But, are hiring processes benching the very technical skills needed to combat the rapidly rising number and complexity of these threats?
Cybercrime is big business – to the tune of an estimated $600 billion USD a year worldwide – which is also up from up from $500 billion USD estimated in 2014.
The reality is that it’s only becoming a greater threat every day, as more people and devices connect to the Internet.
Leaving organisations and governments grappling to define their cybersecurity strategy, institute protocols and safeguards, train staff and – most severely – secure and retain cyber security skills to manage all of the afore mentioned.
Research by ESG found that a shortage of cybersecurity skills remains problematic for 51% of their survey respondents. A report by ISACA notes that as threats and attacks are increasing, while the skills and resources needed to combat these are growing, they are growing at a reduced rate – and even when compared with previous years.
So, as demand for scarce cybersecurity skills remains high, it’s time to think outside the proverbial box on what to look for and how to train the next generation of cyber security experts.
The “I just fell into it” complex
It’s common when speaking with individuals – and even highly experienced executives – currently working in cybersecurity that they will say “I just fell into it”. Here’s the thing though; as the industry stands, this kind of career progression — currently the norm — isn’t creating the level of skillsets desperately needed.
Diversifying to secure much needed skills
It’s inescapable that to overcome this shortage a steady influx of skilled, educated and specifically-trained people is needed. Otherwise, there’s no hope in fighting the ongoing battle against cybercrime.
This will require focused apprenticeship programmes being instituted – aimed at providing foundation and full degree purposes training courses.
But, there is another angle that should certainly be explored further – tapping into neurodiversity.
Individuals on the autism spectrum – and similarly those with Asperger’s, or attention deficit hyperactivity disorder (ADHD) etc. – have a different set of skills to neurologically typical people. For example, people with Asperger’s or autism tend to treat problem-solving in a completely different way.
They are often structured, technical thinkers, detail-orientated, with strong skills in mathematics and/or pattern recognition – enabling them to process and analyse information differently. Also, they often think much more literally, and the way they approach a problem is unique. One common advantage of this is in the area of numbers — which can be a significant bode in the cybersecurity space.
The mathematics side of cyber security can be complex, where more often neurodiverse people can grasp processes very quickly.
Though many neurodiverse people are intelligent and often excel in schools and tertiary education, they are faced with interpersonal challenges. Unfortunately, the traditional interview process is often an insurmountable barrier to neurodiverse people gaining meaningful employment, as often these candidates are rejected because of a lack of communication skills. This is short sighted of traditional hiring practices.
There is a wealth of talent that can be accessed, but this will require a firm understanding of neurodiversity and a business wide mindset change towards neurodiverse people.
The future of security
Focusing on apprenticeships, and making sure that any schemes are open to neurodiverse candidates, is a great way to create a steady stream of skilled, eager and expert cyber-security practitioners. Doing so also gives organisations an opportunity to invest in people who are too easily and often left behind when it comes to work – it’s more than just a good notion; it makes good business sense.
By Rob Partridge, Head of Commercial Development, Penetration testing