Report: Cybersecurity recruitment, training misses the mark

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

As the massive shortage of security talent and skills continues, sub-par recruitment processes and outdated training for cybersecurity professionals are exacerbating the problem, according to a new survey.

The survey suggests that if hiring and training processes are adjusted, retention of workers and the availability of crucial cyber skills can both be improved, said Adi Dar, founder and CEO of security skills development platform provider Cyberbit, which conducted the survey.

The Ra’anana, Israel-based company, which has raised more than $100 million in funding, offers a cyber range that simulates attacks and cyber labs tools that help develop hands-on security skills.

In the U.S. alone, job tracker Cyber Seek estimates that there are currently about 460,000 openings in cybersecurity—and these positions take an average of 21% longer to fill than other IT roles.

The SOC Skills Survey from Cyberbit gathered responses from 100 cybersecurity professionals, in 17 countries, from organizations with a security operations center (SOC) team larger than five and an IT budget of more than $20 million.

The survey found that on-the-job training is the main technique used to get SOC team members up to speed, with 41% of respondents saying they mostly rely on training on-the-job.

Courses are utilized as the main training technique by 26%, while simulation-based training—such as cyber labs, cyber range, or red vs. blue training—is used by just 22%, according to the survey.

In the high-stakes realm of cybersecurity, “on-the-job training is really not the way to go,” Dar said. “On-the-job training means that the first time you see ransomware is when it hits you.”

Many cybersecurity professionals also reported that they don’t feel prepared for key aspects of incident response. In the area of intrusion detection, only 45% of respondents said they felt their team was adequately skilled, while in network monitoring, only 42% reported feeling their team was prepared.

Recruitment woes

Recruitment of security professionals is another weak spot, according to the survey.

Just 33% of respondent reported that human-resources recruiters for their company usually or always understand the requirements for working on a cybersecurity team.

Additionally, 70% of respondents said that cybersecurity candidates are being assessed in the same way as other workers—through interviews—rather than using available tools to assess their practical skills.

“HR is following the traditional way of hiring,” Dar said. “But what the industry needs is to hire people based on their hands-on experience. You need to assess people based on their capabilities.”

Taking these issues together, many hires of cybersecurity workers end up being mis-hires, leading to low retainment and more open jobs, he said.

Ultimately, Dar said, “we must change the balance between the continuous investment in technologies and tools and the almost non-existent budgets that are invested in the cyber teams.”

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article