The Battle for Cyber Talent: A Balance Between Quantity and Quality
Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Jon Check of Raytheon, an RTX Business, charges into the battle for cyber talent while pushing for a balance between quality and quantity.
The cybersecurity industry faces a daunting challenge in the battle for talent. With the increasingly complex threat landscape, the demand for advanced security solutions is higher than ever. To meet this challenge, we need a workforce with a broad range of skills and expertise.
However, simply focusing on volume alone will not solve the problem. As an industry, we must reflect on whether we are doing everything possible to achieve the right balance of quantity and quality in our workforce. This requires looking beyond traditional cybersecurity resumes for new talent, supporting education and training programs, and creating positive work environments. By doing so, we can develop a quality cyber workforce critical to fighting today’s threat actors.
Cyber Talent: Balancing Between Quality and Quantity
Looking Beyond the Traditional Cyber Resume
To widen the talent pool and bring different perspectives to the field, organizations must diversify where and how they find potential cyber job candidates. This change is essential for solving unique security challenges and addressing the evolving threat landscape.
For instance, individuals from various fields and backgrounds can possess skill sets well suited for a career in cybersecurity. Critical thinking, communication, and problem-solving skills, often found in finance, math, and science industries, are crucial for cyber defenders to do their jobs efficiently. Additionally, recruiters should recognize the value of soft skills such as public speaking, teamwork, and personableness. These skills are especially helpful when a breach occurs, and all stakeholders must be alerted and kept up to speed.
To attract this diverse talent, recruitment processes, and messaging must shift. This refinement includes updating databases, field matching, and role descriptions to attract those with varied skill sets successfully. Recent Congressional testimony shows that removing a bachelor’s degree from early-career cybersecurity job postings can increase the candidate pool by over 60 percent. By taking these steps, organizations can ensure their job postings are accessible to everyone, which helps individuals qualify for positions regardless of their experience or education by applying attributes from adjacent fields to cyber jobs. This can be implemented by inviting candidates based on demonstrated ability and skills-based assessments.
Investing in Education and Training Programs
According to the (ISC)² 2022 Cybersecurity Workforce Study, 43 percent of respondents cited a lack of qualified talent as the most significant cause of staff shortages. To address this issue, security leaders can take an active role in training candidates and providing the resources to develop the necessary qualifications for the job.
Organizations should start by creating more equitable opportunities for potential talent to learn about what a career in cybersecurity entails. Providing or sponsoring education programs for K-12 and colleges can create better awareness around cybersecurity as a career and provide beneficial mentorship and shadowing opportunities. For example, Girls Who Code and the Girl Scouts Cyber Challenge offer curriculum-based programs and mentorships tailored to prepare women for success early in their cyber careers. Additionally, organizations should consider collaborating with colleges and universities to host events that enable students to gain hands-on experience and connect with field experts. The National Collegiate Cyber Defense Competition is an excellent example of such an event, bringing together college students from across the country to test their skills, network, and connect with mentors, laying a critical foundation to prepare themselves for a career in cyber.
Moreover, there needs to be more emphasis placed on the value of company programs that train cyber defenders to meet specialized needs and challenges within the cybersecurity field. These programs can become another source for developing talent internally by providing non-cyber employees an opportunity to switch career paths, especially if they have the right skill sets and passion to learn something new. By investing in training and development programs, organizations can create a pipeline of qualified talent and reduce the need to rely solely on experienced candidates.
Creating a Positive and Supportive Work Environment
One way to achieve this is by embracing the concept of “Cyberlandia” – a people-first work culture that empowers cyber defenders to feel prepared for any threats they encounter. In Cyberlandia, new employees are encouraged on their path to learning and empowered to try new projects and roles. They also have a space to vocalize what they need to be productive on the job, such as changes to the work schedule or more training opportunities.
The cyber talent shortage is an industry-wide issue that requires a collective effort to solve. It’s not just about increasing the number of cyber professionals, but also about hiring, training, and supporting the people who can effectively overcome the next cyber-attack. Organizations must focus on building a high-caliber cyber workforce to put themselves in the best possible position to combat evolving security threats. By investing in their employees and creating a supportive work environment, organizations can attract and retain top talent, reduce burnout, and ultimately improve the quality of their security teams.
- The Battle for Cyber Talent: A Balance Between Quantity and Quality - August 28, 2023