SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
ISACA results show security skills shortage dire, but Asia fares well
Wed, 15th Feb 2017
FYI, this story is more than a year old

ISACA has put the global cybersecurity skills shortage under the microscope and shown that there's still a large gap between job openings and qualified candidates.

ISACA's Cybersecurity Nexus (CSX) conducted a study which found that 59% of organisations say they've received at least five applications for each cybersecurity opening, and only 13% receive 20 or more applications.

ISACA's State of Cyber Security 2017 report also shared more light into the crisis, as it found that fewer than one in four candidates have the required security qualifications that employers are looking for.

In Asia, however, the report found that employers are better positioned to find skilled candidates – 88% said they were able to fill open positions.

ISACA's CEO Matt Loeb says the results show a mismatch between what employers are looking for and what candidates are qualified to achieve.

“Employers are looking for candidates to make up for lost time but that doesn't necessarily mean a significant academic investment. Many organizations place more weight in real-world experience and performance-based certifications and training that require far less time than a full degree program,” he says.

The ISACA report also shows where managers' expectations are concentrated when they hire cybersecurity candidates:

  • 55% say practical, hands-on experience is the most important qualification
  • 69% say security certifications are required for their organisation, and these certifications are as important as formal education
  • 45% believe applicants don't understand the cybersecurity business
  • 25% believe current applicants lack technical skills

How do we close the gap? ISACA recommends five key areas where organisations should hire, assess and keep qualified employees

  • Invest in performance processes for hiring and retention
  • Create a culture of talent maximisation that doesn't impact the bottom line, such as alternative work arrangements, job rotation and investment in personnel growth and technical competency
  • Groom employees with similar skills to move into cybersecurity, for example application and network specialists
  • Use automation for security operational tasks where possible. This reduces overall staff burden and optimises current staff positions
  • Reach out to students and career changers. Consider internship programs.