Much has been written about the critical shortage of skilled cyber security workers. Estimates vary, but most experts agree the shortage will soon number in the millions.
Frost & Sullivan predicts a global shortfall of 1.5 million cyber security jobs by 2020. Cyber security Ventures forecasts a tripling in the number of unfilled cyber security jobs by 2021, with the shortage reaching 3.5 million.
In March of last year, McAfee (now owned by Intel) and the Center for Strategic and International Studies released a study on the global shortage of cyber security workers. The report was based on a survey of 800 IT decision makers in eight countries.
The results confirmed what you probably already know:
- An overwhelming 82 percent of respondents said there is a shortage of skilled cyber security workers in their organization and in their country.
- Respondents in all countries said cyber security education was deficient, and more than three-quarters said their government is not investing enough in cyber security talent.
- More than 70 percent said the shortage in cyber security skills does “direct and measurable damage” to their organizations.
Now, the million-dollar question is: What can I do about all this? While the shortage will continue, these are steps you can take to grow you current cyber security workforce, plan for the future and mitigate the damage open positions can cause.
Step up your outreach
Broad community outreach is a requirement for finding skilled workers now and building the cyber security workforce of the future. This requires thinking beyond traditional methods of outreach. As Harvard Business Review (HBR) puts it, don’t limit yourself to the same old career fairs and recruiting programs. That’s not enough in the modern world.
Make connections with local high schools, technical programs, community colleges and four-year universities. Offer to speak to classes about the perks of a cyber security career, including high salaries and job security, to build your recruiting base.
In addition to educational institutions, consider partnering with with local government organizations, chambers of commerce and other civic groups to spread the word about your organization and the need for skilled cyber security workers. The more awareness you can bring to the shortage, the more that can and will be done to fix the problem.
Consider non-traditional backgrounds
The companies that complain about the lack of skilled cyber security workers are often the same ones with very rigid expectations about the background and experience candidates should have. In the McAfee survey, respondents ranked hands-on experience and professional certifications as better ways to acquire cyber security skills than a degree, yet about half the companies still said they prefer candidates with a bachelor’s degree.
Building your cyber security workforce might require considering candidates with a non-traditional background – i.e. they might not have a four-year degree in computer science. Cyber security work requires many skills that can’t be learned in a classroom, including curiosity, ethics and problem solving. Much can be learned on the job, and the cyber security industry changes so fast that what students learned in class last year may be out of date.
As HBR reported, IBM is addressing the talent shortage by creating what they call “new collar” jobs that prioritize skills, knowledge and willingness to learn over degrees. People who demonstrate a natural aptitude for skills like problem solving can learn the technical side through professional certifications, on-the-job training and community college courses.
Boost education and training programs
Along those lines, finding and hiring strong cyber security workers requires investing in educational and training programs. Through your outreach connections, offer to sponsor students who want to pursue a career in cyber security. Launch scholarship and/or tuition assistance programs, cover the cost of professional certifications and provide paid on-the-job training. Given the high and rising cost of education, prospects will be attracted to companies that help pay for their schooling and training.
You may also want to consider cross-training all your IT staff in cyber security, even if that’s not their area of expertise or part of their job description. The wider pool you have to tap when cyber security issues need to be addressed, the stronger your defenses will be.
Simplify your defenses
If you’re facing a critical shortage that can’t wait for long-term strategies, it’s time to look at simplifying and streamlining your cyber security approach. This doesn’t mean weakening your approach, just making sure it’s not working against you.
As the Forbes Technology Council describes it, complexity is the enemy of security. Among the council’s recommendations for streamlining your approach:
- Centralizing your organization’s security with simple, proven and effective controls
- Eliminating bottlenecks by spreading security tasks among a broad team of developers and testers, rather than relying on a small team of cyber security-focused workers to rapidly deploy required technology
- Simplifying security architecture by demolishing old perimeters, moving workloads to standard platforms in the cloud and protecting each workload with modern defenses
Never take a haphazard approach to security. Set specific plans and objectives in place, and clearly communicate those to your cyber security team. Make sure your team is spending their time on the most pressing threats and the highest-priority technologies. Click below to learn more about Teramind.