Mid-November marks the unofficial start of “Predictions Season.” In the tech sector, projections, prognostications and predictions were once the domain of the largest and most prominent industry analysts, like Forrester and Gartner. Now, analysts, market research firms, industry insiders, bloggers and vendors of all sizes are all eager to provide their points of view on what lies ahead for the year.
So, here’s our take on some of the major cybersecurity industry trends to expect in 2020 – with a focus on the human aspects of this dynamic industry. And it just so happens that the theme of RSA Conference 2020, now just over three months away, is “The Human Element.”
The Cyber Skills Shortage Chasm Widens
The national unemployment rate in tech is about 1.4 percent, and in cybersecurity, it’s zero. Yes, you read that correctly – zero, due the deepening cyber talent deficit. A year ago, the New York Times reported a stunning statistic: Cybersecurity Ventures predicted that there will be 3.5 million unfilled cybersecurity jobs globally by 2021. If that number isn’t staggering enough, consider this: (ISC)2 notes that the amount of additional trained staff needed to close the cyber skills gap is 4.07 million professionals, necessitating a cybersecurity workforce increase of 145 percent globally. These are obviously huge numbers.
Look for things to get worse before they get better in 2020. As growing cyber tech companies continue to staff up and demand for their solutions and services soar, veteran cybersecurity workers will retire, suffer from burn out, or — per this recent Ponemon Institute survey — change careers.
Alternate Talent Development Paths Emerge
With our nation’s colleges and universities unable to effectively plug this talent gap, companies will have no choice but to embrace new strategies and programs for cyber talent development. Tech firms – such as IBM, Microsoft, Amazon and others – will create or expand cyber and IT apprenticeship programs to entice high school graduates, veterans or professionals from other industries to enter the field. These programs will also seek to fast track new employees while attempting to ensure they have appropriate skills.
Impactful Cyber Workforce Development Legislation Passes – Finally!
Earlier this month, the Harvesting American Cybersecurity Knowledge through Education Act (HACKED), was introduced. With support from both parties, it is quite conceivable that this legislation will pass in 2020. This will enhance existing science education and cybersecurity programs in NIST, NSF, NASA and DoT, and incentivize the recruitment of educators while creating clearer paths to aspiring cybersecurity professionals. As is often the case with new legislation, the burning question is what impact will it have in the coming year?
Cybersecurity Training and Learning Becomes The Hot New Employee Benefit
Innovative, new, improved training programs will become more pervasive as employers grapple with the aforementioned talent shortfall, and their employees will look to become more valuable, marketable (read: better paid) and prepared for new, more challenging jobs in tech and cyber. A few examples are the “Certified Ethical Hacker” certification programs from organizations like EC-Council and Carousel Industries, and schools, including Miami Dade College. These comprehensive trainings in Ethical Hacking and Auditing help employees and prospective employees/students increase their knowledge, skillsets and proficiency in addressing modern security threats.
2020 Will Be “The Year of the MSSP”
Managed Security Services Providers (MSSPs) augment or solely provide the outsourced management and monitoring of security devices and systems. They offer a flexible model for the delivery of these services, helping enterprises which lack the in-house resources to protect themselves against increasingly bold and sophisticated cybercriminals. The term “MSSP” does not always roll of the tongue, nor will it ever reach mainstream awareness as other four-letter acronyms or names, such as ESPN or AARP. However, 2020 will bring a broader and more acute understanding of – and appreciation for – the increasingly important role MSSPs play in helping address the cyber talent deficit.
In this sector – expected to reach $47 billion in the next four years – five trends will come to fruition:
- The big will get much bigger (Accenture, CenturyLink, DXC Technology, IBM) as enterprise customers pursue a flight to safety and scale.
- MSSPs of all sizes will have a bigger bullseye on their back, with cyber attackers increasingly targeting the treasure trove of personal information they are tasked with protecting for large groups of customers.
- Firms not traditionally well known in cyber, like AT&T and Comcast, will continue to acquire smaller security innovators and further fortify their service offerings.
- One of the larger “pure play” MSSPs, such as Optiv, will complete a successful IPO in 2020.
That’s how we see 2020 shaping up. What trends or developments are you predicting? Let me know.