Story image

ISACA results show security skills shortage dire, but Asia fares well

15 Feb 17

ISACA has put the global cybersecurity skills shortage under the microscope and shown that there’s still a large gap between job openings and qualified candidates.

ISACA’s Cybersecurity Nexus (CSX) conducted a study which found that 59% of organisations say they’ve received at least five applications for each cybersecurity opening, and only 13% receive 20 or more applications.

ISACA’s State of Cyber Security 2017 report also shared more light into the crisis, as it found that fewer than one in four candidates have the required security qualifications that employers are looking for.

In Asia, however, the report found that employers are better positioned to find skilled candidates – 88% said they were able to fill open positions.

ISACA’s CEO Matt Loeb says the results show a mismatch between what employers are looking for and what candidates are qualified to achieve.

“Employers are looking for candidates to make up for lost time but that doesn’t necessarily mean a significant academic investment. Many organizations place more weight in real-world experience and performance-based certifications and training that require far less time than a full degree program,” he says.

The ISACA report also shows where managers’ expectations are concentrated when they hire cybersecurity candidates:

  • 55% say practical, hands-on experience is the most important qualification
  • 69% say security certifications are required for their organisation, and these certifications are as important as formal education
  • 45% believe applicants don’t understand the cybersecurity business
  • 25% believe current applicants lack technical skills

How do we close the gap? ISACA recommends five key areas where organisations should hire, assess and keep qualified employees

  • Invest in performance processes for hiring and retention
  • Create a culture of talent maximisation that doesn’t impact the bottom line, such as alternative work arrangements, job rotation and investment in personnel growth and technical competency
  • Groom employees with similar skills to move into cybersecurity, for example application and network specialists
  • Use automation for security operational tasks where possible. This reduces overall staff burden and optimises current staff positions
  • Reach out to students and career changers. Consider internship programs.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.