Blog

Is There Really a Shortage in Cloud Security Skills?

Sep 16, 2021

Cloud-Security-Skills Is there a cloud security skills shortage? It depends on who you ask. Prior to the pandemic, the world was immersed in cloud technology – everyone, it seemed, had a migration strategy. Then the global lockdown happened. We collectively added a layer of priority to the cloud as tens of millions of people started to rely on it for work and communications in ways we hadn’t before.

Cloud is a highly complex and continually evolving set of technologies and protocols. Finding team members with the right background is a challenge, making it seem like there’s a substantial shortage of skilled and certified professionals. But these same professionals might tell you no one is hiring. The ones looking for work may find that, despite their years of experience and education, they never seem to be an exact fit. Meanwhile, many hiring managers are stymied by limited budgets and the challenges of navigating the outside talent pool.

The Problem of Focus

One source of the concern may be traced back to cybersecurity professionals deciding to focus on a specific set of knowledge issues. Those making this choice may think that being a specialist requires highly concentrated and focused expertise and experience. However, many organizations favor candidates with broad knowledge, seeking to do more with fewer employees to cut costs.

Senior management and boards of directors are put in place to ensure the ongoing vitality of their organizations. Hiring a large team of high-paid tech specialists can appear excessive and unnecessary to them, especially when similar staffing requests are being made by other departments.

The fact is, most boards spend too little time listening to their CIOs or CTOs about technology-related issues. The time they carve out for cybersecurity is often focused on breaches and ransomware. In addition, many prefer to work on the current burning issue rather than spending time to formulate a planned approach to cloud management.

Often at organizations, internal politics factor in. For example, system developers may take their cues from the business stakeholders who fund their projects. As a result, they may be more focused on delivering new business functions and less on the security of those functions.

The Culture of the Resume

Another issue is that, in many employment scenarios, not just cloud security, the hiring process is based on an antiquated approach centered on the resume or CV. This document is seldom seen by human eyes and instead screened, snagged and deleted by an automated gatekeeper. The process shrinks the list of candidates – which might make the job of the hiring specialist easier in some ways but can exclude those who would be the perfect fit.

The great security specialist hire may not check all the boxes but have the experience, personality and motivation to grow with the organization and its ongoing technological challenges. There is the popular convention in recruiting that it’s better to hire people with drive and curiosity, even if they have less-than-full technical acumen, because they will be willing to adapt. As CISO Helen Patton describes it , “One way to close the cybersecurity employee shortage is to hire for potential, not experience. Change your job requirements and interview protocols accordingly.”

The Question of Certification

Some IT and cybersecurity specialists have attain their expertise by working their way through the system, grabbing opportunities as they came along. They shape their career path by meeting their employer’s needs while finding areas that match their interests and aptitudes. Knowing this, is it worth getting certified?

The answer is, it depends on where the certification originates. It is vital to choose an organization with programs that are well-respected in the professional community. Look closely at how the certifying organization updates its curriculum, where its teachers come from, and how rigorous the courses and examinations are. The ultimate goal in getting certified should be to master as much practical and theoretical knowledge as possible in a relatively short amount of time.

Certification, when done right, delivers a perfect combination of background education and foreground potential to ensure candidates are ready to take on existing projects and move with the evolving demands of the industry.

Download the eBook Cloud Adoption and the Skills Shortage: A View from the Field to examine the growing need for certified cloud professionals and learn how their skillset stands apart from other cybersecurity professionals.

Download the eBook