4 Ways to Close the Cybersecurity Talent Gap
4 Ways to Close the Cybersecurity Talent Gap
Practical Strategies for Building a Competent and Cohesive Cybersecurity Team
The cybersecurity talent gap is not solving itself. In a tight job market, organizations are struggling to find the right people to keep up with the increasingly dangerous threat landscape.
It is hard to find that purple unicorn who has all the skills and experience you want. If you do find that experienced person, it means paying a high salary. Plus, it’s perpetuating the talent shortage problem because people are moving from company to company instead of bringing more people into the industry. We need to fix the problem.
Here are four ways to fill your cyber hiring bench:
1. Build Relationships with Educational Institutions
One effective way to find skilled cybersecurity talent is through local or regional colleges and universities. Develop relationships with these institutions and help them craft and adjust their curriculum to align with current and future needs and requirements of your organization and other area employers. This ensures that new graduates have the necessary skills and experience to step into their new roles.
Your organization may also want to create apprenticeships and internships to provide practical, hands-on experience to students. It allows you to see how they work and, if you’re interested in hiring them full-time, the onboarding process will be quicker and smoother.
“Education is one of the best ways for organizations to attract and retain employees,” writes Michelle Moore of InfoSec. “Partnering with higher ed programs can ensure we’re adequately preparing students to succeed in the cybersecurity jobs that are available now and in the future.”
2. Grow Your Own Talent
It can take years to get the experience and skills that organizations are looking for, which is a problem when you need someone now.
On top of that, once someone is hired, it’s critical to accelerate their time to effectiveness.
The good news is that there are a lot of training resources available to grow and develop green talent for roles specific to an organization. For example, a cyber range program with live-fire simulation scenarios accelerates training and real-world experience.
A strong training program will also help you move people within your organization to cybersecurity from another department, like IT. A cybersecurity aptitude assessment like RightTrak allows people to learn – without any prior knowledge of cybersecurity – what roles they are well-suited for, based on their innate talents and strengths. The assessment helps managers know where candidates have the most potential to succeed and design the ideal learning path for them.
Growing your own talent takes time, but when employees have a training plan and support from the company, retention rates are higher.
3. Tap into Underrepresented Populations
Underrepresented populations, such as women and minorities, are great sources of cybersecurity talent that should be tapped into more than it is. Implement programs that target underrepresented groups, like many organizations worldwide are doing: 75% have established formal processes to attract more female candidates into cybersecurity, and 59% have adopted strategies to recruit individuals from minority backgrounds.
For example, Atos, a leading IT service provider, has a strategy to enhance gender equity by increasing the shortlisting of female candidates by 20%, boosting female hires by 40%, and launching 400% more mentorship programs specifically designed for women.
You can also attract women and minorities by offering targeted internships, apprenticeships, mentorships, boot camps, workforce development programs, or other initiatives to help them gain the required skills and experience. That will enable you to find and hire new talent while creating opportunities for people who wouldn't have them otherwise.
4. Reevaluate Hiring Requirements and Job Descriptions
Some job requirements and qualifications may be unnecessary for certain cybersecurity roles. For example, a four-year degree may be something that HR included in the job description, but if it’s not necessary, it will keep people from applying. As a result, organizations may miss out on qualified candidates. Plus, resumes and certifications don’t tell the whole story. By reviewing job descriptions and requirements, organizations can ensure that they are not alienating people who may be able to perform the job.
If candidates have a good baseline of knowledge and skills, and the motivation to learn, you can use a cyber range program or other training to accelerate their experience and bridge any gaps.
Bonus 5th Tip: Military Job Fairs
While not a conventional method for many organizations, military job fairs can help you find fantastic cybersecurity talent. They have already had a lot of training and are ready to help you defend against cyber attacks.
Key Qualifications to Look for in Cybersecurity Applicants
While many organizations look at technical abilities and years of experience, soft skills are also integral to cybersecurity, so it’s important to look at things like communication, collaboration, and critical thinking skills.
That said, the first things to look for are desire and aptitude. Do they want to do the job? And do their innate cognitive abilities align with the role?
Many times, when people think about working in cybersecurity, they think of hacking – because that’s what Hollywood shows us. But there are 52 different cyber work roles, as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. These cyber roles are not one-size-fits-all. For example, a SOC analyst and a pen tester use very different parts of the brain. An assessment like the RightTrak Cyber Aptitude Assessment helps organizations understand how a candidate’s natural talents and abilities map to their optimal cyber work role.
It’s also important to assess a candidate’s competencies with an industry-standard framework like the NICE Framework to measure knowledge, skills, and abilities for a specific work role. A simulation-based assessment like FastTrak can measurably validate competencies related to the work role, and it helps employers recognize areas for improvement, so new hires can get the relevant training in the future.
Cybersecurity Is a Team Sport
Building a competent and cohesive cybersecurity team is crucial for organizations to protect themselves from cyber threats. With a tight job market, it can be challenging to find, develop, and retain skilled cybersecurity talent. However, by following these strategies, organizations can fill their cyber hiring bench and build a successful cybersecurity team.