The 2022 (ISC)² Cybersecurity Workforce Study found that an additional 3.4 million cybersecurity workers are needed to secure assets effectively. While it’s a startling statistic, it should also not come as a surprise to cybersecurity leaders, given the high resignation rates across the technology sector. Cyber defenders are stretched thin, leading to increased burnout and dissatisfaction.
The ongoing skills shortage within the cybersecurity industry presents a significant issue, but it also brings with it an opportunity to attract new, non-traditional talent. This talent includes individuals who are looking to leave their existing jobs for new challenges and opportunities to expand their skills. A more diversified talent pool offers many benefits such as innovative, and creative ideas essential for solving major cybersecurity challenges.
If IT security leaders fail to realize the benefits of hiring more non-traditional talent, they will continue to struggle at maintaining their workforce, and will also risk limiting creativity when it comes to problem-solving. Leaders must collectively work to reframe the qualifications that make a strong cyber defender and prioritize continuous education and training.
Reframe cybersecurity talent
Rather than wait for an experience-heavy resume to come their way, IT security recruiters should prioritize certain characteristics and soft skills that make a great cybersecurity professional. It’s no longer about the years of experience, or the degree from a prestigious college – it’s about possessing the real-world qualities that can make for an effective cyber defender.
For example, many skills such as critical thinking, communication, and problem-solving needed to succeed in fields such as math, finance, and science are also crucial for the cybersecurity industry. Additionally, soft skills like being comfortable with public speaking, breaking down technical topics into concise, simplified conclusions, and simply being personable are important. A cyber defender may find something concerning, like a vulnerability, but it’s equally important how this finding gets communicated to C-suite leaders of the organization. They must also understand what these IT security professionals are concerned about to act on the root cause – which requires strong communication skills from the defenders.
I forged my own unconventional path into cybersecurity, coming from a background in environmental science. Early in my career I was doing hazardous material cleanup and after a long day fraught with danger, mostly caused by my co-workers, I decided to make a change. Problem solving has always been one of my strong skills, so I used that trait and started a new career as a PC tech. From there my IT career started leading to cybersecurity. I started learning all I could related to IT and found some good mentors to assist me.
Ultimately, it’s a willingness to learn what matters most when it comes to recruiting cybersecurity talent, so companies shouldn’t discount those who are passionate and up to the task of learning on the job.
Attract non-traditional talent
Organizations must also take action to ensure that potential talent doesn’t fall through the cracks during the recruitment process. This includes updating databases, field matching, and job descriptions that include transferable skills as an additional preference or requirement. Companies should also ensure their recruitment messaging makes it clear that those with non-traditional backgrounds could still qualify for certain positions and roles. Recruiters are encouraged to attend job fairs and similar events where networking can lead to strong candidates, despite not having the traditional background in IT security.
Companies also need to create a positive work environment that attracts talent, especially those that are newer to the cybersecurity field and may need more support and encouragement. To achieve this, organizations must embrace what I refer to as “Cyberlandia” – a people-first work culture where team members feel empowered and prepared to face whatever threats they may encounter. This creates a culture where new employees feel encouraged on their path, no matter their level of knowledge or background. We need to foster a positive work environment to avoid burnout in the industry, while increasing motivation and the desire to grow a career in the field. Cybersecurity can be stressful enough, with threats occurring 24/7/365 – we need cyber professionals to feel supported, empowered and satisfied in such a demanding role.
Prioritize training for diverse talent
Even for those that have years of experience in the IT security field, we need to make education a constant aspect of the job, especially as the threat landscape continues to evolve. As such, the cybersecurity industry as a whole must make an active effort to properly train the next generation of the workforce.
To accomplish this, companies should invest in training programs that help potential recruits develop the necessary skills for the job. Additionally, they should look to offer more equitable opportunities for those that want to learn more about a career in cybersecurity, but may not have the resources to do so. This includes sponsoring programs that offer mentorship and shadowing opportunities. For example, programs such as Girls Who Code and the Girls Scouts Cyber Challenge provide structured, female-led, and curriculum-based programs, and also offer mentors to help young women in the field - setting them up for success early on in their career journey.
Furthermore, organizations can participate in events like the National Collegiate Cyber Defense Competition (NCDDC) or the U.S. Cyber Games, which helps promote collegiate cybersecurity training and offers an opportunity for college students to network and connect with mentors. Not only will this help educate individuals on what a career path in this field looks like, but also promote a more diverse talent pool.
Thinking outside the box when it comes to recruiting cybersecurity talent will help address the widespread skills shortage within the industry. In return, this will also help drive innovation throughout the industry, bringing in more unique perspectives and skill sets to aid the next generation of the cybersecurity workforce. There’s never been a better time to consider a career in the field – our nation’s security depends on it!
Jon Check, executive director of cyber protection solutions, Raytheon Intelligence and Space