Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals.
Many make the mistake of valuing certifications over wider experiences, which neglects a person’s eagerness to learn or strong transferable skills that could make them a great fit for a cyber career with the right development opportunities.
However, I see two leading solutions in the short and long term.
Rapid response to the skills gap
CSOs and CISOs can increase headcount quickly by temporarily deploying certified cybersecurity contractors into team vacancies. This might be an option when immediate support is needed for one-off projects or when navigating a hiring cycle freeze, reducing the immediate pressure.
Cybersecurity leaders can deploy contractors from junior to senior levels who cover generalist roles or are more specialized in a range of areas like SOC analysis, threat intelligence, governance, risk and compliance, and vulnerability management. This avoids the financial pressure of a permanent hire, as leaders agree to a fixed daily rate. It also saves on recruitment fees, national insurance, pension, and holiday pay. This can be especially valuable when leaders face economic uncertainty but still need to ensure they have the right skills and expertise available.
Besides remedying an immediate shortage, hiring cyber professionals contractually can establish a diverse talent network for future hires. By welcoming contractors, organizations can showcase the company culture, values, and practices, creating a talent pool with a working knowledge of the company.
Equally, leaders who work closely with contractors over several months can gauge whether they may be right as permanent members down the line. When the time is right, they can hire them on a permanent basis.
Bringing the skills gap in the long term
Reskilling from within
Cybersecurity teams should not only look at hiring external talent. There’s a massive, but often overlooked opportunity to reallocate internal talent by reskilling current employees into cyber roles.
BT is just one company that has taken this approach, offering a 16-week course to retrain 30 employees and equip them with the skills to pursue a career in cyber, which is one of the fastest areas of the organization.
Internal reskilling has numerous benefits beyond avoiding the competitive talent market. The new “recruits” already have a working knowledge of the business to apply to their cyber roles. In addition, drawing in talent from different functions and previous careers can introduce diverse thinking, experience, and approaches to problem solving.
Improving diversity to bridge the gap
Making space for talent from all backgrounds leads me to one of the biggest causes of the current skills deficit: diversity.
With 30 years of experience within tech and education, I have seen firsthand how challenging cyber can be to enter. Even at the entry-level, those with limited or no experience are denied opportunities despite having transferable solid “soft” or “impact” skills.
However valuable these may be in a real cyber setting, recruiters can get bogged down prioritizing traditional technical or educational backgrounds. Consequently, this has prevented many promising individuals from getting their first step on the career ladder.
Cyber now has a considerable diversity problem. It needs role models from various backgrounds to inspire those beyond the traditional white, middle-class demographic. By restricting the talent pool to a largely singular demographic, the status quo will remain, the talent pool will grow to a different size than the market requires, and cyber leaders will lose out on the valuable insights a diverse team provides.
Creating opportunities from the talent shortage
There’s a long journey to bridge the cyber skills gap, but bringing in contractors or reskilling colleagues from other business areas can enable CISOs to increase headcount with exceptional talent quickly.
The broader sector can learn from this initiative. Opening the workplace to career changers and those with non-traditional cyber backgrounds lays the foundations for a talent pool of candidates with a real-world understanding of the cyber workplace.
Cybersecurity leaders owe it to their industry to lay the foundations for more diverse talent as the best way to create an adaptable and resilient workforce. Normalizing talent acquisition beyond traditional routes will make it easier for underrepresented demographics to break into the industry and ultimately create a sector equipped to tackle the industry’s increasingly varied threats.
Fill out the form to get your free eBook: