The cybersecurity skills gap issue may be further from being solved than expected despite the large amount of money being invested around the world to train professionals, according to a report by the Information Systems Audit and Control Association (ISACA). While the volume of training has increased the number of entry-level professionals, organizations are looking for experienced cybersecurity personnel, the international IT governance professional association says.
“Continued hyper-focus on the perceived worker shortage to fill unverifiable open cybersecurity positions is problematic, for it not only fails to address duplicate job postings but also the perspectives of aspiring cybersecurity professionals who spent significant time and money completing pathway programs and yet remain unable to secure employment in the cybersecurity field,” ISACA states in its State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations report.
“Failure to resolve this critical issue will magnify the existing problem of students and career changers being unable to obtain employment due to lack of experience, despite any knowledge, skills or credentials they have acquired,” found the report.
The annual ISACA report was conducted during the second quarter of 2023. More than 2,100 professionals around the world answered the online survey sent to those with ISACA Certified Information Security Manager (CISM) certification or who have registered job titles in the information security field.
The cyber workforce continues to age
While the largest percentage of respondents (34%) remained among those aged between 35 and 44, the average age of the workforce continued to increase, albeit slowly — respondents in the 45 to 54 and 55 to 64 age ranges increased by two percentage points (32%) and three percentage points (19%), respectively, compared with 2022.
There has long been a discussion in IT circles around companies hiring and training recent graduates only to lose these now-skilled professionals to higher-paying jobs elsewhere. “Cybersecurity companies and departments largely do accept that training and upskilling is necessary to help combat the shortage of cyber staff,” Jo Stewart-Rattray, CISO and ISACA ambassador, Oceania, tells CISO.