The cybersecurity industry is at an inflection point. The number of attacks are growing beyond what organizations are able to handle with the current staffing levels and capabilities. This is forcing organizations to do things differently.
The fact that cybersecurity has an overabundance of positions that need to be filled is a fact that cannot be disputed. However, what is in dispute is whether there are enough people to fill the jobs that currently exist, as well as those being created over the next three to five years. Solving this problem is not as simple as just becoming more automated.
As positions are being created, the number of trained individuals is not keeping pace. This is largely due to the untapped resource of minorities and women that are not being considered as viable candidates to enter the field. In addition, there are not enough young girls and minorities entering the field due to lack of knowledge that it exists, and opportunities for training to help them gain the skills to be viable candidates.
For these reasons, organizations continue to focus on trying to automate more and poach from each other to find top talent. This narrative has to change.
Organizations need to hire differently. Cybersecurity hiring tactics are driven by antiquated HR practices that do not fit cybersecurity. Cybersecurity leaders have to work with their respective HR and talent professionals to help identify how to properly build job descriptions, and the corresponding requirements needed to fill the role.
The fact that most HR and talent teams treat cybersecurity in the same accord as they do IT will no longer work. It’s time to change that narrative. It’s time to stop making certifications the measure by which we choose talent.
This isn’t to say a certification is not important or useful. However, to make it a requirement is not always necessary.
Additionally, as soon as a cybersecurity role hits a certain level, a college degree becomes an additional requirement. I know scores of senior executives in this field who do not have college degrees. Therefore, focusing on a degree can shrink the candidates and have a number of fully qualified people immediately disqualified.
HR and talent management are the entry point into an organization, and if they are not working off of the right criteria, the roles will never be filled. Cybersecurity leaders have a responsibility to work closely with their HR and talent teams to create roles and job descriptions that are more closely aligned to something like the NICE (National Initiative for Cybersecurity Education) Framework. This framework creates a clear path and skills requirement for each role that fits into the cybersecurity landscape
Diversity is a major benefit for the organizations that understand the value it brings to a team. It’s proven that the most financially successful companies are ones that have diverse teams at all levels. This means diversity of thought, race, ethnicity, gender, sexual orientation, socio-economic status, age, physical abilities, religious beliefs, political beliefs, and other ideologies.
The differences in people, when brought together, most often makes them stronger than they were before.
Room for growth
In order for organizations to find the talent they need with the proper training to fit the roles for which they are hiring, partnerships become critically important.
There are a number of organizations creating pipelines of diverse talent and training them to be ready for the jobs available. Individuals often don’t know how to draw the lines between the skills needed for a role and the training they need to achieve those skills. Additionally, organizations don’t know where to find the diverse and trained talent they need to fill the roles they are posting.
There are many organizations that have created programs to make those lines much clearer for both employers and potential employees. Universities are also beginning to partner with organizations to get their students trained with the skills they need to get from the classroom to the workforce as quickly as possible.
There are options that exist for companies to find the talent they need but they cannot operate as they have in the past. They must begin to change the narrative and take actions that will ultimately help them meet the end goal of building the best cybersecurity team they can to protect their organization.