While the cybersecurity industry is growing fast, it faces a massive shortage of talent. In this article, Lisa Plaggemier, interim executive director, National Cyber Security Alliance provides few tactics for organizations to inspire individuals toward a career in cybersecurity.
Few industries are growing faster than cybersecurity. However, for the amount of buzz around the space, one major issue continues to plague it: a dearth of talent.
According to the (ISC)2 Cybersecurity Workforce Study for 2020, the cybersecurity industry is facing an extreme shortage of talent, needing approximately 3 million qualified professionals. Pair this with the fact that the category is set to experience a compound annual growth rate of 10.9% from 2021 to 2028, and it is no surprise that businesses are scrambling to find ways to fill the talent pipeline.
With that in mind, and with Cybersecurity Awareness Month underway, here are a few tactics for organizations to help inspire and drive individuals toward a career in cybersecurity.
Beyond the shortage of talent in general, the cybersecurity industry also suffers from a severe lack of diversity within its workforce. For example, in 2019, women only accounted for 20% of the global cybersecurity workforce, according to Cybersecurity Ventures. Additionally, per (ISC)2’s Cybersecurity Workforce Study for 2020, only 51% of cyber workers say they “perceive the percentage of women in the field to have risen over the last five years.” Moreover, only 12% of black professionals worked as information security analysts in 2020, according to the U.S. Bureau of Labor Statistics, highlighting there’s significant underrepresentation within the industry. And, as there’s clear room for improvement, this needs to change.
Inclusion and diversity (I&D) should be a priority for all organizations, not just because it is the right thing to do but also because inherent workplace inclusivity offers more diverse thinking and solutions.
For example, think of the ‘Code Talkers’ from WWII. The use of Native Americans to send secret communications during World War II changed the trajectory of the war. It is that type of diverse thinking and solutions that can help increase the success of cybersecurity tactics used today. New solutions born from new perspectives and different ways of looking at problems take critical thinking skills from all types of individuals, whether they’re in leadership positions, entry-level or engineers.
If you were to survey people at random about the prerequisites for a career in cybersecurity, you would likely expect to hear the following: a love of math, science or coding, or a love of all three. However, the truth is that the cybersecurity industry depends on a variety of skill sets, not just STEM.
From training to coding, there are so many different career paths that individuals can pursue within the cybersecurity sector, many of which don’t require a passion for STEM at all. To be a “good” cybersecurity employee, you really only need a handful of qualities: an interest in problem-solving, a willingness to learn, and a desire to help create a more secure digital world. The industry needs to do a better job of dispelling the STEM-driven myths that surround it. And there are some really simple ways to do that. For example, employers can engage in “open office” days where they invite local students to come in for information sessions with their team members. Or, they can turn their inside expertise into resource libraries and tools for potential job seekers that live directly on their websites. These initiatives can go a long way in humanizing and democratizing cybersecurity, making it far more appealing to job seekers.
Many companies spend an enormous amount of effort and resources to bolster their internship program through university recruiting. The strategy to obtain new talent can foster a non-inclusive approach to hiring. If you take into account that the pool of eligible university students targeted may not reflect a diverse pool of job seekers, it’s important to expand the recruiting approach to finding new talent by offering apprenticeships alongside internships.
With this approach, students pursuing education through training or a certification program can obtain the necessary experience as they pursue their education. There are many programs that focus on the skills needed for roles in cybersecurity without the added courses that accompany the traditional university curriculum and price tag.
Beyond dispelling external misperceptions about cybersecurity as a career, employers should look to do the same within their organizations. Employers invest massive amounts of time and energy into recruiting efforts to make sure they have the best employees possible. So why not offer existing employees the opportunity to shift into a cybersecurity career track?
Doing this not only helps companies revamp their training infrastructure but also allows organizations to provide existing employees with new opportunities for growth. Moreover, given the affordability of these retraining programs, employers have the opportunity to provide valuable expertise and training to individuals with no cost barriers, thus greatly improving access to these skills. As shown by the shortage in the qualified talent pipeline, finding the right talent to fill cybersecurity is proving to be a foremost hurdle for the cybersecurity industry. And individuals already under your roof may be best suited to take on this new task.
For the cybersecurity industry to reach its full potential, it must start closing its talent gap and quickly, which can start with employers themselves. With creative thinking and expanding options, employers can reach untapped reservoirs of talent and begin to fill their pipelines with the next great crop of cybersecurity professionals that our industry needs.
Originally Published On: https://www.toolbox.com/it-security/security-careers-skills/guest-article/tackling-the-cybersecurity-talent-gap-tips-for-employers/