We live in unprecedented times, and the cybersecurity landscape is no exception.
A month doesn’t go by without national news of a cyberattack. Global businesses, federal government agencies, financial institutions and consumers daily fall victim to cyberwarfare, putting private data and information at risk.
And matters appear to be worsening as breaches rise in numbers. Since the onset of the COVID-19 pandemic, the FBI reported a 300% increase in cybercrimes as employers transitioned to a remote workforce. This continued criminal activity is also poised to cause $10.5 trillion in damages to the global economy by 2025.
Sadly, the rise in incidents and costs exacerbates a pre-existing dilemma—a widening talent gap. There are currently 464,420 unfilled cybersecurity roles in the U.S. today.
The State of Cybersecurity 2019 report found that:
69% of security teams are significantly understaffed
58% of enterprises have open cybersecurity roles
32% report a period of six months or longer to fill positions
There’s an undeniable race to secure talent. With such a vast supply and demand disparity, organizations need to think outside the box when maintaining a cybersecurity team in 2022.
Understanding the motivations of cybersecurity professionals and developing a strategy to attract and retain employees are critical to building a successful talent pipeline. Here are five areas employers should focus on to improve their talent management strategy:
Attitude and aptitude can go a long way when recruiting candidates for cybersecurity roles. Employers need to look beyond the resume and prioritize traits that make a cybersecurity team successful.
Top cybersecurity professionals are critical thinkers, problem-solvers, creators and team players. These existing professionals are life-long learners who seek to make an impact through their work.
Employers serious about attracting and retaining cybersecurity talent should work directly with their HR partners to build a talent management strategy that identifies and develops the skills needed to maintain a candidate pipeline
Top soft-skills among cybersecurity professionals include:
In a world with a shallow technical talent pool, organizations must commit to finding the right people and providing upskilling. Doing so will foster internal talent, reduce turnover and increase employee engagement—key factors that build a resilient cybersecurity program.
In a widening talent gap, it’s essential that hiring teams broaden their talent pools. The bigger the talent net, the more candidates you can identify.
One top way to do so is to consider non-traditional candidates. These include career transitioners, former military personnel and law enforcement. In fact, veterans and former law enforcement are a growing demographic within the cybersecurity field.
Recent studies report that 31% of current cybersecurity professionals have either military or law enforcement experience. Nearly 52% of these individuals are motivated to pursue the field because of their innate ability to problem-solve. And 49% of these people feel that cybersecurity embraces their skill sets and interests.
Employers also find the qualities in veterans—discipline, dedication and teamwork—a commodity for working in cybersecurity. Moreover, many military forces currently use some of the most advanced technology in existence today.
Military personnel who work with these systems are well-prepared for private sector work. With a little additional training and education, veterans can be an asset to employers needing quality talent.
Military positions suited for cybersecurity work include:
Cyber network defender
Information technology specialist
Cyber operations specialist
Cyber operations officer
Cryptologic cyberspace intelligence collector/analyst
Cyber and electronics warfare officer
Electronic warfare specialist
Employers looking to shrink the cybersecurity talent gap should find creative ways to tap into non-transitional candidates with transferable skills to remain competitive.
Sometimes, the best talent is hiding right under your nose. Employers looking for creative ways to attract and retain cybersecurity professionals should strongly consider the talent already enlisted within their IT organization.
In today’s competitive landscape, most of the current cybersecurity workforce has previously worked in IT roles. In fact, nearly 55% of cybersecurity professionals have transitioned from IT, according to a recent ISC2 report.
There is an undeniable growing need among candidates in this field to tackle new problems, elevate their careers and continually learn. Employers should embrace this fact and implement hiring for potential.
While an IT background can gauge a candidate’s ability to be productive in a cybersecurity role, it isn’t always a prerequisite. More than 25% of cybersecurity professionals have less than three years of experience started in fields other than IT.
Now more than ever, it’s essential to hire outside the box. Talent also exists internally outside your IT organization. Tapping into internal talent gives employers the upper hand to hire individuals already familiar with company systems, processes and culture.
When assessing internal candidates, prioritize skills critical to executing cybersecurity protocols such as critical thinking, analysis, problem-solving, collaboration and resourcefulness. Companies can also develop internal shadow programs to encourage new cybersecurity talent.
Whether it’s upskilling talent or employing experienced professionals, education in cybersecurity is career-long. Informational technology is rapidly changing, and so is cyberwarfare.
Implementing a comprehensive professional development strategy that highlights industry best practices and skills needed to develop, manage and improve an organization’s security posture is paramount. From entry-level to senior management, employers should prioritize education at all career stages.
Today’s successful cybersecurity professionals are tasked with continual learning to understand the evolving business and digital landscape. To effectively secure data and digital assets, organizations need to develop internal cybersecurity education programs at an enterprise level and for cybersecurity professionals themselves.
Employers can use certifications to provide lasting value to their organizations. This education opportunity can also validate skills and experience over time, as many certifications call for renewal to stay updated on the latest best practices.
Top certifications among cybersecurity professionals include:
Certified Ethical Hacker (CEH)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Auditor (CISA)
GIAC Security Essentials (GSEC)
Certified in Risk and Information Systems Control (CRISC)
Cisco Certified Network Associate Security (CCNA)
Cisco Certified Network Professional Security (CNNP)
Companies can also use certifications to attract and retain cybersecurity talent by covering or offsetting costs for employees. When identifying the proper certifications, consider the in-demand skills for your team to help your workforce stay sharp.
Be also committed to the long haul—retention. Providing career-long learning opportunities for employees is a surefire way to maintain team expertise and keep employees in a competitive field.
Employers can open up a world of diverse talent by evaluating and implementing non-traditional pathways to cybersecurity. By doing so, organizations encourage diversity of thought across experience, gender, age, race, nationality, ability, and more.
Engaging in a competitive talent landscape alongside rising cybercrimes calls for diverse talent that can tackle complex challenges with innovative, bold ideas from the best of all minds. In the face of an unending talent shortage, organizations must broaden their workforce by developing new, previously untapped candidate pools—a win-win for employers and employees.
Businesses with more diverse management teams have 19% higher revenues due to innovation, according to a Boston Consulting Group Study. A 2016 research study also found that 47% of millennials believe a diverse and inclusive workplace is important to their job search.
Diversity must be a top priority of company culture to sustain a cybersecurity workforce of the future. Partnering with your HR team will help ensure and accelerate a more inclusive and equitable workforce and culture.
Companies can additionally address diversity goals by upskilling talent, including gender-neutral language in job descriptions, targeting talent outside of IT and leveraging external partnerships with entities that have access to marginalized talent pools. Forward-thinking organizations today are also investing in increasing staff competencies and developing internal career paths.
Successfully tackling the cybersecurity challenges of today and tomorrow will only be achieved with rich perspectives. Don’t let a lack of diversity or ideas be your barrier to success.
ASK Consulting can help
Working with a consulting firm, like ASK Consulting, will allow you to hand over these job requirements to a group with years of experience and knowledge of the industry. Our experts will find you the smart, talented, experienced, and diverse cybersecurity team you're looking for. Contact us today.