Despite the pandemic, the number of cybersecurity pros in Canada and the U.S. jumped by double digits this year but there’s still a talent gap, says the latest study by a certification authority.
According to the calculations released Tuesday by the International Information System Security Certification Consortium (ICS2), the number of people in the cybersecurity workforce in Canada this year will hit 123,696 (up 21 per cent over 2020), and just over 1.42 million (up 30 per cent over 2020) in the U.S.
Globally this year there are 4.19 million cybersecurity professionals, which is an increase of more than 700,000 compared to last year.
That’s helped close what ICS2 calls the Cybersecurity Workforce Gap. Globally, it’s now down to 2.72 million compared to 3.12 million last year. The report estimates the shortfall in Canada is 25,000 people, and in the U.S. 377,000 people.
That means, the report adds, the global cybersecurity workforce needs to grow 65 per cent to effectively defend organizations’ critical assets.
“It is exciting to see tremendous growth in the field to bolster defenses against new threats,” says the report.
But, it says, the numbers also show that the need for more cybersecurity professionals continues to outpace the growing pool of available talent, putting pressure and increased urgency on organizations around the world to find solutions.
Among the report’s recommendations to CISOs, security administrators and hiring managers:
—Understand your organization’s talent gap. Hiring managers should consider where they have the largest talent gaps. Carefully craft roles and descriptions to address teams’ specific needs, instead of overloading jobs with unrealistically broad responsibilities. Also, look to create growth opportunities, career pathways and cross-training;
—Rethink how you hire. Infosec leaders say traits among staff that are equally or more important than certifications and relevant cybersecurity experience include strong problem-solving abilities, curiosity and eagerness to learn, strong communication skills, and strategic thinking. Hire for aptitude and attitude. Recruit people from different backgrounds who are attracted to the challenges and rewards of a cybersecurity career and are willing to learn;
—Put people before technology. Technology is not a substitute for the human element. Skilled cybersecurity professionals are vital for any security program. Organizations cannot spend their way out of their own workforce gap;
—Embrace remote work. Not only does it give staff flexible working conditions, it also enables organizations to cast a much wider net geographically when recruiting;
—Empower change with DEI – diversity, equity and inclusion (DEI) is a catalyst for positive change, says the report. Organizations that take a hard look at their own skills gap, reconsider the qualities that make a successful cybersecurity professional, focus on their people before technology and remove geographical barriers through remote work will tap into a broader pool of talent that opens up new possibilities.
The report surveyed 4,753 cybersecurity professionals working with small, medium, and large organizations throughout North America, Europe, Latin America and the Asia-Pacific regions. They included people with the titles of security administrator, security analyst,
security architect, IT manager, IT director, IT security manager, IT specialist, CISO
The report’s authors say their data suggests a reliable estimate of women in the cybersecurity workforce globally remains at 25 per cent.
How organizations plan to close the gap
Asked what their organizations were planning to do within the next year to address their
own cybersecurity workforce gaps, respondents cited 10 areas of anticipated people-centered investments: Invest in training; provide more flexible working conditions; invest in certifications; invest in diversity, equity, and inclusion initiatives; hire for attitude and aptitude, and train for technical skills; provide well-defined career paths; encourage women and minorities to pursue STEM degrees in college; establish organizational diversity goals;
establish mentorship programs; and address pay and promotion gaps, if they exist.
The top technology investments participants said they will use to close the talent gap include use of cloud service providers; increased use of intelligence and automation for manual cybersecurity tasks; application of intelligence and automation to existing processes; inclusion of intelligence and automation as part of solution selection criteria;
involvement of cybersecurity staff earlier in product design and development; using the DevSecOps model for application development; use of Security Software-as-a-Service; involving cybersecurity staff earlier in third-party relationships; freeing up existing cybersecurity staff to focus on higher-value activities; use of contractors and use of new business models.