In the digital era, the protection of any kind of information has become important, placing cybersecurity professionals at the forefront of safeguarding the information infrastructure of businesses.
The landscape of cybersecurity is evolving, presenting both promising career prospects and challenges for specialists in this field.
Ever growing demand for cybersecurity professionals
The need for cybersecurity professionals is truly soaring. According to a recent industry report, there is a significant shortage of qualified cybersecurity experts globally. This gap is driven by the rapid pace of digital transformation, the increasing frequency and sophistication of cyberthreats, and the absence of a standardized approach to cybersecurity education across academic institutions.
In 2022-2023, global cybersecurity workforce grew up by almost 13%, but the talent gap is still wide and today there is an immense shortfall of nearly 4 million experts. It is revealed that 41% of InfoSec professionals say their cybersecurity teams are “somewhat” or “significantly understaffed”. Another group of respondents (about 30 % of cybersecurity specialists) admitted their organization is on average looking to fill more than 20 cyber security positions.
The cybersecurity talent shortage is complicated by other challenges, including rapid advancements in technologies and the need for experts to keep pace, the disparity in qualified cybersecurity personnel access among business of various sizes, also called “the Fortune 500 effect”, and not enough diversity in the industry. Additionally, cybercriminals are continually developing new methods to breach defenses, requiring cybersecurity professionals to stay updated with the latest threats and countermeasures. This dynamic environment demands constant learning and adaptation.
Cybersecurity education creating its own challenges
To find the root causes of the current cybersecurity talent shortage, it’s worth taking a closer look at the cybersecurity education, which introduces the majority of modern InfoSec experts to their professional path. The educational background of cybersecurity professionals is diverse if not surprising, with Kaspersky findings showing that more than three-quarters of those with two to five years’ experience did not study information technology or computer science at college or university at all and have evolved into their cybersecurity role. InfoSec experts admit that the academic education field lacks standardized cybersecurity programs that would correspond to the diversity of InfoSec roles, bringing more challenges for young specialists when they start their careers. Additionally, the academic field with its established procedure for the creation and adoption of educational programs, has easy-to-explain difficulties with keeping up with the industry that has to deal with ever evolving cybersecurity risks.
But graduated specialists and newbies in the field need to have a whole blend of skills and knowledge, covering IT fundamentals like OSI model or peculiarities of various operating systems to basic programming skills, which are always handy in automating various cybersecurity tasks. This is not to mention more niche knowledge, inherent in information security, like cryptography or familiarity with in-built protection of various systems.
Beyond technical expertise, soft skills like strong problem-solving abilities, analytical thinking, and effective communication skills are essential. Cybersecurity professionals often need to explain complex issues to non-technical stakeholders, making the ability to convey information clearly and concisely a valuable and trusted asset. Interestingly, 63% of InfoSec specialists believe that soft and hard skills are equally important in determining whether a cybersecurity candidate is qualified for a job.
As the educational field is yet to offer comprehensive cybersecurity programs that would reflect the multi-faceted nature of cybersecurity tasks, many cybersecurity professionals do not rely heavily on their academic training, preferring not to move forward of acquiring post-graduate degrees – more than half of modern cybersecurity professionals do not have a formal postgraduate or higher degree. Instead, they depend on practical experience, certifications, and continuous learning to stay relevant. Hands-on experience is crucial, as it provides real-world exposure to the challenges and complexities of cybersecurity.
Creating opportunities for constant learning and development at work
The context, in which modern cybersecurity professionals are developing their careers, requires companies to ample opportunities for education and professional development, especially for young specialists who have just started their careers. Needless to say, that 46% of young cybersecurity specialists need more than a year to get confident in their new role in the company.
Any chosen cybersecurity career pathway has to be filled with ongoing compulsory in-house training programs, workshops, and access to online courses, as the university background won’t usually fully close all work requirements. Knowing that access to the latest technologies is one of the weakest aspects of cybersecurity education for most geographies, it shows how crucial it is to enrich the academic background of cybersecurity experts with training programs providing real-life experience and advanced tools, ensuring that cybersecurity staff stay on top of the latest industry trends and developments. These programs have to provide hands-on practical experience, be relevant to the existing threat landscape and offer effective threat detection and mitigation strategies. Encouraging a culture of continuous learning ensures that employees stay ahead of emerging threats.
The capacity building process should also reflect the fact that cybersecurity professionals might have many types of specializations depending on the business tasks and aims. The narrow specialization ensures that each team member is highly skilled in their area of responsibility, enhancing the overall security posture of the company. Additionally, support from senior management and the team is crucial for enhancing professional and even narrow skills for specialists. Mentorship programs, regular feedback, and academic collaborative projects can significantly contribute to employees’ growth and development.
While supplementing and improving their young professionals academic training with advanced courses in information security, businesses can also bring about a difference by organizing internships with close to real job experience providing current students with the practical aspects of cybersecurity, bridging the gap between theoretical knowledge and real-world application. That’s where the contribution of industry players is crucial — developing in sync with their professional field, they can share valuable insights, best practices and lessons learned from their practice. Industry teaching can be filled with the latest tools and technologies. How can it be made? Staying updated with industry developments, R&D projects and integrating new tools into training programs helps maintain a robust defense against cyberthreats.
At Kaspersky, we’ve put the expertise of our world-class cybersecurity researchers in the creation of a series of Kaspersky Expert Trainings series, and Kaspersky Academy Alliance partnership program, for teaching advanced threat detection and mitigation strategies.
The current state of cybersecurity careers
The field of cybersecurity is constantly evolving and has a special peculiarity of a lifelong learning, with new trends and technologies emerging regularly.
While various tools, helping to automate the routine of InfoSec professionals and enabling quicker and more efficient threat detection and response, are becoming a given, the need for skilled cybersecurity professionals remains critical. These experts are essential for overseeing automated systems and managing complex tasks that require human judgment and specialized knowledge.
Cybersecurity specialists are vital in protecting the data and information infrastructure of enterprises and governments. The field offers extensive opportunities for professional and personal growth, with diverse career pathways. However, the dynamic and complex nature of cybersecurity necessitates continuous learning, practical experience, security awareness, and adaptability.
To alleviate the burden on staff, organizations can implement solutions that allow employees to focus on skill development. By prioritizing advanced education, addressing organizational needs, and engaging in specialized training, cybersecurity professionals can stay ahead of emerging technologies and build rewarding, impactful careers in the industry.