The cybersecurity skills gap: How businesses are attracting cyber talent
The effects of the global pandemic on the job market have been profound. It has impacted everything from healthcare to how we learn, work, and communicate with each other. Many businesses have folded, and employees have been laid off throughout the world. Advances in technology and the rise of automation are also replacing many traditional roles.
Organizations have been forced to invest in new technologies and embrace remote working tools and cloud solutions. Even Microsoft CEO Satya Nadella revealed they had experienced two years of digital transformation in just two months. The focus is now shifting to how businesses can protect data and defend their corporate networks when their employees can work anywhere and everywhere.
As emerging technologies enter the spotlight and hybrid working becomes the norm, having the right in-demand skills can enable anyone to secure one of the 3.5 million unfilled cybersecurity roles expected to be created in 2021. As demand for cyber talent continues to rise and outpace supply, businesses are exploring creative methods to attract new and experienced cybersecurity professionals.
Retiring the hacker in a hoodie stereotype
When searching any stock footage website for a supporting image for an article around infosec, hacking, or cybersecurity, the results will consist of teenage hackers in a basement hunched over a keyboard or script kiddies in a hoodie. Every news story, TV show, or movie also promotes the same outdated stereotype. Thankfully, this fear-based and non-inclusive approach to security is slowly being retired.
Traditionally, cybersecurity has had a diversity and inclusion problem. In 2013, a report revealed that women shockingly made up around 11% of the global cybersecurity workforce. By 2020, Cybersecurity Ventures revealed that it had increased to 20%. Many blame the perception of cybersecurity as a 'male-dominated field' as one of the big reasons we need to retire these lazy stereotypes.
Diversity is just another corporate buzzword or box-ticking exercise. It empowers businesses with different disciplines, alternate perspectives, skills, and innovations to approach problems differently.
If your greatest cyber vulnerability is a lack of cybersecurity talent, it should serve as a reminder that you need to think differently and cast your net wider.
Hackers are from different communities, genders, and age groups. They collaborate and pool their resources to create sophisticated and more diverse attack methods. The problem is that cybersecurity professionals typically consist of groups from the same background who broadly think the same. Without a wide range of perspectives, innovative thinking, and the ability to approach risk differently, the attackers have a clear advantage.
Thankfully, the industry is beginning to wake up to the importance of neurodiversity. For too long, those that think differently or are diagnosed with autism, ADHD, and dyslexia were marginalized. Neurodivergent workers are armed with pattern recognition and a diverse set of crucial skills desperately needed by cybersecurity teams.
With skills in short supply, every organization will be competing for the same pool of talent. You will need to explore unique and creative methods to catch the attention of cybersecurity professionals who are spoilt for choice. When looking for opportunities, your candidates will be endlessly scrolling through a list of cybersecurity roles that all look the same.
Is your company culture in danger of looking boring to young and vibrant cyber talent? For example, threat hunting has become an important way for businesses to prevent data breaches, and there is also a need for hackers to help find code defects. Would the uber-cool job titles of "Threat Hunter" or "Bug Bounty Hunter" be more appealing to candidates than the dull and corporate sounding "Security Analyst" position?
Running and promoting competitions in the form of bug bounties and hackathons can also help you identify talent based on the ability of a candidate rather than a qualification that was earned five years ago. Businesses also need to inspire more young people from multiple backgrounds to develop their tech skills and help them envision themselves with a career in cybersecurity.
The answers you are searching for might already be hiding in plain sight.
You may already have a wealth of eager talent working within your company who are looking for a new challenge. It is often more cost-effective to train and develop existing employees who already know everything about your business and infrastructure.
Thinking differently to attract, retain and train new cybersecurity talent
Businesses need to understand that successful cybersecurity individuals possess much more than certificates, qualifications, or a LinkedIn profile that stands out from the crowd. According to IBM, its critical attributes such as adaptability, compliance, dependability, while being inquisitive and resilient make people suitable for a career in cybersecurity. Existing employees that are unqualified on paper could be prime candidates for training.
Stats suggest that cybercrime costs will have an economic impact of $6 trillion here in 2021. By contrast, the shortfall in cybersecurity skills and staffing is estimated to rise to 3.5 million people by the end of the year. You don't need to be a mathematical genius to work out what needs to happen to transform the industry and ensure businesses have a fighting chance against an increasing number of cyber attackers.
The time has come to think differently and look at the landscape from a variety of perspectives.
Stock images showing waterfalls of 0s and 1s and hooded cybercriminals can finally be retired. We are beginning to celebrate neurodiversity, different backgrounds, unique experiences, intellects, and sexualities. We are creating a much-needed melting pot of cultures that bring creativity and innovation that cybersecurity desperately needs.
Replacing stereotypes with diversity and inclusion will not only help businesses attract cyber talent and address the cybersecurity skills gap, it’s also a huge step forward in the name of progress. Celebrating the differences in teams is about uniting our collective experiences and perspectives so we can innovate and solve problems together. So what are you waiting for?