There’s no doubt, the pressure to fill the more than three million open cybersecurity jobs has risen as the number of cyberattacks increase in prevalence and sophistication. And with the cybersecurity job market expected to grow 31% in the U.S. by 2029, it appears our prospects for closing the talent gap are bleak without some significant changes in hiring strategies.
I’m not a talent acquisition specialist, but an intelligence analyst who has operated in the public and now private sector for more than 15 years. I know what it’s like to work in this world and build teams. I also have a large network of colleagues who openly share their experiences with the job market. So, I speak from the front lines when I say something has become fundamentally out of whack because I personally know several well-qualified cybersecurity specialists who are out of work, and I’d wager there are thousands more in the same situation. We’ve been talking about the skills shortage for years which creates an impression that anyone can get hired instantly and even write their own ticket – but clearly that’s not the case.
So, what’s going on?
The talent profile has changed
Roughly 73 million people were born in the U.S. between 1980 and 1996 and these millennials currently make up the bulk of the workforce. Research by Gallup shows they are purpose-driven and believe life and work should be worthwhile and have meaning. When a workplace doesn’t reflect these characteristics, millennials don’t stay and are more cautious about their next move. This overall decrease in employee engagement compared to previous generations has been exacerbated by the global pandemic.
For the public sector side this has hit home with plummeting enlistment numbers and a loss in diversity. For example, the U.S. Army missed its 2018 recruitment goals by about 6,500 and subsequently scaled back its recruitment goals by 50% for the next few years. The smaller number of recruits who are joining are often following in a parent or family member’s footsteps, and not necessarily drawn by the military’s updated focus on technology, cyberwarfare and building/modernizing communities.
On the private sector side, we’re on the cusp of a generation tiring of solving problems the technology industry created or chasing an exit strategy. On-site perks like ping-pong tables, free lunches and social activities aren’t enough to attract them to a 70-plus hour work week. And 2020 put this on its head. More than ever, employees value flexibility, mentoring and support for their wellbeing.
Hiring strategies need to mature
Cybersecurity has been around in some form for approximately half a century, so to some degree it’s natural for complacency to set in. But given the shifting talent profile, it’s time for a paradigm shift in recruitment. To fill the rising number of open positions, organizations in the public and private sector need to mature their approach to recruiting and retaining talent across the following three dimensions:
- Marketing: Pivot the company’s marketing and recruiting materials to reflect a mission of making a difference, serving the greater good and diversity. Whether it’s building roads and setting up orphanages or developing high-impact programs to give back at a grassroots level. Also, be more mindful about how the company targets its recruiting in the short and long term. Creative options that bridge to the gig economy and create opportunities for tech innovators who want to help, can fill gaps in the near term and diversify and expand the network for potential candidates in the future.
- Culture: Emphasize growth, opportunity, and work-life balance. The U.S. government takes a finite pool of resources and cross-trains them to whatever the mission dictates. College degrees are not required. Emphasize this more. I personally benefitted from this to forge a career in cybersecurity. For private sector companies, dig deep to understand how to make work-life balance sustainable, even more challenging now as a hybrid work model becomes the norm. Lean into growth from within models versus hiring from the outside, particularly in startups where much of the innovation happens.
- Expectations: The expectations of hiring managers are often absurd, and that’s why a great number of good candidates sit on the sidelines. Salaries are high, but many positions are an amalgamation of two or three different roles that require very different skillsets. These positions go unfilled or result in high turnover and companies pay a high cost. However, when the company’s marketing and culture align with the priorities of workers in this generation, the business can start to build a reputation and pipeline that allows it to stop chasing unicorns. Create an achievable hiring plan with job descriptions that make sense.
Focus on what you can control. Understand the paradigm shift required and retool the company’s marketing, culture and expectations to align with its recruitment goals. As defenders, we can’t afford to have talent sitting on the sidelines when there are such dramatic threats from the threat actors. We need to get started now.
Michel Huffaker, director, threat intelligence, ThreatQuotient