Story image

ISACA results show security skills shortage dire, but Asia fares well

15 Feb 2017

ISACA has put the global cybersecurity skills shortage under the microscope and shown that there’s still a large gap between job openings and qualified candidates.

ISACA’s Cybersecurity Nexus (CSX) conducted a study which found that 59% of organisations say they’ve received at least five applications for each cybersecurity opening, and only 13% receive 20 or more applications.

ISACA’s State of Cyber Security 2017 report also shared more light into the crisis, as it found that fewer than one in four candidates have the required security qualifications that employers are looking for.

In Asia, however, the report found that employers are better positioned to find skilled candidates – 88% said they were able to fill open positions.

ISACA’s CEO Matt Loeb says the results show a mismatch between what employers are looking for and what candidates are qualified to achieve.

“Employers are looking for candidates to make up for lost time but that doesn’t necessarily mean a significant academic investment. Many organizations place more weight in real-world experience and performance-based certifications and training that require far less time than a full degree program,” he says.

The ISACA report also shows where managers’ expectations are concentrated when they hire cybersecurity candidates:

  • 55% say practical, hands-on experience is the most important qualification
  • 69% say security certifications are required for their organisation, and these certifications are as important as formal education
  • 45% believe applicants don’t understand the cybersecurity business
  • 25% believe current applicants lack technical skills

How do we close the gap? ISACA recommends five key areas where organisations should hire, assess and keep qualified employees

  • Invest in performance processes for hiring and retention
  • Create a culture of talent maximisation that doesn’t impact the bottom line, such as alternative work arrangements, job rotation and investment in personnel growth and technical competency
  • Groom employees with similar skills to move into cybersecurity, for example application and network specialists
  • Use automation for security operational tasks where possible. This reduces overall staff burden and optimises current staff positions
  • Reach out to students and career changers. Consider internship programs.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.