Finding workers, protecting workers, keeping workers, and training workers. Whether it’s the government, the private sector, or colleges and universities, the great jobs and training migration is moving on all levels. Some people called it the great resignation when some 4 million people quit their jobs in August in the US alone. In just the state of Massachusetts, for example, it was reported on a local ABC affiliate that more than 400,000 people in the next year will need to transition into new positions. How will states, companies and colleges and universities deal with these trends?
According to Megan Carnegie in Wired UK, as many as seventy-five percent of employers are struggling to fill open positions. Wired UK notes that tech candidates in the UK are quitting because “their companies aren’t embracing flexible work properly. Some recruitment experts say this is the toughest environment they’ve ever experienced for attracting talent.”
The COVID-19 pandemic has led to a massive increase in remote workers worldwide, a change that is here to stay. The Boston Globe reports that before the pandemic the local workforce was 5% remote, and it’s now approaching 20%. What are the ramifications for companies and workers?
Unfortunately, remote work increases the risk of cyberthreats for many organizations. For companies it has created more danger zones, as cybercriminals are taking advantage of misconfigured cloud security measures and insecure home devices and networks. Remote workers are also often the target of phishing attempts by email, voice, text, and third-party applications. As a result, there is a growing demand for cybersecurity professionals who can successfully mitigate the risks associated with remote work for organizations.
Hiring, training, and retaining a workforce depends on a crucial three-part relationship between companies, employees, and training programs. Here are some essential questions to consider as the trend of a remote or hybrid workforce continues to rise for cybersecurity workers.
In Bloomberg, Reade Pickert reports that two thirds of companies around the world are struggling to hire enough workers: “A survey of nearly 45,000 employers across 43 countries showed 69% of employers reported difficulty filling roles, a 15-year high, according to employment-services provider ManpowerGroup Inc. At the same time, 15 countries – focused in Europe and North America – reported their highest hiring intentions since the survey began in 1962.” Jonas Prising, chief executive officer of ManpowerGroup, said in a statement, “Continued talent shortages mean many businesses are prioritizing retaining and training workers with the skills they need to succeed as the economic recovery continues.” This hiring challenge is exacerbated by a shortage of cybersecurity workers to begin with. So the challenges faced by other industries are even larger for companies looking to hire in tech.
“I think we have a real shortage,” Microsoft President Brad Smith told CNBC. “Many businesses don’t have the people that they need, even to implement the protections they, in some cases, are already paying for.” CNBC’s Eric Rosenbaum writes, “The lack of cybersecurity professionals is not a tech sector problem but a significant problem across all major industries. After a recent White House meeting, the private sector committed to providing skills training to help close a gap of roughly 500,000 unfilled U.S. cybersecurity jobs. David Kennedy founder and CEO of Trusted Sec wrote in an email to Rosenbaum, “These companies will buy products, but not include direct staff to support it or else they can’t get the internal funding approval to support it. So the cybersecurity investments are only half installed or not at all and just languish. They barely get any value.” He added, “Without the right people in position, you’re never going to be secure, no matter how much money you spend. You can’t simply throw money at the problem by buying a lot of fancy new security devices and software, but that’s often what companies do.” You need to hire the right people – and that’s where the challenge is.
Perhaps ironically, the “skills vs. degree” approach creates an opportunity for colleges and universities. More and more colleges are offering online training programs – from degrees to certification programs, on a variety of subjects, including cybersecurity training.
According to a blog post from Northeastern University, technical training in cyber is often divided into two types of learning: practical (hands-on, step-by-step, and how-tos) and theoretical (the why and how of the science). Both learning methods are needed to become proficient in this field, and the right cybersecurity program will cover both equally.
This holistic approach gives cyber professionals the skills to anticipate cyberthreats, proactively build solutions, and know what to do when criminals threaten systems.
Universities themselves, however, are facing huge cybersecurity challenges, many as a result of the pandemic. As courses move online, universities are finding themselves vulnerable to hackers and data breaches. From increased phishing to cloud security to hiring teachers and a cybersecurity workforce, universities are facing many of the same threats that companies face.
In the UK and Europe for example, Cybersecurityjobsite.com partners with CYRIN to develop skills-based solutions for job seekers. They decided to take a closer look at the types of roles that receive low numbers of applications on their website to pinpoint exactly where the skill shortages are.
Based on some recent analysis, here is a list of the types of vacancies on their site that receive the fewest number of applications.
Many people searching for employment might considering starting in the public sector. One new development, seven years in the making, is that the US Department of Homeland Security (DHS) is preparing to bring in a new hiring system to bring in more people who lack degrees in cybersecurity or information technology but are self-taught in the field or can learn on the job. The department also plans to raise salaries for cyber workers outside the traditional government range to compete with the private sector.
The best way to find government jobs is through the USAJOBS website. This government website is a clearinghouse for all GS positions. It includes an online application process along with hints, tips, and guidelines for finding the best possible job for each candidate.
CyberCareers.gov was created as part of the Federal Cybersecurity Workforce Strategy to provide a platform for cybersecurity job seekers to have special online access to tools, resources, and a guide to the cybersecurity workforce within the Federal Government. Links to specific job opportunities will take the candidate back to the USAJOBS website for the application process.
According to both Northeastern and Forbes it’s not enough for cyber professionals to read about how to protect vulnerabilities and respond to attacks. They must have hands-on experience dealing with these scenarios. Organizations need to invest in an integrated suite of cybersecurity solutions that prevent, detect, and mitigate ransomware and other cybersecurity threats. You need to practice with the tools that will address these issues.
At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We offer that development with “hands-on” training as well as the holistic understanding of cyber prevention. Our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote work force. People can train at their pace, with all the benefits of remote work, remote training, and flexibility.
CYRIN has created some unique tools to help companies and organizations train and defend in realistic virtual environments. The idea is to train against these actual real-world attacks, such as ransomware, and create the internal knowledge and ability to defend against these attacks. We encourage our subscribers to create the corporate knowledge and update the playbook by training on our realistic industrial or enterprise networks created on CYRIN. If you’re not prepared, you can’t defend.
Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!