Cybersecurity skills gap and how to fix it

As security gap in the world of IT becomes more significant each day (reaching about 4 million in 2023 according to CSO and by Fortinet estimation it is around 3.4 million people at the moment). As a first stepping stone, people need to become more aware of what Cybersecurity is and grow an interest in this fast-expanding field of IT.

Cybersecurity Skills in High Demand— courtesy of Fortinet and World Economic Forum

Bear in mind that Fortinet image was posted by the World Economic Forum on February 1st, 2023 and CSO report was posted on October 31st, 2023, so you can already see the gap increasing by almost 600 000 vacant Cybersecurity jobs in just under a year.

If you want to read more in detail visit Fortinet Cybersecurity Skills Gap report

What does this gap mean for me and how can I help fill it?

This gap consists of many different fields and some of those are:

1. Cloud Security: Deals with protecting data, applications, and services stored in the cloud.
2. Endpoint Security: Concerned with securing end-user devices like computers, mobile devices, and IoT devices.
3. Ethical hacking: Authorized practice of attempting to penetrate networks and systems to discover vulnerabilities and weaknesses before malicious hackers can exploit them.
4. Information Security: Ensures the confidentiality, integrity, and availability of data.
5. Application Security: Involves securing software applications from threats and vulnerabilities.
6. Network Security: Focuses on protecting computer networks from unauthorized access or breaches.
7. Identity and Access Management (IAM): Manages and ensures the right individuals have access to the right resources at the right times.
8. Incident Response and Security Operations Center (SOC): Involves the process of managing and mitigating security incidents.
9. Vulnerability Management: Identifies, classifies, and mitigates vulnerabilities in systems and software.
10. Security Architecture: Designing and implementing security systems and strategies for organizations.
11. Security Compliance and Governance: Ensures organizations adhere to security standards, laws, and regulations.

Ok Vedran, a lot of new words and more questions than answers here, but how do I know where to start?

Well to answer that question we need to first make a distinction between the Blue team, the Red team and the Purple team.

Here is a visual way to represent what I mean:

Cybersecurity teams — courtesy of H-X Technologies

As seen in the picture above there are differences and common grounds for the teams.

Blue Team are all the different teams responsible for topics like:

1. Cloud Security (a topic on which myself and my colleague Ivan Babic will be writing most going further with our posts) — relates to different big Cloud providers like Azure, AWS, Google Cloud Platform (GCP) and many others. It includes securing cloud-based data storage, networks, and virtual machines, implementing strong access controls and encryption, monitoring for unusual activities, and ensuring compliance with security standards and regulations. It aims to mitigate risks associated with cloud computing and safeguard sensitive information stored and processed in cloud environments.
2. Endpoint security (also a topic which will be covered more in detail by our colleague Martina Lenić who specializes in all things Endpoint related) — refers to the protection of individual devices or endpoints, such as computers, laptops, smartphones, and other devices, that connect to a network. It focuses on securing these endpoints from potential cyber threats, including malware, ransomware, phishing attacks, and unauthorized access.
3. Identity and Access Management (IAM) security — responsible for designing, implementing, and maintaining robust Identity and Access Management solutions within an organization. This role involves assessing security requirements, access controls, authentication mechanisms, and user provisioning systems through the creation or deletion of roles. IAM security ensures the integrity of user identities, manages access privileges effectively, and implements policies and protocols that safeguard sensitive data and systems. They collaborate with cross-functional teams to establish and enforce security best practices, staying on top of emerging threats and evolving technologies to continuously enhance the organization’s overall security posture.
4. Security Operations Center (SOC) — The Security Operations Center (SOC) team is responsible for continuously monitoring and analyzing networks and systems to detect, analyze, and respond to security incidents and threats. They utilize specialized tools and threat intelligence to swiftly identify and assess potential risks, initiating immediate response actions to mitigate threats and contain breaches. SOC teams also conduct detailed investigations, manage security tools, refine processes, and communicate effectively with stakeholders, playing a critical role in fortifying an organization’s cybersecurity defenses and maintaining the integrity of its systems and data.

There are also other teams involved in Blue Team, e.g., the Networking Team, but I won’t be writing about those since it is not my primary domain.

On the other end of the spectrum would be the Red Team. A team of ethical hackers, also known as Penetration testers, which plays a crucial role in identifying vulnerabilities and weaknesses within computer systems, networks, applications, and other digital infrastructures. They use techniques and attacks real-world hackers would use, but for a good cause: to prevent the occurrence of real attacks on behalf of clients.

Image courtesy of— Software Testing Help

Middle ground where the Red Team and Blue Team would find common ground would be Purple team.

The Purple Team operates at the intersection of the Red and Blue Teams in cybersecurity, focusing on collaboration and knowledge sharing between offensive (Red Team) and defensive (Blue Team) functions. Its primary goal is to enhance the overall cybersecurity posture by empowering communication between teams, conducting controlled and structured simulations of cyberattacks, and sharing insights gained from these simulations to improve defensive strategies, detection capabilities, and incident response protocols. The Purple Team bridges the gap between offensive and defensive security measures, leveraging the strengths of both teams to identify vulnerabilities, validate defensive measures, and fortify an organization’s resilience against evolving cyber threats.

Conclusion

To find your place in this continuously growing space of Cybersecurity I would like to leave you with a few questions.

1. What team sounds most interesting to you?
2. How much time are you willing to invest to become great at that topic?
3. How much does it resonate with your sense of purpose and responsibility?

I hope these questions help you in your quest to find your own path and also help us fill that gap, which also made me write this article.

Going further, I will be mostly focused on writing articles related to Cloud Security with my colleague and co-speaker, Ivan Babic while you can find all things Endpoint-related and much more in articles written by Martina Lenić.

Thank you for sticking with me until the end. I hope you found it useful.

For all the questions and all the feedback on the subject, you can find me on my LinkedIn .