Addressing the current shortage of cybersecurity workers and encouraging new talent
Cybersecurity is a vital aspect of every organization, but unfortunately, qualified cybersecurity professionals are becoming rarer than hen’s teeth. This shortage of talent isn’t new, and the demand for cybersecurity professionals has been on the rise for years.
According to the recent (ISC)² Cybersecurity Workforce Study, there is a deficit of more than 3.4 million security professionals, leaving many organizations vulnerable to cyberattacks and at the mercy of malware, ransomware, lateral movement exploitation, and threats from bad actors.
Organizations need to take steps to foster and retain their current cybersecurity staff and encourage new talent to enter the field. We hope to provide a few tips, below, for CISOs and cybersecurity team leaders to keep hold of colleagues and encourage new talent.
Why is there a shortage of cybersecurity workers?
What, apart from cybersecurity being a difficult game of whack-a-mole, possibly even thankless, constantly changing, and underappreciated by the rest of the organization unless something goes wrong and then it’s 100% your fault?
In all seriousness, the shortage of cybersecurity workers is caused by a combination of factors – the first being the serious lack of qualified candidates. Cybersecurity is a complex field that requires a deep understanding of technology, risk management, and business operations. To put it bluntly, most individuals lack the necessary skills and education to succeed in the field. It takes a certain type of person to embrace the subject and want to do the work – and this sort of person is rarer than a four-leaf clover.
Obviously, the high demand for cybersecurity professionals also plays a part in the shortage. As more organizations head for the cloud and become decentralized, and the threat landscape grows, the need for cybersecurity workers has grown with it.
This high demand has led to a competitive job market, where cybersecurity professionals can command high salaries and benefits. The cybersecurity industry also suffers from a lack of diversity. According to another isc2 study, only 24% of cybersecurity workers are women, and only 11% are of non-white ethnicity. This lack of diversity can create a talent pool that doesn’t reflect the population and can result in missing out on talented candidates from different backgrounds.
Tips for retaining cybersecurity staff
Retaining cybersecurity staff is essential to ensure the organization’s security and stability. Here are a few ideas for CISOs and cybersecurity team leaders to help them retain their staff:
- Offer competitive compensation
Packages Salary is an important factor in retaining cybersecurity professionals. Organizations should offer competitive compensation packages that align with the market rates. This includes salaries, bonuses, and benefits such as health insurance, retirement plans, and vacation days.
Remember: In the current economy, and with a valuable skillset like cybersecurity, if a colleague feels financially undervalued, it’s a simple button press on LinkedIn to passively find an extra 20% for their troubles.
- Provide career growth opportunities
Cybersecurity professionals want to feel that they are growing in their careers. Organizations should provide opportunities for career growth, such as training, certifications, and promotion opportunities. Providing opportunities for career advancement can help retain cybersecurity professionals who are motivated to advance their careers.
- The right tools for the job
Security personnel should be able to look at one pane of glass, not ten screens and applications, to make logical sense of what is happening in their environments. Not being able to do so is unnecessary and time-consuming. Too often, a frustrating number of resources go into getting various tools to work together through homemade solutions.
No one wants to spend their days bogged down in a sea of alert clutter or have to install “yet another agent” when there’s a practical working alternative. Investing in our teams by giving them a consolidated and functional toolset shows that an organization cares about its staff enough to streamline their day-to-day practices, and about cybersecurity in general. Making our colleagues feel valued by giving them a better chance to succeed, instead of fighting against legacy programs that lack clear insight, lets them know they are being set up for success.
- Promote a positive work culture
A positive work culture can go a long way in retaining cybersecurity staff. CISOs and team leaders should create an environment where employees feel valued, supported, and recognized for their contributions. This can be achieved through regular feedback, team-building activities, and recognition programs, and give a sense of camaraderie that shouldn’t be overlooked.
The occasional “thank you” and “well done” goes a long way, but so does providing lunch, practical team building through red team exercises, internal communications to make them feel part of the organization’s efforts, sharing wins and successes that can add a sense of purpose and put things in perspective, and encouraging self-care and exercise.
As an aside, I fondly remember a senior manager once saying to me, “You can’t build office culture by shooting someone with a Nerf gun, but if you leave a few Nerf guns around the office, it will likely build itself.” Two weeks later, I found myself spending heavily at Toys “R” Us.
- Offer flexible work arrangements
Flexibility is becoming increasingly important to workers. Organizations should, if possible, offer flexible work arrangements such as remote work or flexible hours. This can help to retain those cybersecurity staff who value work-life balance and can lead to increased job satisfaction.
If someone wants to come in an hour later on Tuesday because they have to do the school run that day, let them. For some people, the value of being able to do so is pure fried gold.
- The little things
Knowing what’s important to the individual and personalizing their work experience is a part of modern-day HR. Maybe they prefer to use a particular piece of software, or favor a certain layout that would make reporting easier? It might sound trite, but I’ve actually turned jobs down, despite that magic boost in earnings, because I couldn’t bring my dog (Molly, she’s kinda awesome) into the office. Some things are more important to people than we might think, and appraisal time is the time to discover what people actually care about.
I worked at a company with an outstanding coffee machine and four types of t-bags – PG, Tetley, Yorkshire, and Yorkshire Decaf. It might not seem like much, but at appraisal time, they discovered that’s what people wanted, so that’s what they got. The social shares and good vibes were worth it for the LinkedIn PR alone, and all for the sake of adding a few different boxes to the regular office supplies order. Those four types of t-bags let four different people know that the company was listening and cared, and made everyone else smile and feel valued – it still makes me smile six years later.
Encouraging new talent in cybersecurity
Encouraging new talent to enter the cybersecurity field is essential to address the shortage of cybersecurity workers. Here are some tips for organizations to encourage new talent:
- Develop cybersecurity curriculums
It’s important for educational institutions to develop cybersecurity curriculums to educate students on the basics of cybersecurity. These curriculums can help create a talent pool of individuals who are interested in the field and have the necessary skills to succeed. Maybe, if funds allow, you could consider sponsoring one or giving over some time to speak to new students?
- Promote cybersecurity as a career option
Organizations should promote cybersecurity as a viable career option for individuals who are interested in technology, risk management, and business operations. Promoting the field can be done through internships, job fairs, and partnerships with educational institutions.
- Encourage diversity in the field
Encouraging diversity in the cybersecurity field can help attract a wider talent pool. Organizations can focus on promoting diversity through inclusive hiring practices, mentoring programs, and employee resource groups.
- Provide training and development opportunities
Organizations should provide training and development opportunities for new cybersecurity professionals. This can include on-the-job training, certification programs, and mentorship programs. Providing these opportunities can help new talent gain the necessary skills and experience to succeed in the field.
Retaining cybersecurity staff
The shortage of cybersecurity workers is a significant current and future challenge for organizations. Retaining cybersecurity staff and encouraging new talent to enter the field are essential to address this shortage. CISOs and cybersecurity team leaders should focus on offering competitive compensation packages, providing career growth opportunities, giving their team the right tools, promoting a positive work culture, offering flexible work arrangements, and getting personal, to retain their current cybersecurity staff.
To encourage new talent in the field, organizations should help and support the development of cybersecurity curriculums, promote cybersecurity as a career option – internally and externally, encourage more diversity in the field, and provide training and development opportunities.
By implementing these strategies, organizations can build a strong cybersecurity workforce and ensure their security and stability in the current digital landscape. In the short to mid-term, the deficit of talent and demand for cybersecurity professionals is only going to rise. It’s time for organizations to become a part of the solution.