Cyber security training: Insights for future professionals

In this era of digitalisation, the world is witnessing exponential growth in incidents that compromise the security of information owned by businesses or governments. Recently the Royal Mail’s overseas deliveries suffered severe disruption due to a ransomware attack linked to Russian criminals. In 2022, around 50 Indian government websites were hacked and eight data breaches were reported. These included a ransomware attack on some servers at the All India Institute of Medical Science (AIIMS) that paralysed operations of the premier medical institute in India for many weeks.

The tremendous increase in such incidents has fuelled the demand for qualified IT professionals who could prevent cyber attacks on critical government and business IT assets. But there exists a considerable mismatch in the supply-demand situation of qualified cyber security professionals. To complicate this further, professionals entering this field face difficulty in deciding what skills they should acquire. This article explores what paths are available in cyber security training by analysing reports released by two eminent associations in the field of information security.

The first report discussed is the latest edition of the annual report on the cyber security workforce released by (ISC)² titled 2022 Cyber Security Workforce Study. This report presents insights into the challenges and opportunities faced by cyber security professionals around the world. The report was prepared after conducting a survey among 11,779 cyber security professionals. The study estimates that the size of the global cyber security workforce in 2022 was 4.7 million people and the gap in the global cyber security workforce stood at 3.4 million people, which is an increase of 26.6% at the year-over-year (YoY) level.

Clearly, there exists a wide gap between the supply and demand of cyber security professionals, and the shortage is more evident in the EMEA and APAC regions where the YoY increase is greater than 50%. Half of the cyber security professionals under age 30 who participated in the survey started their careers in IT and then moved to cyber security. Both vendor-neutral certifications (e.g., (ISC)², ISACA or CompTIA)…