The biggest challenges facing organizations today is the gap between the skills that their cyber security departments have and those that they require. A lack of professionals has also driven companies toward greater reliance on technologies to fill the gap, putting software to work doing the jobs of human operators. This can create a troubling scenario where a security infrastructure might collapse like a house of cards once one system has been compromised. Meeting this problem head-on is one of the great issues the industry has to confront in the near-term.
Organizations fall short of their cyber security hiring requirements for a variety of reasons. One issue is the continuing lack of women in the workforce. Another is a heavy reliance on qualifications rather than overt demonstration of skills. Many companies also are reluctant to put near-qualified individuals into positions and allow them to grow into the job through experience. The net effect is under staffing and excessive reliance upon technologies that may themselves be targeted by attackers.
Most estimates of the presence of women in the cyber security workforce place their numbers around 11%. As is the case in many professions, female workers are often paid less that similarly experienced and qualified male colleagues. Simply boosting pay offered to female workers may allow some organizations to attract more talent into their available labour pools.
The excessive emphasis in companies on qualifications can cut them twice. First, many individuals who have the core competencies for cyber security work don’t necessarily seek out professional qualifications. For example, the hacker launching an attack against a server is unlikely to have ever bothered to have gotten certified. Second, not all people who have passed a qualification test are going to be good at the actual job. This can lead to the hiring of staff members who look great on paper but who’ll fail when confronted with a real-world problem.
The issue of rejecting near-qualified applicants also produces drag on the cyber security talent pool. Ruling out an individual on account of the differences in knowledge attained between having worked on a MySQL-based system versus a NoSQL-based system may prove to be a terrible mistake. Worse, it may be a mistake a company doesn’t even realize is being made because they may only be conducting a search for positive matches for specific phrases in resumes. By being more open-minded and using an expanded list of related targets for skills in resumes, organizations can improve their chances of hiring someone competent who can quickly grow into the job.
Operations that close the cyber security skills gap often do a handful of things well. Foremost, they tend to start with a broad and diverse pool of candidates for each position. It may seem a little questionable to allow a person with little or no formal education to apply for an advanced job, but it allows the organization to instantly increase its chances of getting a hit for a specific set of skills.
In most cases, cyber security professionals can be presented with real-world examples of problems. This approach, when properly applied, can weed out hires who lack the necessary experience. Not only does this allow candidates with fewer credentials to demonstrate their skills, but it also allows companies to identify candidates who only look good on paper.
A second approach many organizations employ is to push more cyber security tasks onto automated systems. Generally speaking, it’s unwise to leave too much of the load on automated systems, but it can free up staff members from dealing with drudgery. For example, the production of reports or the compression of logs should be automated within any organization. By putting the right monitoring and administrative tools in the hands of staff members, these automated systems allow organizations to expand the potential effectiveness of any one employee.
Keeping talent within an organization once it has been attained is an important part of addressing the skills gap. If every company is competing against the rest of the world for the same set of workers, the incentives have to be in place for employees to stick with one organization. That means providing clear career paths that professionals can expect to following within the operation.
This once again reflects back on the gender-based issues in the cybersecurity world. High-level positions in cyber security operations are often more likely to be filled by male professionals than their female colleagues. By simply demonstrating that a company offers upward mobility to female employees, an organization can distinguish itself from competitors. Not only will this encourage retention of experienced workers, but it will encourage them to invite competent colleagues who wish to move up in the industry to join the business.
It also represents a great way to reward professionals for engaging in the process of self-improvement. If a firm hires someone who lacks formal education, it can be beneficial to encourage that employee to obtain expected certifications. One of the best ways to do that is to make it self-evident that obtaining those qualifications will lead to career advancement. This approach also ensures that management-level positions will be filled by people from a diverse set of backgrounds and experiences, ultimately reducing groupthink and ensuring that the company-wide message of cybersecurity is being spread from bottom to top.
By placing a value on experience and demonstrated skills, a company can gain access to a broader and deeper pool of talent. This requires putting incentives, such as skills-based pay, on the table and seeing that biases are stamped out in applying them regardless of gender and education. With a small adjustment of an organization’s culture toward cyber security hiring and retention, it is possible to successfully compete for talent.
Send us your CV and have our recruiters match you to the ideal opporunities
Do you already have an account with us?Log in
Want to have an account with us?Register
Want to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.