There has been a slew of reports that have presented a worrying skills gap in companies building and deploying internet of things apps and devices.\nA survey from Vanson Bourne and Inmarsat found that 76% of respondents said their companies need more people at a senior level to carry out IoT deployments and 72% said there were shortages in management-level experience for IoT. The survey polled 500 senior staffers in IT firms in North America, EMEA, and APAC.\nResearch from IT trade organisation CompTIA said that a lack of skilled workers would inhibit the adoption of IoT while according to IT recruitment firm TEKsystems, there were over three million IT jobs posted last year in the US but there aren\u2019t enough skilled people to fill them. Projects lacking the relevant skills may lead to failed products and gaping security holes.\nThe internet of things, by its nature, is very broad but also still relatively new. We saw similar apparent shortages in skills in cloud computing and virtualisation in the past. Professionals eventually caught up but things may be a little different with IoT, given the vast amount of data at stake.\nThere has always been a struggle to sufficiently fill roles in IT and IoT now means more companies than ever are dipping into the same labour pool, says Jason Hayman, market research manager at TEKsystems. Every company in a sense is becoming a software company and they may not have the right talent on tap to deal with that.\n\u201cEven though they are established businesses, it is the first time they are adopting a modern software development process. Security is a part of that, and it\u2019s a skill that is hard to recruit for,\u201d explains Michiel Prins, cofounder of HackerOne.\nBig picture thinking needed\nIn the field of IoT and security, \u201cbig picture\u201d and \u201cdesign thinking\u201d professionals are hard to find, according to Kevin Richards managing director at Accenture Strategy Security for North America. There is growing demand specifically for professionals with skills in strong secure software development and secure devops experiences, privacy, cybersecurity, and data protection skills.\n\u201cInnovation within IoT requires people that walk in even more rarefied air\u2014big thinkers that can convert digital potential into tangible customer value are a special breed,\u201d Richards says. \u201cEqually important are those people that can embed and instil digital trust within all elements of the IoT ecosystem to meet a growing market expectation for personal privacy and cyber resilience.\u201d\nThere are a lot of different projections out there but it\u2019s generally tipped that there will be around 50 billion devices connected in some way within the next decade. These devices are gateways into our data and lives, whether personal or professional, meaning developers of these services and hardware have a swelling responsibility to be more diligent.\n\u201cThere is definitely a gap,\u201d says Sean Sullivan, security advisor at F-Secure. \u201cIoT hardware and its related software is not generally designed by security minded engineers and there\u2019s a lack of teachers to even teach or train tomorrow\u2019s engineers.\u201d\nSullivan points to the burgeoning smart home space; he has Philips Hue Lights in his home with the accompanying app:\nNow, suppose my elementary aged son would like to be able to turn on a lighting scheme. I would need to install the app on one of his devices. But then, if I do that, I end up giving what\u2019s basically administrative control to a child. There is no admin vs. user mode for these apps.\nNumerous tech is engineered this way. Any access equals complete access. The engineers typically only think of how to restrict outsiders. Almost zero thought seems to go into providing compartmentalisation and access controls for insiders. The gaps in security thinking begin there and grow wider as systems get more complex.\nThere is a need for a shift in mentality in how IoT products are developed if security is to be taken seriously.\nTraining desperately required\n\u201cThere is no denying the cybersecurity skills gap. Every company is faced with trying to recruit and keep security talent on a budget, and it\u2019s always going to be hard,\u201d continues HackerOne\u2019s Prins. \u201cWhat\u2019s even more challenging is that most universities still don\u2019t offer cybersecurity classes or majors, so the gap could get wider if we don\u2019t do anything about it.\u201d\nCollaboration skills are key to building a good IoT product as different competences must come together to build something that can collect, store, and analyse data in a safe and efficient way.\n\u201cHow do we go about training? Is it doing it ourselves or is it partnering with colleges and universities to develop people? Or hackathons, sponsoring events like that,\u201d adds TEKsystems\u2019 Hayman.\nWith all the talk of skills shortages, another route is to look beyond the traditional computing and programming vocations, where you\u2019re hiring people \u201con paper\u201d. Rik Ferguson, VP of security research Trend Micro, is a regular critic of the cybersecurity skills gap, calling on companies to diversify their thinking of what makes a security pro and look to other disciplines.\nOne way or another, companies will need to get smarter in hiring because expectations and more importantly, legislation is getting tougher. GDPR is well publicised and will put a greater onus on companies to secure their data but for IoT specifically, the EU is considering a system for IoT devices that is similar to the CE marking for electronics that certifies the security of a product. Either way, IoT needs to be a higher standard than ever before and the pros need to keep up.