Cybersecurity teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labor market push up wages.
This was the view of a panel of chief information security officers, speaking at Infosecurity Europe. But there are steps that organizations can take to ensure greater diversity, to build cyber teams from within and to keep hold of their most effective employees.
According to Paul Watts, a distinguished analyst at the Information Security Forum (ISF) and a former CISO, universities produce graduates with strong technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence.
His views were echoed by Erhan Temurkan, director of security and technology at Fleet Mortgages. “We are finding that graduates are coming out of university who know how to use the tools,” he said. “But the way I put it is, having a paintbrush doesn’t make you an artist.”
Further, graduates sometimes lack a sufficiently deep understanding of networking and IT operations.
One reason is that graduates’ views of cybersecurity roles are quite limited. “All students want to be pen testers,” said Watts.