Author: Kurt John
ISACA’s State of Cybersecurity 2020 research on hiring and retention requires us to confront a challenging reality: We simply aren’t making enough progress.
Here’s just a small sample of what respondents shared:
>> Nearly two-thirds (62 percent) said their organization’s cybersecurity teams are understaffed;
>> More than half said they have unfilled cybersecurity positions on their teams;
>> Nearly one-third (32 percent) said it’s taking companies six months or longer to fill unfilled positions.
So, that’s the bad news. Yet as I read the report more closely, I also saw potential opportunities.
I believe we can move the needle in a more promising direction by embracing a mindset change when it comes to how we view talent.
We hear frequently that the cybersecurity industry faces a skills gap. In the survey, 70 percent of respondents said fewer than half of cybersecurity applicants are well qualified. Only 27 percent said recent university graduates in cybersecurity are ready for the challenges they’ll face in the field.
But is this really surprising? We’re in a moment in time when technology is changing more rapidly than ever before. It’s no longer possible for anyone to learn everything they’ll need to know for their career prior to embarking on it.
Employers must now view themselves as educators, too. From companies to employees, we all need to embrace the concept of lifelong learning. By fostering a culture of both up-skilling, re-skilling and continuing education, we can help provide employees with a platform to own their career development.
We also can successfully address the challenge of retaining talent. Around two-thirds of respondents – an increase from last year – shared that they’ve struggled with keeping talent onboard. Invest in employees by helping them evolve their skills is a way that managers can demonstrate that they’re committed to their people.
Another action we can take is even more fundamental: Let’s do what it takes to grow the overall talent pool of cyber professionals by embracing diversity and inclusion in all forms.
We can ill afford to arbitrarily limit access to talent due to historically pre-conceived notions of what constitutes a good candidate – like having a four-year degree on the resume. This is the right time to encourage public-private partnerships that inspire more people to pursue options such as career technical education in high school, two-year technical programs at community colleges, or apprenticeships that help people build cybersecurity skills. Having training and credentials is indeed a strong substitute for hands-on experience – and again, learning is now a lifelong endeavor.
Another important initiative is gender diversity. Still only 49 percent of organizations, according to the research, have a diversity program in place to support female cybersecurity professionals. And here’s where analysis done in another sector – manufacturing – might inspire us.
It was determined in the manufacturing sector that closing the gender gap by just 10 percent would actually cut the overall worker shortage in half. Surely the same opportunity is present in cybersecurity, underscoring the importance of attracting people who have not been historically active in the field or who lacked pathways into the industry.
As we look to the future, tools like machine learning and analytics might help organizations detect cyber issues – yet our security will ultimately depend on human experts who can make sense of the information and pursue a remedy. Clearly our commitment to human talent is every bit as vital as our R&D strategy or investment in new technology.
We have some way to go when it comes to hiring and recruiting. Still, I’m encouraged. With a mindset change and through an action-oriented approach to cultivating human talent, the research can – and will – tell a more positive story in the years to come.
And our industry will be stronger and more innovative as a result.
Author: Kurt John, Chief Cybersecurity Officer, Siemens USA
Date Published: 24, February 2020
This blog also available at ISACA Now Blog.
For our upcoming members’ events, seminars, workshops, and review courses etc like our Facebook page and follow us on Twitter.