I have been thinking a lot lately about what we can do to help organizations bridge the cybersecurity skills gap. With large-scale ransomware attacks happening on an almost-daily basis, we know that the threats are real and that we need to get ahead of them. We see security incidents today having a greater impact than ever before (the SolarWinds attack is a perfect example of this), which makes closing the skills gap even more imperative.
Having a robust security infrastructure in place is critical, but so is hiring and keeping the talent to run those systems. But it’s not enough to just focus on filling open positions today, organizations must consider the bigger picture and start investing in the workforce of tomorrow. Here are a few ideas to grow the cybersecurity workforce and up-level those who are currently engaged in this important and interesting work.
Sometimes the answer is right under your nose. Consider hiring, mentoring, and up-leveling people within your organization who are already invested in the field and are eager to learn and grow. With some basic cybersecurity training (some courses even provided for free), interested employees can get up to speed quickly and start enjoying more challenging and satisfying work. Look inside your teams and the teams adjacent to you for people who are already interested in cybersecurity and are eager to grow.
Community organizations want to help individuals begin their careers in cybersecurity, and they also want to see them advance into leadership roles. One solution that will help close the skills gap is to seek out and hire underrepresented candidates. However, providing them with the needed educational resources and skill-building opportunities is yet another challenge. Cybersecurity education is not always accessible to these groups, which can lead them to pursue other career paths.
Through the cooperation of public and private partnerships, community groups and organizations can help increase the number of women and minorities within cybersecurity by providing the appropriate resources, such as NSE Training and access to other content and programs. These partnerships can also help provide the training and mentorship programs for women and minorities looking to transition or grow within the field of cybersecurity.
Along with universities that offer cybersecurity curricula, several community organizations recognize the value of diversity in the industry, providing content and programs designed to address the talent shortage. ICMCP and WiCyS are two examples of such groups.
IT recruiters can get creative and consider candidates who usually don’t fit the traditional cybersecurity-professional mold. And the field changes so quickly that recruiters must continue to re-orient their perspectives and think outside the box. By casting a wider net, recruiters can possibly catch a more diverse workforce, expanding their talent pools and playing an active role in bridging the skills gap.
Organizations have discovered some of their best cybersecurity employees by looking within their own IT departments, encouraging individuals who may no longer be stimulated or challenged in their current roles to move laterally into a cybersecurity position by completing training programs and/or certifications. These employees are already invested in the company, and can bring a new, fresh perspective.
Filling the existing gap won’t be a quick fix, but it will require a long-term strategy. The industry needs to rethink how it develops and maintains a sustainable, continual pipeline of future talent. One of the biggest obstacles in the cybersecurity workforce hiring process is that the requirements are often stringent and unattainable. Even qualified individuals might not meet the unrealistic requirements of an overzealous hiring manager. Start with basic must-have qualifications and assess the individual as a whole, from their past accomplishments to their current tendencies and aspirations, and help them grow from there. It has been my experience that smart, interested people can tackle even the steepest learning curves and start contributing to the organization in no time. Don’t let hiring based on a predetermined list of high-level qualifications rule out a diamond in the rough—some of the most talented and capable employees are recent graduates, for example, who are eager to learn and most excited about the profession.
Once you find the right candidates, on-going training is a must. On-site and self-paced cybersecurity training will help new hires pick up the technical, interactive skills they need to monitor networks and mitigate threats. Tenured employees even appreciate and benefit greatly from continued cybersecurity training, whether in-person, online, or through seminars, webinars, and conferences.
It is possible to fill the empty cybersecurity roles, with the goal of 100% coverage of all cybersecurity jobs, so that organizations can present the strongest front against increasing cyber assaults. The good news is that the latest (ISC)2 Cybersecurity Workforce Study found that the number of skilled professionals needed to close the cybersecurity skills gap has shrunk from 4.07 million to 3.12 million—but that’s still more than 3 million vacancies. That’s a good start, but there is clearly still more that can be done. Just filling current openings isn’t enough; the industry needs to develop a continuous, sustainable model to cultivate, build, and maintain the cybersecurity workforce pipeline. By getting creative in finding untapped talent and partnering with community groups, organizations have the opportunity to close the skills gap and build the robust, populous cybersecurity workforce of tomorrow.
Subscribe to Fortinet's YouTube channel for the latest video content from Fortinet, FortiGuard Labs, and our Training Advancement Agenda (TAA), including customer stories, product demos, interviews on the latest cybersecurity trends, and more.