The current crisis has severely impacted the job prospects of the 16-24 age group, with many university graduates having lost a job or job offer recently. The pandemic has not only turned socialising into a deadly risk, but has affected schools and the learning environment, widening the already large skills gap.
Many governments are setting up job schemes and investing in restarting the economy, particularly the technology sector. In doing so, we must prioritise cyber skills.
The present cybersecurity skills shortage has led to unfilled roles in traditional areas of responsibility, such as identifying, patching and updating vulnerable systems. While there is a clear need for individuals who can effectively manage these threats, such talent is difficult to find.
True, there has been an uptake in universities offering cybersecurity degrees, but more can be done to make a dent in the workforce gap. Chief information security officers (CISOs) need to also work to address this skills shortage in their own organisations, leveraging internal training, paying for certification courses and establishing effective mentoring programmes.
Back to school
Organisations are recognising that they need to go beyond the traditional methods of recruiting talent from a small pool to fill security roles. One way is to focus on training and prioritising technology certifications.
The cybersecurity field is continually changing, and certifications are a valuable way to keep up with the evolving threat landscape, as well as to enable those without a technical background to train so they can transition into a career in cybersecurity.
Certifications can also build on the value of collegiate studies by helping professionals update their cybersecurity knowledge each time they choose to renew. They can also help non-traditional candidates move into a cybersecurity career by providing the knowledge they need for a variety of entry-level roles. By stressing the value of certifications, organisations can expand their talent pool to cover non-traditional candidates, degree-holding professionals from other fields, and other groups that may have not been considered in the past.
Training is also crucial. Organisations that invest in ongoing training and mentoring programmes will demonstrate a sense of devotion to their employees, which will encourage internal candidates to join the cybersecurity team. With the right programme in place, Cisos can open the door to a wider range of individuals who are willing to learn, even if they had not originally planned to work in this field. While some may require an introduction to the basics of the threat landscape, others may have the background knowledge required to master complex network security concepts.
To help IT professionals looking to expand their security skills, Fortinet has made its entire catalogue of advanced security courses available for free as part of a continued investment in closing the skills gap. Since the launch of this free training initiative in April, we have seen more than 80,000 course registrations from people in 144 countries.
The recent introduction of additional free cybersecurity courses builds on Fortinet’s existing efforts to address the skills gap through training and education. Fortinet established the Network Security Expert (NSE) Institute in 2015, comprised of the Fortinet Network Security Academy (FNSA) programme, the Authorised Training Centre programme, and the NSE training and certification programme which to date has issued more than 350,000 Network Security Expert certifications.
This is a compelling indication of the need and desire for training as the threat landscape continues to evolve. But training is only one step in the plan to narrow the cyber skills gap. Tools and solutions such as automation also can help plug that gap.
The role of automation
Constant, rapid technological change is a part of current business culture and has had a major impact on the widening of the skills gap. This has been exacerbated by the recent global pandemic, and businesses are finding that staying agile is more important than ever. But how can the modern cybersecurity expert keep pace with this change? That’s where automation steps in.
When network connections change rapidly as a response to a dynamic business environment, security solutions need to change as part of a single, unified system. Otherwise, when there is too much lag time between new connections being made at one end and security configurations being updated at the other, there is room for exploitation. There are several methods an organisation can use, including:
Endpoint control: An added security layer that ensures updates and access policies can be pushed automatically to devices trying to access the network. Detection and response solutions can offer threat protection, in real-time both pre and post infection, diffusing them before they reach the target.
Dynamic cloud access: Automated security and access controls must also be applied to remote users and devices seeking access to cloud-based and SaaS resources.
Network access control: A solution which offers IT teams full visibility over the network and who/what is trying to gain access. Through this, the team can launch dynamic, automated responses when a device falls out of policy or demonstrates anomalous behaviour.
AI-based threat intelligence: The ability to respond to threats in real-time by using AI-driven intelligence systems to rapidly weed out attacks before security analysts even know they are at risk.
With a dedicated approach to cyber skills training, certification and enabling these experts access to the tools and automation necessary to keep pace with the changing threat landscape, the gap can start to narrow.