uptake in emerging technologies such as the Internet of Things. 

"There is definitely a shortage of the right people with the deep understanding and knowledge to not only protect, but also detect and remediate cybersecurity challenges," the company says.

The onus, therefore, is on organisations to take steps to either upskill their own workforce through learning and development or attract the right talent by offering growth opportunities and a culture that cyber professionals gravitate towards.

"Having the propensity to effectively upskill their own workforce, encouraging a promising career trajectory, will help organisations encourage loyalty and retention," says Whyte. 

"Like most sought-after employees, cyber specialists are searching for employers that support remote work, have interesting projects that enrich their careers, and actively appreciate their efforts. This is not just through financial incentives; it is about cultivating an organisational culture that supports employees and their growth as well as fostering inclusivity, openness, and diversity in a fun environment," he explains.

Whyte says another alternative may lie outside of the people factor altogether. 

"Depending on the type of cybersecurity skills that organisations are lacking, they may be able to complement their security team by leveraging technology to automate tasks or use partners to respond and remediate cyber alerts at 2am when their staff are not on duty, for example," he says. 

"The right solution can help organisations track, hunt, and eradicate threats, keeping them ahead in a dynamic and complex cyber environment and increasing their cybersecurity resilience to combat the evolving threat landscape.

"With the right combination of skilled cybersecurity professionals, technology, and partners, organisations will be able to improve their cybersecurity posture in a rapidly changing and escalating threat environment."