New report reveals tips for building a skilled cybersecurity workforce

By Microsoft Security

Innovations in cloud computing, artificial intelligence (AI), and the Internet of Things (IoT) have paved the way for an increasingly interconnected world. Thanks to these digital technologies, businesses can more easily expand their operations across the globe—increasing productivity and driving greater economic gains. However, for all of its benefits, technology also exposes companies to a greater risk of cyber-attacks.

The number of cybersecurity incidents is now outstripping current defense capabilities. One reason for this is the lack of adequately skilled cybersecurity workers. Also known as the cyber skills gap, this trend has limited enterprises’ ability to contain threats. If companies are to truly bridge this gap, they will need to broaden their recruiting horizons to look beyond traditional cybersecurity career paths and recruit from a more diverse range of industries.

In this article, we’ll be breaking down the findings from a recent report by OECD Skills Studies, “Building a Skilled Cyber Security Workforce in Five Countries: Insights from Australia, Canada, New Zealand, United Kingdom, and United States.” Read on to discover how private and public sector organizations can more easily identify their existing vulnerabilities and determine where additional resources are needed.

Understanding the current cybersecurity demand

The report analyzes data across 400 million online job postings from January 2012 to June 2022 to better understand cybersecurity skills supply and demand. Examining these dynamics enables companies to measure their current needs against existing education and training programs to determine where gaps exist.

However, it’s important to consider the broader context in which this data emerged. Take, for example, the COVID-19 pandemic. Many companies adopted a remote work model during the height of lockdowns to preserve jobs and maintain productivity. And while remote work helped companies mitigate the risk of in-person interactions, it also increased cybersecurity risks since many residential networks have less protection from cyber attacks.

This is why increased cybersecurity awareness across all levels of the organization, not just security teams, is critical for businesses. Cybersecurity failures are among the top 10 risks since the pandemic, according to the World Economic Forum’s 2022 Global Risk Perception Survey. In turn, these cybersecurity failures have caused the demand for cybersecurity to outpace our current supply of skilled workers. (ISC)² estimates that there is a worldwide shortage of 3.4 million cybersecurity workers, and nearly 70% of organizations report dealing with a worker shortage.

Cyber professional demand is no longer limited to a handful of major urban centers. Instead, a more decentralized workforce is needed to meet demand in underserved areas. Online job postings captured in OECD’s survey revealed that employers are looking for people skilled in cloud security, cybersecurity frameworks, and threat assessment, with the most in-demand titles including cybersecurity architects, engineers, and analysts.

This doesn’t mean that employees from more diverse professional backgrounds can’t break into the cybersecurity field. If we are to close the skills gap and meet the current demand for cybersecurity workers, employers will need to broaden their horizons to account for more non-traditional cybersecurity career paths. In doing so, they will enhance the industry with a broader range of unique experiences and life skills.

5 policy recommendations for building a skilled cybersecurity workforce

Policymakers, employers, and educators must come together to create a series of sweeping changes that empower current and future cybersecurity workers if we are to address the current cybersecurity skills gap and uplevel our online defense posture as a whole. The following is a series of high-level policy options that can be tailored to meet the needs of different national economies.

1. Raise awareness about cybersecurity career options

Raising cybersecurity career awareness should start early to create a pipeline of    diverse talent and break possible misconceptions. Career guidance is crucial, as are efforts to target women and underrepresented groups.

2. Offer multiple career pathways within cybersecurity training

Formal and informal cybersecurity training should be offered at various levels for a broad range of job roles in both long- and short-course formats. Additionally, organizations must work to establish clear progression pathways between training programs.

3. Build basic digital skills first

Digital skills are the foundation for cybersecurity skills. People of all ages, especially the most disadvantaged, need opportunities to develop essential online knowledge. For example, before engaging in cybersecurity-specific training, workers should first have a basic understanding of cloud computing.

4. Close the workforce gap with skills-based recruitment as well as formal education

Cybersecurity skills are evolving quickly. Many types of education are relevant, including community and technical college programs as well as skills-based certifications. Formal education is not the only path. Recruiting workers based on acquired skills can close the cybersecurity workforce gap by reducing entry barriers for younger people and people with less experience. 

5. Employer engagement is necessary

Employer engagement in the design of cybersecurity training is crucial to ensure that training corresponds to the needs of the market. To meet the demand for cybersecurity skills beyond the technology sector, stronger links are needed between the education sector and firms in non-technological industries. For example, further investment is needed in mentorship and curriculum co-design programs.

Overarching all of these policy recommendations is the need to bring more diverse candidates to the industry. Not only does this give companies additional talent to close the skills gap, but it also allows them to approach security challenges from different angles and identify solutions that may not have been considered otherwise. When your workforce is as diverse as the novel cybersecurity threats you face, you can pull from a broader range of professional and personal experiences to more effectively and inclusively protect your organization and end users.

Additionally, weaving diversity throughout your recruiting and retention process helps ensure that security measures are effective for all users—regardless of their backgrounds or abilities.

To be successful in this endeavor, we need to enact a multistakeholder effort that unites employers, educational organizations, government policymakers, and the technology industry.

By bringing each of these areas together, we can better pave the way for cybersecurity professionals from a variety of backgrounds to create fulfilling, rewarding careers that help make our online world a safer place.

Learn more about how to strengthen your own role in the cybersecurity economy by visiting our cybersecurity awareness and education page and find out all you need to know about the latest threat intelligence issues with Security Insider.