Is the Tech Worker Labor Shortage Threatening Your IT Security?

For several years, rumors have abounded that there is a shortage of IT workers. Some say there is; others say there isn’t. But the reported shortage of qualified IT security personnel isn’t a false claim that the sky is falling. It is real, and it affects both private industries and federal governments—though the shortage is more critical among government agencies since their pay is generally considerably lower than that offered in the private sector. What does your IT team need to know?

Why There is a Shortage of Qualified Cyber Security Specialists

The reason it’s hard to believe there really is a shortage of cyber-security specialists is that colleges, universities, and tech programs are cranking out computer science majors and cyber security “specialists” at an impressively high rate. The problem is, most of these graduates are trained merely in policy theory, and few have any practical knowledge of the hard skills necessary of a cyber-security specialist, primarily the skills needed to recognize and thwart problems like advanced persistent attacks and wireless hacking.

Not only are the recent graduates uninformed, there are tragically few instructors within the educational system that have any practical real-world training or experience in cyber security. Even within government and businesses, there are hardly any mentors to pass this knowledge down to subordinates. Not only is virtually no one getting training, there aren’t even enough folks around with the knowledge and experience to give this training.

Currently, the going rate for a qualified cyber security specialist in the business sector ranges between $200,000 per year and $250,000 per year. This is far out of reach for most government agencies, leaving them without the workers necessary to prevent attacks such as those levied against the Department of Defense, Veteran’s Administration, and various non-U.S. entities within the past year or so.

It usually takes three years or so of real-world training and experience after the acquisition of a bachelor’s degree to become proficient in dealing with modern, sophisticated attacks. Organizations desperately need workers who are able to identify vulnerabilities within operating systems and software, as well as forensic skills to identify and stop high-level attacks and security breaches.

Just as getting qualified security personnel becomes more difficult, consumers and legislators are getting tougher on organizations that experience security breaches. Legislators and the public demand that organizations are held accountable when private information is leaked or stolen.

What Organizations Can Do to Procure the Specialists They Need

If the sky is falling, where is a safe place to hide? There are a few steps businesses can take to get the IT security workers they need:

• -Be prepared to pay top dollar for qualified security specialists and to offer attractive benefits packages like flextime, onsite daycare, and attractive work spaces.
• -Initiate internal training programs to groom workers with cyber security potential to take over these positions.
• -Be cautious about where, how, and by whom data is stored. Rely only on cloud service providers with a high level of security and a proven track record.
• -Consider changing hiring policies to allow for more candidates that could step into security positions. For example, opt for real-world experience and eliminate the requirement of a college degree.
• -Look for mature IT workers when hiring instead of focusing only on recent graduates.
• -Eliminate the use of software packages and apps with significant security vulnerabilities.
• -Consider changing operating systems. For example, Apple OS has fewer instances of malware than does Windows, while Linux and Unix systems are even more secure.
• -Invest in better security infrastructure. Layer your protection with robust, up-to-date antivirus systems along with monitoring systems, hearty firewall protection, and improved security at access points (think two-factor and biometric authentication).
• -Focus on untapped markets for security personnel. Bringing more women into IT could alleviate all of the problems with finding adequate numbers of tech workers.

Israel has developed some of the most secure IT infrastructures in the world, and many IT departments around the world are looking to their models to develop better training programs, recruitment processes, and secure systems.