The dearth of talent entering the cybersecurity industry paints a worrying picture. There is an acute skill shortage of three million unfilled roles according to (ISC)2’s 2020 Cybersecurity Workforce Study. Here at Infosecurity Europe we recently ran a poll to explore current issues around the skills shortage within the sector, particularly within the context of the pandemic.
35.9 per cent of the respondents to Infosecurity Europe’s poll said that their organisation currently has a hiring freeze on cybersecurity roles which is hardly surprising given the economic uncertainty we all find ourselves in. Looking forward, and once this freeze is lifted, what’s needed is an holistic approach to attract and retain the next generation Infosecurity workforce. With the help of some of our esteemed colleagues from our CISO community here are five ways in which we could make some advances in solving the skills crisis facing our industry.
Make Cybersecurity Apprenticeships more widely available
42 per cent of respondents felt that apprenticeships were the solution to attracting younger people into cybersecurity. While there are opportunities for young people to join cybersecurity apprenticeship schemes, they are still not widely available. In a previous role I worked at a local further education college and had first-hand experience creating an apprenticeship programme. We had great success striking up relationships with local companies securing jobs for young people. The benefits are plentiful, but it requires a joined-up approach from both sides to make it work. It’s not a straightforward area for companies to get into but if managed within an HR team with a good provider it offers huge success and opportunity. Internships are also another option that could be considered help to solve the challenge.
Include cybersecurity in the school curriculum
It can be argued that we are waiting too long to attract the right people in. Cybersecurity has become such a crucial aspect of our day to day lives so we should be including it as part of the school curriculum. Just as with other professions we need to be inspiring and educating people from a young age of the wide and varied opportunities our sector offers. If left too late as Amar Singh, CEO Cyber Management Alliance, practising CISO and Trusted Advisor says “By the time they’re 16 or 18 this becomes more difficult because they may have chosen other passions and career-paths.”
Reviewing recruitment strategies
We should be looking to cast out net wider If we are trying to attract more people into our industry. This could mean looking at other people within your organisation who could be suited to a role in cybersecurity. As an industry are we guilty of creating the problem ourselves by not employ people because they don’t have technical qualifications or a degree? It is widely recognised that softer skills have a key role to play in cybersecurity strategies.
Often there will be highly suitable candidates already within your organisation. Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, agrees: “We need to really expand our view, looking at non-traditional backgrounds for different types of roles. What is it you really need in terms of the skills? And what are the things you could train someone up to do? You’re looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”
Creating a mentor scheme
The pandemic has further highlighted the importance of creating a proper support network for workers and even more so with the majority of the country finding itself remote-working. Indeed, a third of our respondents (37.2 per cent) believe that sustaining motivation and wellbeing is the greatest skills-related challenge faced by cybersecurity professionals right now. Having a supportive network is equally important wherever the workforce is located and whatever stage of their career they are in. Taking time to mentor people and helping them develop their skills is central to attracting and keeping them in the industry.
Keeping motivated and in good mental health during the pandemic could be particularly tough for new joiners. “We have people who’ve never physically stepped foot in their office, or met their colleagues,” says Paul McKay, Senior Analyst – Security and Risk, Forrester Research. “It’s also challenging for junior professionals not having support structures in terms of the mentorship and oversight of more senior folks, or being with peers of their own age who are all going through the same journey.”
With reference to the pandemic effective team-working skills was cited as a major challenge for remote workers by 26% of poll respondents. Steve Wright, Partner, Privacy Culture, agrees: “To not engage in a social way is possibly one of the worst things that could happen to our species, because we’re designed to be with people and bounce off each other. We need to think about how we can better support each other and collaborate now we don’t have that camaraderie in the office, to help make sure people still feel associated and included, and that they know you still care about them.”
Attracting more diverse candidates
This goes hand in hand with looking at recruitment strategies As Mark Nicholls, CISO of Chime Group says “There are so many good people out there, and we need to be more open. There are advantages to having diverse teams that represent the business you’re trying to protect, and having non-security folks bringing different ideas to the table.”
Attracting candidates from more diverse backgrounds also come under this. For example, if we are aiming to attract more women into cybersecurity then this can’t simply be statement. We must deliver on it. Careful consideration needs to be given to culture and ensuring that it reflects those you are aiming to entice in.
Troy Hunt, Microsoft Regional Director and Founder of Have I Been Pwned, indicates the need for greater inclusiveness: “Technology in general is very male-dominated, and there’s a lot of women in particular feel excluded by that. There’s also much more introverted behaviour, and – in my experience at least – obnoxious behaviour! We need to create an environment that people of all backgrounds want to be in; that removes any barriers making them reticent about being part of the industry.”
Our industry gives us much to be optimistic about with exciting technological breakthroughs at every turn. To cope with its fast-paced nature, however, we must ensure that we do everything we can to attract and retain a steady pipeline of talent into our industry. Early engagement and education opportunities to attract and maintain more people hold the key to its long-term sustainability.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.