According to ISC2, the world’s leading organization for cybersecurity professionals, the existing cybersecurity workforce needs to grow almost two-fold to run at full capacity and support the global economy. To explore the root causes for the current cybersecurity skills shortage and the lack of InfoSec professionals, Kaspersky commissioned a global study[1] that takes a closer look at the educational aspects of the problem and the influence it has on the career paths of these experts.
Many InfoSec experts point out that the education system is detached from the realities of cybersecurity, resulting in a lack of applicability when it comes to real-life work experience: almost every other professional believes the knowledge taught in formal education was somewhat (14%), slightly (13%) useful or of no use at all (24%) when it came to fulfilling their job duties.
To determine the factors that might be holding back the educational field, respondents were asked whether:
Less than half of respondents said their college or university program offered them hands-on experience in real-life cybersecurity scenarios as live projects: 23 percent ‘strongly agreed’ with this statement, and 26 percent ‘somewhat agreed.’ In addition, access to the latest technologies and equipment, and the quality of internships emerged as the weakest aspects of cybersecurity education for most regions.
OVERALL (5 pt. scale) | North America (5 pt. scale) | APAC (5 pt. scale) | Europe (5 pt. scale) | Russia (5 pt. scale) | META (5 pt. scale) | LATAM (5 pt. scale) | |
My college/university had trainers/teachers who have corporate experience in cybersecurity | 3.23 | 3.53 | 3.29 | 3.06 | 3.33 | 2.91 | 3.75 |
My college/university had had access to the latest technologies and equipment needed for carrying out real life cybersecurity tasks | 3.13 | 3.53 | 3.07 | 3.22 | 3.08 | 2.82 | 3.55 |
My college/university provided me with hands on experience in real life cyber security scenarios (live projects) | 3.18 | 3.53 | 3.25 | 2.95 | 3.00 | 2.92 | 3.73 |
My college/university provided me Internship with close to real job experience | 3.18 | 3.26 | 3.16 | 3.03 | 2.96 | 2.97 | 3.83 |
The regional picture varies with respect to the way respondents perceive the quality of the formal training they’ve received. The META region turned out to have the poorest quality of cybersecurity education as judged by respondents, as it scores less than 3 points on all assessment criteria, while LATAM has the highest rated cybersecurity learning schemes, scoring more than 3.7 points on average.
While one issue is the quality and relevance of educational programs, another is the availability of cybersecurity and InfoSec training per se. For instance, half of current cybersecurity experts believe that the availability of cybersecurity or information security courses in formal higher education is either ‘poor,’ or ‘very poor.’ Among professionals with 2-5-years of experience, this figure soars to more than 80 percent.
“Cybersecurity education is facing certain challenges when it comes to keeping up with developments in the cybersecurity industry,” comments Evgeniya Russkikh, Head of Cybersecurity Education at Kaspersky. “The rapidly evolving nature of cyber threats means that educational programs often struggle to ensure their content is up to date, leaving cybersecurity professionals with knowledge gaps. At Kaspersky, we help universities overcome these challenges and ensure continual learning and adaptation for young professionals by integrating the leading expertise of our industry experts into educational curriculums so that they combine practical hands-on experience with theoretical knowledge.”
The full report and more insights on the human impact on cybersecurity in business are available via the link.
To tackle the cybersecurity skills shortage, Kaspersky suggests a multi-faceted approach focused on the academic field, the InfoSec workforce, and businesses:
1. Higher education institutions can upgrade their curriculums by partnering cybersecurity players and integrating the latest industry knowledge into their training programs. Kaspersky has a special program for universities to integrate cybersecurity expertise: the Kaspersky Academy Alliance, which offers program participants access to world-class knowledge on cyberthreats, lectures and training sessions, as well as the latest technologies.
2. Young professionals can supplement their academic training with real-life job experience by completing an internship in an information security or R&D departments. Follow the news on Kaspersky’s LinkedIn page to be the first to find out about openings in the internship program.
3. International competitions run by various companies and organizations also provide cybersecurity professionals with a chance to develop their skills by solving various cybersecurity challenges. Kaspersky runs the Secur’IT Cup, a global competition for students from all over the world and from various academic backgrounds. Participants have the chance to compete for an award while building an understanding of what it is like to work in the industry.
4. Acting cybersecurity professionals can opt for continuous learning, undertaking additional training courses and certifications. Kaspersky provides a wide range of knowledge on information security for IT professionals, offering both professional education for individuals and corporate training.
[1] The research was conducted with 1,012 InfoSec professionals in 29 countries: USA, DACH (Germany, Austria, Switzerland), UK, France, Italy, Spain, Benelux (Belgium, Netherlands and Luxembourg), Brazil, Mexico, Argentina, Colombia and Chile, Saudi Arabia, UAE, Turkey, South Africa, Nigeria, Egypt, India, Japan, China, Malaysia, Singapore, Indonesia, Russia.