There’s no doubt, the pressure to fill the more than three million open cybersecurity jobs has risen as the number of cyberattacks increase in prevalence and sophistication. And with the cybersecurity job market expected to grow 31% in the U.S. by 2029, it appears our prospects for closing the talent gap are bleak without some significant changes in hiring strategies.
I’m not a talent acquisition specialist, but an intelligence analyst who has operated in the public and now private sector for more than 15 years. I know what it’s like to work in this world and build teams. I also have a large network of colleagues who openly share their experiences with the job market. So, I speak from the front lines when I say something has become fundamentally out of whack because I personally know several well-qualified cybersecurity specialists who are out of work, and I’d wager there are thousands more in the same situation. We’ve been talking about the skills shortage for years which creates an impression that anyone can get hired instantly and even write their own ticket – but clearly that’s not the case.
So, what’s going on?
The talent profile has changed
Roughly 73 million people were born in the U.S. between 1980 and 1996 and these millennials currently make up the bulk of the workforce. Research by Gallup shows they are purpose-driven and believe life and work should be worthwhile and have meaning. When a workplace doesn’t reflect these characteristics, millennials don’t stay and are more cautious about their next move. This overall decrease in employee engagement compared to previous generations has been exacerbated by the global pandemic.
For the public sector side this has hit home with plummeting enlistment numbers and a loss in diversity. For example, the U.S. Army missed its 2018 recruitment goals by about 6,500 and subsequently scaled back its recruitment goals by 50% for the next few years. The smaller number of recruits who are joining are often following in a parent or family member’s footsteps, and not necessarily drawn by the military’s updated focus on technology, cyberwarfare and building/modernizing communities.
On the private sector side, we’re on the cusp of a generation tiring of solving problems the technology industry created or chasing an exit strategy. On-site perks like ping-pong tables, free lunches and social activities aren’t enough to attract them to a 70-plus hour work week. And 2020 put this on its head. More than ever, employees value flexibility, mentoring and support for their wellbeing.
Hiring strategies need to mature
Cybersecurity has been around in some form for approximately half a century, so to some degree it’s natural for complacency to set in. But given the shifting talent profile, it’s time for a paradigm shift in recruitment. To fill the rising number of open positions, organizations in the public and private sector need to mature their approach to recruiting and retaining talent across the following three dimensions:
Focus on what you can control. Understand the paradigm shift required and retool the company’s marketing, culture and expectations to align with its recruitment goals. As defenders, we can’t afford to have talent sitting on the sidelines when there are such dramatic threats from the threat actors. We need to get started now.
Michel Huffaker, director, threat intelligence, ThreatQuotient