Fixing the cybersecurity skills gap: Draw on wider talent pools
The cybersecurity sector faces unprecedented challenges, ranging from ransomware to determined nation-state actors. One of the biggest hurdles is finding the people to deal with those issues. How can we source talent to help bridge the gap?
According to the Enterprise Strategy Group, 95% of cybersecurity professionals say that the skills gap hasn't improved in the past few years, while almost half say it has worsened. A heavier workload is a major effect of the skills gap for another 62% of respondents, while 38% complain of burnout as a result.
In the UK, the government has explored sourcing talent from unconventional sources. In analyzing cybersecurity recruitment options, the Department for Digital, Culture and Sport cited several potential avenues. These include training undergraduates with specialized cybersecurity modules and sourcing masters and Ph.D. students.
ChatGPT training built for everyone
Training further education candidates
The UK report also recommends recruiting those in further (post-high school) education for entry-level cybersecurity positions.
Companies are identifying and targeting these opportunities. At the end of October, Microsoft launched a campaign to help plug the cybersecurity skills gap by working with community colleges. It will train faculty staff at 150 colleges to teach cybersecurity programs, make free cybersecurity curriculum material available, and offer a scholarship program to 25,000 students. It hopes to train and recruit 250,000 people into the cybersecurity workforce through these channels by 2025.
(ISC)²'s 2021 Cybersecurity Career Pursuers Study found that just half of the cybersecurity employees had computer and information services degrees. It also found that newer workers in the field came from outside IT.
Drawing from talent outside IT
The UK's analysis also identifies another interesting option for cybersecurity recruiters: retraining workers from other industries. This focuses on industries where the skill sets reflect those often seen in the cybersecurity space: risk awareness, discipline, a focus on procedure and attention to detail.
The report identifies the military and law enforcement as fruitful sectors for potential talent. One in three respondents to the (ISC)² survey had a military and law enforcement background.
How would companies train those without a grounding in traditional computer science? The most promising route is a cybersecurity apprenticeship. This requires an investment from companies and a commitment to developing talent that would not be immediately productive. However, the advantage is that the company would mold apprentices to its processes and systems, creating a talent base perfectly suited to its cybersecurity posture.
Employers can also work with third-party organizations dedicated to training people from these backgrounds in cybersecurity. IBM's SkillsBuild initiative has worked with SaluteMyJob, an organization that finds work for veterans, to train 500 former UK military service personnel in cybersecurity jobs. AT&T also began working with nonprofit group NPower last year to train veterans for cybersecurity jobs. VetsInTech partnered with Infosec to help prepare veterans for cybersecurity roles by training them on entry-level CompTIA certifications — ending with a Security+ boot camp.
Courting neurodiversity in cybersecurity recruitment
Another untapped source of talent for cybersecurity skills is neurodiversity. People with autism spectrum disorder (ASD), for example, sometimes have the focus on detail and pattern recognition that are so important in cybersecurity analysis. In its 10 on 10 survey of over 6,700 cybersecurity professionals, Bitdefender found almost one in four people agreeing that neurodiverse hires would make cybersecurity defenses stronger.
Companies are eager to source from this talent pool. PricewaterhouseCoopers teamed with Mercyhurst University to train students with autism in cybersecurity jobs, and both IBM and SAP have programs to hire individuals with ASD into cyber jobs.
Phishing simulations & training
However, creating opportunities for neurodiverse candidates takes a considered approach, warns Theo van Wyk, head of cybersecurity and solutions at large Canadian IT services company CDW. "The organization has to be aware of neurodiversity needs," he says. "We must make sure that our management skills and interactions adapt to what's suitable for those candidates."
The final alternative talent pools for cybersecurity talent are perhaps the most obvious: under-served gender and racial groups. The UK's National Cyber Security Centre logged female representation in the cybersecurity industry at just 31% — higher than other studies — while 85% of employees were white. One of the easiest ways to bridge the cybersecurity skills gap is to provide more opportunities for women and people of color.
Sources
- ESG: Cybersecurity Skills Crisis Continues for Fifth Year, ISSA.org
- UK DDCMS: Understanding the Cyber Security Recruitment Pool, Gov.UK
- Microsoft: America faces a cybersecurity skills crisis, Microsoft
- ISC2: 2021 Cybersecurity Career Pursuers Study, (ISC)²
- Bitdefender: 10 in 10 Report, Bitdefender
- Mercyhurst will train students with autism for cybersecurity work, Times Online
- NCSC: Decrypting Diversity, NCSC
ChatGPT training
In this Series
- Fixing the cybersecurity skills gap: Draw on wider talent pools
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization