Along with the COVID-19 pandemic, the world is facing another unprecedented crisis – the cybersecurity skills shortage. If this is already not alarming, these numbers will show you why. According to HelpNet SecurityOpens a new window , 65% of organizations report a shortage of cybersecurity staff. Furthermore, 36% respondents said a lack of skilled/experienced cybersecurity personnel is the top job concern. Another reportOpens a new window shared that 38% of Fortune 500 companies have not hired a chief information security officer (CISO). Globally, the numbers are even more dispiriting, the shortage of skilled cybersecurity professionals across EMEA has grown to 291,000.
Undoubtedly, these numbers are testimony to numerous cyberattacks and scams global companies have faced in recent times. From the Twitter hack in a bitcoin scam in 2020 to the Marriott-Starwood data breach made public in 2018, AccentureOpens a new window ‘s cybercrime reports shows that security breaches have increased by 11% since 2018 and 67% since 2014. This suggests that businesses will need to look for scalable solutions to close the cybersecurity skills gap.
As we unravel the biggest barriers for hiring and training cybersecurity professionals. In this post, top industry experts share some of the best ways to tap into the cybersecurity talent pool.
1. Build a Policy Portal for Remote Workers to Give Guidance on Frequently Occurring Scenarios
Vishal SalviOpens a new window , chief information security officer, InfosysOpens a new window
“It’s crucial for cybersecurity experts to advance internal cybersecurity training for employees, taking extra care to educate employees about cyber threats, like malware and phishing, along with the do’s and don’ts linked to remote working. Companies must continuously work to ensure employees understand their responsibilities in relation to the company’s information security, like using strong passwords, disconnecting from the corporate network when not in use, and reporting any incidents.
“As an example, we built a policy portal for remote workers to find solutions for frequently occurring scenarios where they might need guidance, such as the different rules that govern usage of a device in a specific network. This has helped us avoid insider threats, something that unfortunately often increases when employees adjust to a new technology or way of working.â€
Also read: How to Enable Remote Working Without Jeopardising Cybersecurity
2. Stress on Cybersecurity Certifications Vs. Higher Education to Meet the Market Needs
Jerry RayOpens a new window , COO, SecureAgeOpens a new window
“Considering the technical nature of roles in cybersecurity, hiring managers require a college education but prefer a master’s degree. Degrees alone do not necessarily qualify an individual, and many adversaries have neither academic backgrounds nor purposes, leading to a mismatch of education with cybersecurity work. As experience is most often the second main requirement, it is also favored over tangible skills. This creates an unhealthy cycle of only hiring experienced security experts already in the industry while building a massive barrier to entry for aspiring workers. An added issue is that many hiring managers are unfamiliar with the distinction between a security pro and an IT pro, resulting in a muddled talent pool and exaggerated expectations that candidates tackle both disciplines, which is ultimately unsustainable for new hires.â€
“One of the most impactful ways to tap into the growing pool of cybersecurity talent is to reconsider the importance of education requirements. Cyber threats are always evolving and a college degree from a few years back may not hold up with the current landscape. There needs to be more stress on certifications vs. higher education to make sure hiring prospects are qualified to meet the current needs of the market.â€
Also read: How HR Can Engineer Gender Equity in CybersecurityOpens a new window
3. CISOs Need to Ensure They Have the Right Team to Run the Ship
Vishal SalviOpens a new window , chief information security officer, InfosysOpens a new window
“This also means empowering the team and constantly training them on new techniques and cyber exercises. It can be extremely difficult, especially for non-technology companies, to build, maintain and retain a cybersecurity team. It is much easier to partner with someone who can leverage a large pool of security resources, someone whose focus and purpose is centered on building and retaining an agile and adequately trained cybersecurity team.
“The responsibility for tapping into cybersecurity talent pool does not just lie with recruiters, but also with the CISO of the organization. Beyond the technical elements that come with the role, CISOs need to flex their leadership qualities to ensure they have the right team to run the ship.â€
Also read: 5 Cybersecurity Mistakes You’re Probably Guilty Of
4. Hire External Experts If You Cannot Afford Full-Time Cybersecurity Certified Talent
Erik KnightOpens a new window , founder and CEO, SimpleWANOpens a new window
“Be willing to pay for certifications. Right now, these jobs are in high demand, an easier way to attract these types of workers is hire a slightly lowered skill worker in this area and pay for them to bulk up their resume and grow with your company. Be careful not to go too low in the skills list or your company may pay the price.
“These positions are expensive. Companies should rely on external experts if they cannot afford the going rates of these types of experts. Regardless of your company size, the security discussion must happen, or it could cost you your entire business.â€
5. Collaborate With Technology Partners to Update Workforce on Evolving Cyber Technologies
Vishal SalviOpens a new window , chief information security officer, InfosysOpens a new window
“Training and enablement sessions, creating employee awareness and collaborating with technology partners and service integrators are truly the primary focus areas to keep the workforce updated and abreast of the evolving cyber technologies.
“In addition, we have partnered with Purdue University to offer best-in-class cybersecurity training for up to 2,000 employees. The curriculum is developed in collaboration by Infosys project leads and Purdue faculty. As a part of these training initiatives, employees will learn about topics ranging from malware analysis to forensic analysis, and more. Furthermore, the Infosys Lex platform provides in-depth training across verticals including cybersecurity, where Infosys educators can conduct courses live through interactive virtual classes. Lex offers virtual tutoring, assessments and certifications for learners to choose from.â€
Also Read: 10 Best Onboarding Experience Strategies for Your 2020 Hires
6. Bolster Your Security Team at Scale With More Entry and Mid-Level Candidates
Jerry RayOpens a new window , COO, SecureAgeOpens a new window
“Coupling that with comprehensive corporate training programs and proper CISO level oversight can ensure that new hires don’t burn themselves out on the job or are forced to learn how to mitigate security issues on the fly (which will ultimately do more harm to the organization than good).
“Job descriptions should be more specific, as well. It’s logical for a hiring manager to want someone with the most experience, but tempering requirements to allow for more entry and mid-level candidates to apply can bolster an organization’s security team at scale.â€
Closing Thoughts
Over the next few years, it will be crucial to see how businesses adapt and change their hiring needs for cybersecurity professionals. Apart from providing training, what hiring managers need to do is involve the CIOs and CISOs in the recruitment cycle to get in the right talent. Since the average cost of cybercrime for an organization increased US$1.4 million to US$13 million in 2019, according to Accenture. It is safe to say that if businesses will improve protection around cybersecurity by hiring the right cybersecurity professionals, it can significantly decrease the cost of cybercrime and open gates for better revenue earning opportunities.
How can hiring managers reduce the existing cybersecurity skills gap in the industry? Share your thoughts with us on LinkedInOpens a new window , FacebookOpens a new window , and TwitterOpens a new window .