Cybersecurity experts are in short supply. What are the key skills they need to succeed? Jay Coley, Senior Security Architect, EMEA and Godwill N’Dulor, Senior Security Strategist, EMEA at Fastly offer some advice.

Cyber-attacks on large institutions are becoming more frequent, and, as JPMorgan recently discovered, the perpetrators are smarter than ever. 

Many businesses face huge pressures as they guard themselves against cyber-attacks with an underwhelming pool of cybersecurity talent to draw from. 

New research from Fastly found that this is not simply down to a shortage of potential recruits.

36 per cent of cybersecurity professionals feel that candidates for recruitment lack the necessary skills to protect their businesses, which are already suffering from a weak overall security posture.

At the same time, nearly a third of security professionals (27%) fear that skills gaps throughout their organisations will drive security threats over the next twelve months.

Are costly recruitment drives productive?

Reasons for anxiety about the talent pool are varied and growing.

What’s more, it’s hard to identify a single catch-all solution. Amid this uncertainty, many businesses turn to talent spending.

Over a third (36%) of cyber security professionals Fastly surveyed place high-quality recruitment at the top of their investment plans in 2024, while 47% increased funding for security talent spending over the last year. 

While the skills gap has created a sense that bottomless pits of money are the only long-term solution to finding the right talent, increased spending does not guarantee results.

As we have seen, many security professionals feel that potential new recruits aren’t up to the challenge. Yet businesses continue to invest significantly in recruitment.

In the wake of generative AI becoming mainstream, businesses face a nervous wait to see how cyber-attacks will develop over the next year.

With a third of surveyed professionals believing that the talent shortage had a direct material impact on security issues over the last 12 months, talent pool worries urgently need to be resolved.

Staying in-demand

Cybersecurity teams’ talent concerns present a big opportunity for savvy candidates prepared to upskill. 

As the nature of threats faced by businesses shifts, so do the skills that recruiters look for.

With demand high, those in the talent pool can stay ahead of the curve by observing trends and developing the most sought-after skills. 

Unsurprisingly, candidates who are comfortable dealing with the kinds of attacks criminals can deploy using generative AI are likely to be highly in demand.

Over a third of cybersecurity professionals (37%) are focussed on defining a new approach to internal security practices, particularly around new technologies like AI.

This means that new hires with a working knowledge of AI will be an asset.

 Candidates looking to join a cybersecurity team should tailor their CVs to the sectors they want to work in. For instance, 44% of retail professionals surveyed felt that the cybersecurity talent pool in their industry lacked relevant technical skills.

This is a higher proportion than all the other industries surveyed. 

Due to the sensitive nature of customer data, they handle, retail businesses require more specialised security teams, with the ability to deal with malware and phishing attacks especially in demand.

Meanwhile, candidates seeking a role in financial cybersecurity should be more attuned to ransomware, as 32% of financial sector security professionals expressed concern about these attacks in the next year.

Understanding an industry’s specific context and needs and developing skills to meet these, will place candidates in pole position for the best jobs. 

Alternative solutions

While improving recruitment remains a top priority for security teams across all sectors, hiring isn’t the only solution security teams can look to. 

For those struggling with an IT skills gap, AI can amplify internal training programmes, helping to mitigate the vagaries of the current talent pool without further increasing staffing costs.

Resilient businesses need employees at every level to be aware of their security obligations, and generative AI has proven effective in helping teams to identify pain points and adjust security policies accordingly. 

AI is not a panacea however.

While 36% of security professionals predict that generative AI will allow them to train their colleagues more effectively in the fundamentals of cybersecurity, businesses should be careful not to become over-reliant on AI solutions.

Such an approach risks allowing AI to become a single point of failure within security departments.

Cybersecurity expertise is also available through outsourcing.

If in-house security is becoming expensive and convoluted because of issues with hiring the right talent, working with a trusted partner to provide Managed Security Services (MSS) can ease the burden.

MSS showed up as a top investment priority in the Fastly survey, second only to investments in the basic composite tools of a cybersecurity stack.

Providing customers with the MSS option frees up the time and resources put into recruitment and guarantees that professionals dealing with a cyber-attack have the right experience. 

Final thoughts – facing up to skills gaps

Recruitment isn’t the only solution to safeguarding businesses against cyber-attacks.

Training, particularly using AI, finding people with the right security skills and working with a partner to provide Managed Security Services can all help guard against cyber-attacks.

Security teams need to think ahead about the skills required to match the emerging threat landscape and be willing to explore alternatives if recruitment costs are unviable.

As with so many aspects of business, those companies that are truly prepared will fare best if the worst happens and cybersecurity is tested to the limit.

Jay Coley

Jay Coley is the Senior Security Architect for Fastly in EMEA. After spending time in the US Military, he started his security career at Prolexic Technologies – the first full cloud DDoS mitigation platform.

He then worked in various roles at Akamai Technologies and more recently Trend Micro.

Jay Coley brings over 25 years of security experience to Fastly, where his role is to increase industry focus and visibility on the Fastly Edge platform.

Godwill N’Dulor

Godwill is a Senior Security Strategist EMEA at Fastly, working for the company’s Technology Specialist Group, which provides in-depth technical and industry expertise for large, complex customer projects.

Prior to joining Fastly, Godwill has held a number of consulting and advisory positions across the technology industry including Cisco Systems, Symantec, CyberArk and GitLab.

Godwill brings over two decades of industry experience in the field of information security to Fastly, where his role is to increase industry focus and visibility on the Fastly Edge platform.

This article was originally published in the May Edition of Security Journal United Kingdom. To read your FREE digital edition, click here.