According to ISC2, the world’s leading organisation for cybersecurity professionals, the existing cybersecurity workforce needs to grow almost two-fold to run at full capacity and support the global economy. To explore the root causes for the current cybersecurity skills shortage and the lack of InfoSec professionals, Kaspersky commissioned a global study¹ that takes a closer look at the educational aspects of the problem and the influence it has on the career paths of these experts.
Many InfoSec experts point out that the education system is detached from the realities of cybersecurity, resulting in a lack of applicability when it comes to real-life work experience: almost every other professional believes the knowledge taught in formal education was somewhat (14%), slightly (13%) useful or of no use at all (24%) when it came to fulfilling their job duties.
To determine the factors that might be holding back the educational field, respondents were asked additional questions. Less than half of respondents said their college or university programme offered them hands-on experience in real-life cybersecurity scenarios as live projects: 23% ‘strongly agreed’ with this statement, and 26% ‘somewhat agreed.’ In addition, access to the latest technologies and equipment, and the quality of internships emerged as the weakest aspects of cybersecurity education.
While one issue is the quality and relevance of educational programmes, another is the availability of cybersecurity and InfoSec training per se. For instance, half of current cybersecurity experts believe that the availability of cybersecurity or information security courses in formal higher education is either ‘poor,’ or ‘very poor.’ Among professionals with 2-5-years of experience, this figure soars to more than 80%.
“Cybersecurity education is facing certain challenges when it comes to keeping up with developments in the cybersecurity industry,” comments Evgeniya Russkikh, Head of Cybersecurity Education at Kaspersky. “The rapidly evolving nature of cyber threats means that educational programmes often struggle to ensure their content is up to date, leaving cybersecurity professionals with knowledge gaps. At Kaspersky, we help universities overcome these challenges and ensure continual learning and adaptation for young professionals by integrating the leading expertise of our industry experts into educational curriculums so that they combine practical hands-on experience with theoretical knowledge.”
The full report and more insights on the human impact on cybersecurity in business are available via this link.
To tackle the cybersecurity skills shortage, Kaspersky suggests a multi-faceted approach focused on the academic field, the InfoSec workforce, and businesses:
Reference:
¹The research was conducted with 1,012 InfoSec professionals in 29 countries: USA, DACH (Germany, Austria, Switzerland), UK, France, Italy, Spain, Benelux (Belgium, Netherlands and Luxembourg), Brazil, Mexico, Argentina, Colombia and Chile, Saudi Arabia, UAE, Turkey, South Africa, Nigeria, Egypt, India, Japan, China, Malaysia, Singapore, Indonesia, Russia.