Cybersecurity Skills Gap – Challenge and Opportunity

We live in a world with a massive, and growing, dependency on Technology, stimulated by a digitally savvy society demanding innovation, ease of access to services, resources, and data on a timely manner, resulting in a complex and interconnected digital ecosystem. Cybercriminals are, more than ever, actively taking advantage of this wider IT landscape to explore weaknesses and fragilities in organizations, benefitting from a higher probability of success to increase their potential rewards.

Cybersecurity has been around for a few decades now, but only recently we have witnessed growing media coverage and concern from organizations, governments, and general population. Newspapers and television news include daily reporting on impact from cyberattacks in our lives, either directly, if we are the target, or indirectly, due to unavailability of services on which we rely or depend on.

Boards are also addressing Cyber more seriously, seeing it as a top risk, being open and increasingly more literate to discuss about it and incorporate it within strategic planning. This change of mindset has been influenced by the operational, financial, reputational, and regulatory impacts arising from publicly known cyber incidents, as well as the growing concern and demand from customers, partners, employees and governments to properly manage Cybersecurity risks.

Shortage of Cybersecurity professionals is a global reality, currently estimated at more than 2,72 million positions to be filled, resulting in a necessary growth of workforce by 65% to effectively defend organizations’ critical assets, according to 2021 (ISC)² Cybersecurity Workforce Study.

Organizations are thus impelled to identify and put into practice creative approaches to surpass this challenge, and the key might simply be to take it as an opportunity.

Retain your talent

Before focusing on hunting for new professionals, be sure you drive your energy into retention strategies for your team members. With such a strong demand and lack of offer, the market is super aggressive, with companies offering attractive compensation packages and benefits.

It might be a good idea to benchmark salaries, comparing with similar sized companies operating in your region, and performing the necessary adjustments to reflect that market demand. Use that input to define an adapted compensation model for Cyber Security professionals, offering the possibility of choice between a technical or a management path, without penalizing the first, making it clear and transparent in terms of career progression opportunities.

Investing in training and participation in events/conferences for your team is another great way to motivate and retain talent, while continuously developing their potential and skills. New ideas, experiences, references and knowledge are acquired and will then be put at the company service, positively influencing and contributing to the Cyber Roadmap.

Involve your team in the design and definition of your Roadmap for the next 3 to 5 years, promoting transparency, sense of ownership and meaning, enabling team members to have visibility on how they will be able to contribute, as well as on the challenges/opportunities ahead.

Lighten your requirements and reskill

It’s often part of Cybersecurity job opportunities the need to have several years of experience in the area, as well as University degree on Cyber, significantly limiting the matching candidates. You might want to consider lightening those requirements and rather focus on willingness to learn, capability and interest to adapt, and critical thinking. Some of the most talented professionals I’ve met in the Cyber domain do not have a bachelor, master or doctorate in Cyber or even IT, thus they would not match the hiring criteria, which would be a great loss for organizations.

Look inside your organization and identify people interested in the Cyber area, without the need to have previous knowledge, and give them the chance to reskill and enter this domain. You might be surprised with the outcome.

If you are looking for an Industrial Cyber Security Expert, why not reskilling an operational technology professional, who has knowledge on what you are trying to protect? If you are looking for a Web Application Security Tester, why not reskilling a software developer? If you are looking for a Cybersecurity Architect, why not reskilling an IT Architect?

Take advantage of recruitment changes observed in result of the pandemic crisis, including the global adoption of remote and flexible work and greater openness to relocation, by removing location as a deciding factor. You’ll get a much wider pool of candidates by not limiting it to the company’s location, possibly exploring employment markets on foreign countries and attracting talented people with enriching mindset and cultural background.

Contribute to the Cyber Community

Be open to collaboration with academia and consider onboarding internships and trainees within your Team. There are amazing young talents that bring such a refreshing approach, unlimited energy and commitment which can positively impact the team spirit and productivity, and all they need is an opportunity and some guidance to thrive. Even if they leave afterwards, you’ll be contributing to enlarge the Cybersecurity community and help solve the industry skill shortage. Approach time spent as an investment rather than a loss of your time.

Be prepared and embrace leavers naturally

The day will come when our team members decide to move on, taking new challenges and accepting to explore new opportunities elsewhere. We must embrace this as something natural and focus on the positive aspects, considering that a new opportunity might be arising for a new or existing team member to relocate to that position and take new responsibilities, continuing its growth path. As people managers, our goal is to take the best out of each of our people and support them in their journey, thus their success and evolution can only be seen as a source of pride and a sense of accomplishment.