The issue of the cybersecurity skills gap and talent shortage is a pressing concern for many industries. According to a recent report by Salt Security, 91% of Chief Information Security Officers (CISOs) believe that the scarcity of qualified cybersecurity professionals significantly hampers their ability to advance digital transformation initiatives. With an estimated global workforce gap of around 3.4 million individuals, it has become imperative to reassess how we address this growing skills gap.
Camellia Chan, the CEO and Co-Founder of Flexxon, believes that a change in mindset is necessary when it comes to cybersecurity hiring. She challenges the misconception that a formal technical education is the only pathway into the tech world, citing her own experience. Despite studying business management at university, she was able to excel in the cybersecurity industry through hard work and dedication. Chan emphasizes the importance of businesses investing in quality education and training for their employees, recognizing talent as an investment.
Haris Pylarinos, the CEO and Co-Founder at Hack the Box, echoes this sentiment, suggesting a departure from the traditional hiring model that heavily relies on university degrees and specific certifications. Pylarinos believes that practical experience holds more relevance in the industry today. By widening the pool of potential candidates to include self-taught hackers and experienced professionals from various backgrounds, the industry can benefit from a diverse range of perspectives.
Edward Thorpe, the Lead Talent Acquisition Partner at Garrison, shares a similar view, proposing the consideration of talent from other industries such as fintech or gaming. By doing so, companies can attract a more diverse pool of candidates who are eager to work in the cybersecurity field. Thorpe argues that this approach can make the industry less competitive and potentially more rewarding for individuals seeking a career change.
Ilona Simpson, the CIO, EMEA, at Netskope, believes that the focus on encouraging individuals to enter STEM fields alone is insufficient. She emphasizes the need for a variety of skills in the industry, such as customer support, corporate management, and user experience (UX) design. Simpson argues that every skill is essential in the cybersecurity field and should be valued accordingly.
To address the talent shortage, Steven Wood, the Director of Sales Engineering at OpenText Cybersecurity, suggests expanding talent catchment profiles, implementing supportive intern programs, revising recognition, and giving the cybersecurity team a seat at the boardroom table. These actions can help businesses develop pipelines of diverse talent and foster a work environment that attracts and retains cybersecurity professionals.
Jamal Elmellas, the Chief Operating Officer at cybersecurity recruitment agency Focus-on-Security, points out that hiring from within the same limited talent pool exacerbates the challenges in the cybersecurity sector. This approach intensifies competition for top talent, particularly individuals with three to six years of experience, resulting in a transient workforce. Elmellas highlights the need for a broader approach to talent acquisition that takes into account the need for trained and competent cybersecurity professionals.
However, Elmellas also warns against adopting an “anything goes” approach to addressing the talent shortage. While it may fill the recruitment gap, it runs the risk of diluting the industry by welcoming individuals without technical skills. Chris Cooper, a member of ISACA Emerging Trends Working Group, echoes this concern, stating that a balance must be struck. Soft skills should not be viewed as sufficient for success in the cybersecurity sector. Instead, employers should assess applicants’ transferable skills that can be applied to a career in cybersecurity.
Creating a robust future in cybersecurity requires a diverse hiring approach. The industry should aim for diversity of thought, including voices from different industries, regions, genders, and backgrounds. While the tech industry has been regarded as forward-thinking, it still lags behind in terms of diversity. Research by Eskenzi PR and Marketing reveals that only one fifth of cybersecurity leadership roles are filled by women. Caitlin Nowlin, a Program Manager at Hyland, emphasizes the importance of multiple perspectives in problem-solving. A diverse workforce can ensure all aspects are thoroughly considered, resulting in improved outcomes. Nowlin acknowledges the gap that exists in the tech and computer science industries, urging the inclusion of various backgrounds and educational experiences.
Addressing the cybersecurity skills gap is a complex challenge that does not have a one-size-fits-all solution. It requires an open-minded approach to hiring and retaining talent. By embracing diverse talent and reassessing recruitment practices, organizations can bridge the skills gap and enhance their security measures.