Businesses aren’t doing enough to train and upskill their IT staff, many of whom end up spending their own free time learning new skills.
This is according to a new report from the online cybersecurity career development platform Cybrary. The firm polled more than 800 IT and security pros and uncovered that more than two thirds (68 percent) invest their own free time, outside working hours, in improving their cyber skills.
Almost three-quarters of respondents agreed skill gaps within their teams were evident, while two-thirds of managers also agreed that these skill gaps negatively affect their team’s effectiveness at work.
Some IT professionals also try to learn new skills while on the job. The report states that four in ten spend time working to learn new job skills every day, with another 38 percent reported doing so at least once a week.
One of the report’s conclusions is that businesses are showing “limited progress” when it comes to supporting employees, who are clearly committed to advancing their careers. Businesses expect employees to keep pace in their dynamic roles, but aren’t supporting their continued career development, it was said.
Key barriers standing in the way of upskilling efforts were costs and a perceived lack of time.
“With about half of organizations either decreasing their training budgets (22 percent) or keeping them the same (25 percent) this past year, it’s not surprising that industry professionals struggle to find opportunities to improve their skills for their work,” the report concludes.
Most UK and US workers now view cybersecurity professionals in a positive light, although worryingly few are considering a career in the industry, according to a new study from (ISC)2.
The certifications company polled 2500 workers in the US and UK to compile its 2020 Cybersecurity Perception Study.
It revealed that perceptions of those working in cybersecurity are now generally positive: 71% claimed they view security pros as “smart, technically skilled individuals,” while 51% described them as “good guys fighting cybercrime.”
However, more concerning is the lack of interest in pursuing a career in the industry: 69% of respondents said it’s not the right fit for them, despite admitting that objectively it seems like a good option.
Part of the reasoning behind this is that individuals believe cybersecurity roles require a significant investment of time and money in training and the accrual of technical knowledge.
Some 61% said they thought they’d need more education or certification before getting a job in the sector, 32% believe it requires too much tech know-how or training, 27% said they don’t know how to code and 26% claimed it is “too intimidating.”
Women were more likely than men to perceive the industry as intimidating and to be put off by the lack of diversity.
These perceptions may have been formed in part because most (77%) respondents were never offered cybersecurity as part of their school or college curriculum. Partly as a result, the majority (68%) said their view of the industry is shaped by portrayals in TV shows and movies (37%) or by news coverage of security incidents (31%).
Frustratingly for those hoping to encourage more people into the industry, the report comes at a time when many are considering a career change. Further, attributes such as job stability (61%), flexible working (57%), and earning potential (56%), all of which are available in security roles, are now priorities for respondents.
Perceptions of cybersecurity matter because, with an estimated global shortfall of over four million professionals, a major recruitment drive is needed to encourage workers to switch career paths.
However, the unpalatable truth is that many of the respondents’ negative perceptions are accurate: employers still often rely too much on certifications and previous experience when selecting candidates, and diversity is a persistent problem.
A particularly acute challenge will be changing perceptions among younger professionals: Generation Z respondents were least likely to view cybersecurity professionals in a positive light.
“The reality of the situation, and what we need to do a better job of publicizing, is that a truly effective cybersecurity workforce requires a broad range of professionals who bring different skill sets to their teams,” argued (ISC)2 COO, Wesley Simpson.
“While technical skills are vital for many roles, we also need individuals with varied backgrounds in areas including communications, risk management, legal, regulatory compliance, process development, and more, to bring a well-rounded perspective to cyber-defense.”
Cybersecurity is the most in-demand skill, and firms are seeing more cyberattacks amid Covid-19 as more employees are now working from home, according to an annual survey of chief information officers around the globe by staffing provider Harvey Nash and KPMG.
In the survey, 41% of IT leaders reported their companies have experienced more cyberattacks. The move to working from home appears to have increased exposure from employees. However, “it is worth noting that this figure could be much higher if all employees were admitting to or even recognized every breach, and technology leaders were not just self-reporting,” according to the report.
Areas, where cyberattacks have increased as a result of Covid-19, include spear phishing, cited by 83% of firms, and malware, cited by 62%.
With cybersecurity the most in-demand skill, it is the first time a security-related skill has topped the list of global technology skills shortages for more than a decade.
Forty-seven percent of firms said security and privacy are a top investment.
Overall, the report noted that the IT skills shortage remains close to an all-time high with demand robust, especially for traditional in-house roles. The report said only 24% of respondents are using more flexible labor as a result of the crisis.
Another finding: Eight out of 10 IT leaders are concerned about the mental health of their teams during Covid-19.
The report’s survey included more than 4,200 IT leaders around the world.