Big Quit and toxic culture expose cyber security skills gap

Just a few short years after the cyber security industry became accepted as a genuine and necessary addition to the global business landscape, leaders in the field are seeing colleagues and team members quit in their thousands, leaving a skills gap that must be plugged if cybercriminals are not to enjoy a distributed crime spree.

Research and advisory company Forrester predicts 2022 will see one in 10 experienced security professionals leave the industry. 

The Great Resignation has been seen in industries across the planet, but cyber security’s own brain drain is the result of a range of issues, says the company. These include poor financial incentives, general stress and burnout, and workplace toxicity, which Forrester describes as “cyber security’s dirty little secret”.

Gender prejudice in the workplace is also holding back the industry’s growth, says Jinan Budge, VP and Principle Analyst with Forrester’s security and risk research in the Asia Pacific region.  

“Cyber security isn’t immune to the hidden epidemic impacting women’s ability to continue working at pre-pandemic levels as they took on a disproportionate amount of childcare responsibilities,” she says. “In an industry that cannot afford to lose any more workers, let alone women, attracting, retaining, and advancing them needs to become an immediate priority, not a nice-to-have.”

Forrester shows how to plug the cyber security skills gap

Budge outlined a number of ways business leaders can help make business environments more inclusive and productive, including how diversity, equity and inclusion (DEI) should be treated as a key indicator. While some may see these as “unrealistic”, Forrester points out that the most successful companies have tied DEI outcomes to profits. 

Male colleagues should also be encouraged to “go through a journey” of personal and professional self-awareness, says Budge, which would include speaking out about microaggressions directed at female colleagues. Companies should also develop a culture that encourages employees at any level to speak out against harassment and toxicity.

Cyber security skills gap gets a new twist on age-old problem

In addition to the brain drain and gender imbalance, cyber security stakeholders will also have to address complex issues of ageism, traditionally seen as an obstacle solely for older employees, now presenting new challenges in a post-Covid world.

“Statistically, if you are in your fifties to your seventies, the chances are that if you are in an industrialised, westernised, democratised society, you are probably seen as getting towards your sell-by date,” says Henry Rose Lee, Inter-Generational Diversity Expert and Speaker, who conducted research with security company Appgate on generational differences and the impact these have on cyber security. 

“You're often seen as becoming too old and therefore becoming less valuable when the truth of the matter is that nothing could be further from that.” 

But ageism exists at both ends of the human resources spectrum, says Lee. “Ageism exists when people are young, and then they can't get a job because they haven't got the experience and need the experience to get a job.”

Appgate’s research found businesses face increasing risk as older employees – Boomers – exit the workforce, taking expertise with them, and younger employees – Millennials – tend to look for fast solutions, which might not be appropriate for the cyber security industry as a whole. 

Sandwiched between these two groups are Gen-X employees, who can act as a bridge between Boomers and Millennials by distilling the most important info and making sure it gets passed along.