Closing The Cybersecurity Talent Gap Requires A Fresh Perspective

Securing an organization is a marathon, not a sprint

The market estimates there 3.5 million cybersecurity job openings by the year 2025. That is a tremendous shortage of skilled professionals for potential roles. While there are a number of economic factors impacting the global job market, businesses continue to face a unique gap in available talent vs willing candidates. Because it isn’t a lack of workers looking to fill these roles, but rather a lack of technically qualified candidates, according to current job standards.
 

This idea of underqualified workers being unable to fill millions of open positions is a critical part of the talent gap problem, which is also exacerbated by unreasonable job requirements and an imbalance in compensation. To both hire and retain good talent in the industry, companies need to change their approach and look at talent acquisition from a new perspective.

Rethinking the Cybersecurity Role

An important first step for organizations is to overhaul the way they think about cybersecurity roles to allow for the development of junior candidates, better management and distribution of manual tasks and elevating compensation to match the need for talent. Cybersecurity job descriptions are typically complex, yet at the same time are too general, creating a disparity in expectations. As an alternative, hiring managers should consider simplifying roles and descriptions to give less experienced workers the opportunity to develop their skills relative to an organization’s cybersecurity needs over time and ultimately leading to a stronger team that can better manage the security workload.
 
By expanding and distributing duties across multiple roles, organizations can also alleviate the burnout felt by many cybersecurity workers tasked with keeping track of individual vendors, policies, monitoring protocols and incident response strategies on a daily basis. Mitigating those stressors and ensuring a company’s cybersecurity team isn’t overwhelmed can also be a key to attracting and retaining a skilled workforce.
 
Hiring teams also need to better educate decision-makers about the complexity of these roles and the demand for skilled professionals and come to an understanding that the right compensation package is critical to attracting the right type of talent. Although many skilled workers receive fair compensation, a recent survey shows almost half of technology workers still feel undervalued in their roles. This gives hiring teams an opportunity to provide a compensation package that will not only let workers feel appreciated but will also minimize churn in the long term.

Invest in Education

Organizations should continuously invest in resources that can further educate their security team and overall workforce. Different types of learning opportunities, such as new technology training, red teaming, and research, for example, should be a regular part of an organization’s cybersecurity work culture, and new workers should be hired knowing they’ll be encouraged to expand their knowledge. Like many technology-focused jobs, obtaining certifications is an important way for security workers to showcase their skillsets. Employers should be willing to invest in their employees, giving them the proper resources to obtain these certifications, and build a culture that rewards personnel who go the extra mile to become more technically accomplished.
 
To better mitigate organizational threat vectors and ease the burden on security teams, companies should also ensure employees operating in other business functions have a basic knowledge of maintaining cybersecurity hygiene across their workflow. Equipping all levels of staff with even the most basic cybersecurity deterrence knowledge through training exercises and communications from their organization’s security team will help cybersecurity workers stay more focused on providing critical support within their organization.

Gaps in C-Level and Executive Benches

Another risk factor for organizations that contributes to the talent gap issue is the lack of cybersecurity leadership at the C-level or on the board of directors to lead an organization's security efforts. Addressing this may need to happen sooner than later as a recent proposal from the US Securities and Exchange Commission suggests businesses should disclose which board members have cybersecurity expertise and the frequency of cybersecurity discussions within specific organizations. The issue isn’t a shortage of senior-level security professionals, but rather, most executives don’t even think about putting someone with this type of background into an advisory position.
 
Although cybersecurity is much more top of mind than ever before, many business leaders still see it as an afterthought. However, it’s clear that in order for security decisions to properly trickle down throughout an organization, some sort of security leadership must be appointed to address the board and C-suite. It’s ultimately up to the C-suite to activate change within an organization, making it paramount that board-appointed security professionals not only be knowledgeable about cybersecurity best practices and threats, but also charismatic enough to properly relay problems and solutions to non-technical leadership. Without this type of authority, companies will continue facing the same security problems and business pitfalls until that talent gap is sufficiently filled.
–
Securing an organization is a marathon, not a sprint, and organizations need to properly invest in the right people to keep pace and deliver a strong security practices. With 88% of boards of directors viewing cybersecurity as a business risk, the importance of investing in people and programs can not be underestimated. This time and investments needed to provide aspiring workers with the proper support must be understood by all leadership and will help close the cybersecurity talent gap, one organization at a time.

Author Bio

Demi Ben-Ari is Co-Founder & CTO, Panorays. Connect Demi Ben-Ari