How to build the talent pipeline to close the cloud security skills gap

How to build the talent pipeline to close the cloud security skills gap Lior Cohen is Senior Director of Products and Solutions – Cloud Security at Fortinet. He has over 20 years of experience working in the information security, data center network and cloud computing spaces. Lior serves as Fortinet’s lead for cloud security solutions with a focus on securing enterprise public cloud-based deployments and private cloud build-outs. Lior previously held a variety of vendor and customer side positions in the cloud security space, including cloud solutions architect, information security consultant and subject matter expert for SDN, virtualization and cloud networking for leading industry vendors.

When it comes to the security skills gap, cloud security skills continue to be the most sought after – and the hardest for organisations to fill. As cloud computing continues to be an essential part of business continuity and productivity with more organisations preparing for remote work over the long term, leaders must find new ways to fill this critical talent gap.

The need for cloud security skills is increasing

Cloud adoption was already growing rapidly, but that growth got a supercharge with the pandemic: the cloud has been critical for organisations transitioning to remote work strategies in a short timeframe. One of the key challenges of this increased reliance on cloud resources is establishing and maintaining consistent security, including unified visibility and control, to see and mitigate threats and deal with misconfigurations in a seamless manner.

The cloud comes with its own specific set of security considerations. Organisations need to find ways to secure data that is regularly moved between private and public clouds. To further complicate matters, an increasing number of cloud compute infrastructures also rely on hyperscale to manage and process often massive amounts of data. Workflows and applications need to securely travel across and between different clouds, data centers and devices to accomplish their tasks. Security also needs to scale to safeguard the north-south as well as the east-west traffic. According to Gartner, by 2021, 90% of all web-enabled applications will have more surface area for attack due to exposed APIs, rather than just the user interface – up from just 40% in 2019.

Cloud skills remain scarce

The lack of professionals skilled in both cloud and security strategies and technologies increases the level of risk to the network. In a recent survey commissioned by Fortinet, 68% of respondents reported that their companies struggle to recruit, hire and retain cybersecurity talent. Respondents named cloud security architects as one of the most challenging jobs to fill. This is probably due to the high demand for such individuals, because most organisations’ infrastructures are increasingly complex due to things like operating dynamic clouds, and the prioritisation of the security of these environments.

With 76% of respondents saying that a lack of skilled security professionals is creating new risks across their organisations, it is clear that the situation is dire.

In addition, new initiatives like rolling out new cloud-based applications, migrating or extending data and other resources from public clouds back to private clouds, and consuming SaaS solutions – such as Salesforce, Office 365 or unified communications – makes developing a consistent and easy-to-manage cloud security strategy increasingly vital. Yet this skills gap compounds the challenge of implementing an effective cloud security strategy even further. It is most acutely felt in specialised areas such as securing and managing multi-cloud infrastructures, and within DevOps teams tasked with developing business-critical applications.

How to build the pipeline

To overcome this skills gap, organisations heavily promote cloud security roles on job sites and focus on retention by offering high salaries, maximising opportunities for advancement and providing a healthy work culture. But organisations need to go beyond traditional means of recruiting security talent. This includes employers encouraging individuals to pursue cloud technology-focused certifications as they recognise that such certifications demonstrate knowledge and expertise in various cybersecurity concepts and abilities.

Because the field of cybersecurity is continually changing, certifications are a valuable way to keep up with the evolving threat landscape, as well as enable those without a technical background to obtain training so they can transition into a career in cybersecurity. This then helps to fill in the cloud security skills gap. And those already in the field can update their cybersecurity knowledge each time they renew their certification. This keeps professionals at the top of their game and lets employers know that their staff has the most current training available.

Keeping the cloud safe

Cloud security skills are needed like never before, particularly in light of the mass exodus to remote work necessitated by the pandemic. At the same time, these skills have never been harder to find. Research demonstrates that this lack of properly trained professionals puts organisations at higher risk for cyber incidents, especially as attackers take advantages of security holes arising from an almost boundless “perimeter.” New threats and the addition of new technologies call for new methods to find and retain cloud security talent. This includes using certifications as a hiring yardstick to ensure applicants have the needed skills and as a way to upskill current employees.

Read more: Overcoming the skills gap for cloud and digital: Where does security and automation fit in?

Photo by Erlend Ekseth on Unsplash

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

View Comments
Leave a comment

One comment on “How to build the talent pipeline to close the cloud security skills gap

  1. Robert Anderton on

    Good article, but I think as well as certification schemes, companies need to look at their apprenticeship and intern schemes (not just Uni leavers) but 16 /18 year and have different programs for all these levels. there is a great pool of young talent that don’t have degrees for many reasons. That get missed out, if companies are not developing the young where do they think this talent will come from.
    and whilst you wait for this talent to develop, companies need to look at cross transferable skills, where can they pull similar skills set from and then scale them up with the skills that they need.


Leave a Reply

Your email address will not be published. Required fields are marked *