Skip to content

The talent shortfall: a practical viewpoint

Cyber sector news

04:15 Wednesday, 08 December 2021

UK Cyber Security Council

In a November 2021 edition of ISACA Live, ISACA Information Security Professional Practices Lead Jon Brandt tells it how it is regarding the challenges of the skills gap in the cyber security workforce. In a 25-minute discussion, he covers a wide range of cyber-related workforce issues.

Brandt starts by reminding us of the problem. "We have a talent shortfall", he says. "When we talk about [the] supply/demand curve and whatnot, the demand for cyber security resources is obviously extremely large and the pipeline to feed that [is] not keeping pace."

We are also told that part of the problem is that the skill level - and more importantly the amount of experience - of the people available to be recruited will generally be insufficient for the vacancies we have in our companies. "This large demand for talent, is not at the entry level", says Brandt, going on to say that this "is also complicating issues because experience has to be grown… ...and at the end of the day if you come into a re-skilling programme or you go to... …a credentialing boot camp or a two- or four-year university programme, they don’t give you experience."

And keeping people up to speed with current knowledge is equally difficult, says Brandt. "We can’t always say it’s on the employee to keep themselves credentialed", and that those in areas such as incident response are constantly super-busy: "you’re always in a fire-fighting mode", and also that there’s a compromise that means we have to release people from the day job in order that they can further their skills. "Everything about a knowledge worker has a cost, whether it’s financial, whether it’s time or whatnot and at some point I think what we’re increasingly seeing is... …they’re being a little bit more selective with were they’re trying to go and where their passions lie."

The full podcast is on ISACA’s web site.