The cybersecurity industry is plagued by a skills shortage that is showing no signs of abating. The recent (ISC)²Cybersecurity Workforce Study estimates there are 3.4 million unfilled cybersecurity positions, a 26 percent increase from two years ago. Burnout is a large part of the problem, as cybersecurity is often a demanding and stressful role that leaves professionals feeling taxed and open to other opportunities. A 2022 study by Trellix shows that almost a third of cybersecurity specialists say they plan to change professions in the future. That could be devastating for an industry that is already struggling to fill open positions.
Fortunately, several strategies can be deployed to enhance the acquisition and retention of talented cybersecurity specialists.
Increased demand for cyber professionals is the biggest factor driving the talent shortage as companies struggle to meet the myriad threats posed by malicious actors. These include a growing number of sophisticated organizations and countries, unlike the individual attackers who have dominated attacks in the past. The perception that cybersecurity roles require technical expertise also presents a barrier to entry in certain cases. While this is true for many roles, some positions are more reliant upon skills like critical thinking, tenacity, and problem-solving with less of an emphasis on technical expertise. Another reason for the cybersecurity talent shortage is the failure to attract enough women and individuals from underrepresented communities.
The increasing specialization in cybersecurity is also contributing to the shortage of qualified personnel. A decade ago, most cybersecurity roles generally fell into three basic buckets – infrastructure specialists, penetration testers, and compliance officers. Today, cybersecurity professionals are more likely to specialize in very specific technological areas such as artificial intelligence (AI), machine learning (ML), and/or cloud computing. Certifications in these areas are generally quite expensive and time-consuming to obtain.
Organizations are now attempting to recruit people who already have the specific qualifications that a particular role calls for, further exacerbating the shortage. However, it’s rarely possible to assemble a small team with all the necessary certifications.
The most promising solution to the current talent shortage is to attract more young and diverse people into the cybersecurity field. This will require changes to policies that will lower barriers to entry through higher education and training, including bootcamps and employer-led initiatives. For example, the UK recently launched a new qualification for 17- and 18-year-olds that includes cybersecurity.
Placing increased emphasis on diversity is a critical component for attracting new talent into cybersecurity. Women are generally underrepresented in technology fields, which is particularly true in cybersecurity. As a result, recruiters are missing talent that their clients need. Slone Partners Cybersecurity helps its client partners enhance their teams’ diversity by implementing recruiting strategies that target women and other historically underrepresented groups.
Scaling up the talent pipeline in cybersecurity will allow recruiters to help their client partners fill entry-level positions more quickly, allowing those individuals to begin building their careers. One way to help steer young people into cybersecurity is by ensuring that job descriptions require only those qualifications that candidates actually need from the start. It’s more important to find candidates with the ambition, potential, and willingness to acquire the necessary training and expertise than it is to search for someone who already has every certificate and skill set they could possibly need.
Additional in-house mentoring and training is another way to address the cybersecurity talent shortage since that allows organizations to develop existing team members from within. Many enterprises are currently adopting this train-to-hire approach, but it requires careful thought about achieving the best balance between recruiting and training. Some roles in cybersecurity are best suited for in-house staff, while others can be filled by external vendors.
Developing a holistic strategy for attracting cybersecurity specialists requires companies and their leaders to look ahead to define what those roles will look like two to three years down the road. That requires organizations to create their strategic and talent roadmaps alongside each other, with an eye toward the allocation of resources between the two. All too often, businesses take an ad-hoc approach to their cybersecurity teams by adding staff only when absolutely necessary. In reality however, organizations need to think years ahead when mapping out their cyber defense postures, which includes the acquisition of both people and the technical support they will require to keep their ecosystems safe.
Slone Partners Cybersecurity is tightly focused on delivering diverse commercial, operational, and technical cybersecurity specialists and leaders for high-performing organizations and health systems. Our recruiting teams take pride in gleaning an extensive understanding of our client partners, their cultures, and their talent needs, which is very apparent when talking to candidates. Positions become much more attractive to candidates when it’s clear that an organization’s security journey aligns with a candidate's personal career goals.
The increasing scale and complexity of cyber threats make it more important than ever that organizations build and maintain robust and diverse cybersecurity teams. Companies must define and implement a thoughtful and constantly evolving security posture, which requires filling key roles as quickly as possible. Solving the cybersecurity talent shortage will not be easy or quick, so the competition for cybersecurity specialists will remain intense for some time to come.
Slone Partners Cybersecurity helps organizations in all industries secure cybersecurity leadership and specialists – from CEOs and CISOs to engineers and analysts. We are committed to securing the talent needed to protect your company’s people, data, customers, and vendors. Contact us today to learn more about how we can help your business gain the upper hand in the search for cybersecurity talent.
Slone Partners Cybersecurity
Toll-free phone: 1-866-245-9653
Ft. Lauderdale, FL
info@slonepartners.com
