5 Ways to Combat the Cyber Workforce Shortage

Even while tech and other industries are going through layoffs, there is one industry that is still growing and desperately needs new hires: cybersecurity. There is a shortage of 3.4 million cyber workers, per the 2022 (ISC)2 Cybersecurity Workforce Study. If the shortage is not overcome, there will simply not be enough people to help fight off existing and new threat vectors, as many security operations and incident response teams are already stretched to their breaking points. 

As a CISO, SOC manager, or security leader, here are tips to help alleviate this problem:

1. Take a chance

If you peruse cyber job postings on online boards (such as LinkedIn, Indeed, Dice, Cyberseek, etc.) many of them stipulate exact requirements. If the candidate has most of them but falls short in a few areas, they can still be rejected. That’s unfortunate because, with today’s job market, it’s hard to find candidates that can check all the boxes. You may get a plethora of resumes from younger candidates who don’t have all the experience you may think you need. But if they are smart, teachable, and eager to learn, you may actually get a higher return on your investment. If you invest in the right people, you can create custom learning paths that help them get certifications, upskill, and advance to new levels. By training them up the way you need them and helping them grow, there are also higher chances that they will stay with your organization longer.

2. Acknowledge career aspirations

When you hire a new employee, ask candidates about their career aspirations. That shows you are interested in what they want long-term, and you will know how to outline a path to help them achieve their goals. The information also helps you see how they can best fit into your company culture – and in your security operations center, incident response, or cyber forensics team. For example, if you find a really good candidate, and they mention they would like to be a penetration tester down the road (but don’t yet have any direct experience), you can always bring them on board and have them get started as a threat researcher. Once they have gained enough experience in this area, then you can move them up the ranks to become a tester. Cloud Range’s RightTrak Cyber Aptitude Assessments help you set up people for success by analyzing their innate talents and abilities and aligning them with cyber work roles. That helps you plan out custom learning paths and set up your team for cyber success.

3. Look past the education

Many colleges and universities are now offering formal cybersecurity degrees, and it is great to have industry newcomers already trained in cybersecurity practices, especially if they have participated in hands-on, live-fire training. Many candidates also have multiple certifications, which can look impressive. Even so, education is just one factor to consider before making a hiring decision. While a degree or certification shows that a candidate possesses certain skills, it does not paint the entire picture. Other factors must be looked at, as well. What is the motivation level of the candidate? Have they done any research projects, which fine-tunes their ability to collect and analyze data? How are their communications skills?  Are they able to work productively in a team effort? These skills are just as or even more important than having a degree. A lack of a degree can be compensated by on-the-job training. In the end, it takes a balance of both worlds, and you have to take a holistic approach when evaluating a candidate for a cyber job.

Cloud Range can help hiring managers and security leaders see past resumes and certifications. FastTrak Candidate Assessments are simulation exercises in our cyber range that show if a person has the knowledge, skills and abilities (mapped to the NICE Workforce Framework for Cybersecurity KSAs) for a specific job role, including an organization’s custom job requirements. FastTrak results help you validate if the candidate can do what they said they can, and it helps you know how to set up a training program to fill any gaps.

Additionally, some organizations will use Cloud Range’s team training scenarios to vet a candidate. That's especially good for looking at soft skills like communication, problem-solving, and collaboration. The candidate would participate alongside other team members so you could see how they work together. The subsequent mission debrief report will provide metrics and evaluation.

4. Don’t be afraid to contract

In addition to full-time employees, many organizations are hiring cyber contractors on an as-needed basis. This is even true for the CISO. In fact, some CISOs are quitting their positions and are looking at becoming a virtual CISO, or vCISO. By outsourcing work, employees can be hired on an as-needed basis, and the organization doesn’t have to commit to a salary and benefits. While contract employees won’t know your business or company culture like a full-time employee would, organizations can have more scalability. Also, hiring cyber contractors gives you an opportunity to test out potential new employees. 

5. Embrace mentoring

Mentorships help less experienced individuals, or mentees, grow their skills, gain new perspectives, and develop as a professional. These mentees don’t have to be cyber professionals, either. It may make sense to focus on making a difference in the high school and college years, when people are very impressionable. For example, you could host a summer camp or cyber range event and show participants what a live-fire cyberattack looks like and how to respond. Or you could have a “Capture the Flag” event, which tests the offensive and defensive skills of the participants. Or you could be a guest professor for a class or offer internships at your organization, where they can learn what the real world of cyber is like.

The cyber industry is expected to continue growing. In fact, it will be worth over $317 billion by 2027, with an annual growth rate of 13%, according to Mordor Intelligence. That’s why it’s crucial for organizations to think outside the box in how to find and train cyber professionals. Instead of spending time and money trying to find the purple unicorn who is already trained and experienced, look for someone with the right motivation, attitude and eagerness to learn. Then you can train them up to be the perfect cyber team member for your organization.

Learn how Cloud Range’s assessments and simulation training programs can help you combat the cyber skills shortage and build the ideal team. Contact us today.