5 Considerations For Recruiting (and Retaining) Cybersecurity Talent
This post was last updated on November 26th, 2019 at 11:35 am
It’s no secret — there’s a severe talent shortage in cybersecurity, and cyber criminals are aware of this critical lack of resources.
Recently, bipartisan research agency The Center for Strategic & International Studies (CSIS) carried out a survey of IT decision-makers across eight countries. The topic? The ever-present talent and skills gap in the cybersecurity space.
The results were telling. Of the professionals surveyed, 82 percent reported a shortage of cybersecurity skills, and 71 percent expressed a belief that this shortage is causing “direct and measurable damage” to their organizations.
Further, unfilled cybersecurity jobs have grown by over 50 percent since 2015, with the total expected to be near 1.8 million open cybersecurity positions by 2022. For anyone paying attention to the cybersecurity jobs issues, these numbers shouldn’t come as a great surprise.
According to a 2018 study by The International Information System Security Certification Consortium, currently there are approximately 2.9 million unfilled security positions worldwide. That number could climb as high as 3.5 million by 2021, per research by Cybersecurity Ventures. To say the least, the cybersecurity talent shortage is bad, and security professionals are feeling the crunch.
Because there aren’t enough skilled individuals to go around, security experts are expected to work longer hours, often without the necessary resources to adequately protect their organization. That, in turn, is having an adverse effect on their mental health.
In a 2018 study by ESG, for instance, 68 percent of cybersecurity professionals expressed a belief that a cybersecurity career is incredibly taxing, with 38 percent indicating that the skills shortage has led to both burnout and attrition.
In other words, the cybersecurity skills shortage has the potential to become a vicious cycle. Because there aren’t enough professionals to go around, those men and women who do get hired are more likely to burn out. And when they do, the shortage grows worse, leading to even more burnout.
The lack of qualified IT security professionals impacts more than the InfoSec space, as well. Lacking enough trained security personnel, businesses lack an understanding of their risk profile and the expertise to guard themselves against cyberattacks. This makes them an easier target for criminals, a fact that can severely damage both their reputation and their bottom line.
“A rush for cybersecurity talent has depleted the market, and the number of new specialists coming out of schools and training programs has not kept up,” Jon Oltsik, Senior Principal Analyst at IT research firm Enterprise Strategy Group told CNBC. “There is more demand for [IT security] talent and not enough talent out there … When the cybersecurity team is busy putting out fires, they don’t have enough time to develop training courses, work with business units, or educate the workforce.”
This is going to get worse before it gets better and we need to take steps to course-correct the cybersecurity jobs shortage. But, what exactly can you do about it within your own organization?
Here are five considerations that may help your organization recruit, enable, and retain top cybersecurity talent:
- Expand your hiring scope. Don’t get lost in a search for degrees and certifications. Some cybersecurity knowledge can be learned on the job. Focus on finding IT security professionals with the necessary talents — an analytical mind, hands-on computer and networking knowledge, strong communication skills, a head for numbers, a strong work ethic, and a desire to learn — to name a few.
- Invest in education. If you have the budget for it, find the closest technical institute or computer science/IT security programs in your region. Donate your time and or money to help further those programs — perhaps open a scholarship program and scout for potentially promising new hires.
- Participate in community events. Hackathons, cybersecurity job fairs, and career days are a great way to track down prospective IT security hires, and hosting them is a great way to make a name for your business — making it a more attractive place to work.
- Start an internship program. Even if you’re not ready to hire IT security professionals full-time, an internship program is a great way to attract new cybersecurity talent, train them with on-the-job skills, and help them transition from their education into a permanent role.
- Work to shift the culture. Though there have been great strides made in recent years, the cybersecurity space is still largely hostile to women. We all need to do our part to change perceptions of the IT security space, address sexism in technology, and generally work towards greater overall diversity and inclusion.
The effects of the jobs shortage in cybersecurity can be felt across multiple industries and at companies both large and small. We all need to do our part to overcome it.
About the Author: Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.