According to research by several major cyber security firms, the growing cyber security skills gap will reach one million positions by 2020. One million vacant jobs with nobody to fill them. Hundreds of thousands of organisations forced to face an increasingly-hostile threat landscape without the necessary defences.
Cyber security’s looming talent shortage has officially crossed the line from challenge to catastrophe. And in spite of this, most businesses seem to lack any real concept of how to address it. In their eyes, there simply aren’t enough qualified individuals.
Here’s the thing – that’s only partially true. While it’s certainly accurate to say that there aren’t enough people specifically seeking out security degrees and certifications, assuming this means talent is impossible to find is highly inaccurate. Experience and expertise may well be in short supply, but talent is not.
Work towards greater diversity
Just 11% of the cyber security workforce is made up of women. The problem is twofold. First, cyber security has a horrendous PR problem – chances are that unless you work in IT, the first images that come to mind when someone mentions a hacker or a sysadmin are anything but flattering.
Worse is the fact that women in IT still make considerably less than their male counterparts – there’s as much as a 20% gap in pay. These two factors together mean most women are understandably disinterested in pursuing a career in cyber security.
Expand your hiring pool
Beyond working to increase diversity within your organisation (and the industry as a whole), another important step to addressing your organisation’s talent shortage is to rethink where you’re looking when seeking new cyber security professionals. Online job boards and technical institutions are all well and good, but you can go further.
For instance, have you considered hiring someone with a music degree? What about someone who works in mathematics or accounting? These are all fields whose skill sets overlap with cyber security to a surprising extent, yet many businesses completely overlook them when seeking to fill positions in IT.
Improve your job listings
One of the most frequent mistakes I see businesses make when hiring new cyber security talent lies with their job listings.
Some demand so many skills only a unicorn could possess the right qualifications. Others read like they were written by a first-grader. And some focus entirely on what the employee should bring to the organisation – not on what the organisation can offer the employee.
Source: CPO Magazine