As we recognize National Cybersecurity Awareness Month this October, leaders face acute challenges recruiting and retaining cybersecurity professionals. In a tight job market, employers complain about a scarcity of IT security skills and unfilled jobs exacerbated by ever-increasing cyberthreats that place infrastructure and data at risk.
Cybersecurity Ventures predicts that by 2021, there will be a shortage of 3.5 million cybersecurity pros. Yet hackers appear to be in abundant supply and harness automated tools to exploit vulnerabilities, making it difficult for companies to keep pace with an onslaught of attacks.
In honor of the Week 2 theme of National Cybersecurity Awareness Month, “Millions of Rewarding Jobs: Educating for a Career in Cybersecurity,” we present the following tips for finding cybersecurity talent. What these strategies have in common is a need to broaden your approach and consider varied skills and non-traditional backgrounds.
1. Seek out military veterans
Some 250,000 people are expected to leave the U.S. military annually for the next five years. These transitioning veterans offer a great source of talent to plug the cyberskills gap. Veterans thrive under pressure and have complementary skills and experience in operational processes and procedures. What’s more, many already have security clearances.
The Department of Homeland Security’s National Initiative for Cybersecurity Careers and Studies (NICCS) offers a veteran’s program that includes free online cybersecurity job training. State and local governments and non-profit organizations such as Hiring Our Heroes and the Warrior to Cyber Warrior program also provide training and can be a source of great recruits for your cyber team.
2. Focus on females
As you’ve likely observed, cybersecurity is a heavily male dominated field and women are woefully underrepresented. Women make up only a meager 11% of the global cybersecurity workforce.
Target the female ranks by working with HR to focus on diversity. Recruit from institutions with a higher enrollment of women. Get involved with groups such as the Executive Women’s Forum on Information Security, Risk Management and Privacy, Women in AppSec or Women in Security and Privacy and pursue candidates at technology events such as the Grace Hopper Celebration.
Interestingly, the Harvard Business Review notes that the accounting industry suffered from stark underrepresentation in the 1950s. Conducting awareness campaigns and hiring initiatives for women in accounting solved the problem. We see the opportunity to drive similar success in cyber now.
3. Broaden the scope
Give some thought to your IT security job descriptions. Do all cybersecurity positions really require an IT security degree or even a college degree? Consider skills such as scientific research, statistics or analytics, physics and mathematics, psychology, and anthropology, to name a few. Reconsider the frequent practice of posting positions that require an unattainable laundry list of skills that go unanswered, and be willing to entertain candidates who are entering the field at different points in their careers.
Search outside your particular area to expand the pool of talent. Relocation may be possible, but many of today’s jobs can be done remotely be teams far and wide. In fact, computer-based cyber roles are ideal for remote workers.
Another way to tackle the skills shortage is to help groom the next generation for cyber careers. In addition to offering high school and college internships, sponsor STEM-oriented events such as hackathons, code camps and capture the flag contests. When possible, participate in public-private partnerships and programs focused on cultivating cybersecurity skills.
4. Develop internally
Rather than poach from other companies, groom internal talent for cybersecurity roles. Tap general IT, engineering, research and operations personnel who already have technical knowledge and aptitude. Or think more broadly and consider HR staff for security training roles, factory/warehouse production operators for security program management, financial analysts for cyber data analysts, or marketing staff for security communications programs. Develop programs such as job rotation, shadowing and cross training to impart the necessary skills.
5. Automate security to fill the gaps
Automate security functions whenever and wherever as possible. Also keep tabs on advances in artificial intelligence and machine learning.
ISACA recommends investing in security automation tools. For example, NowSecure AUTO automates mobile application security testing in the dev pipeline to uncover vulnerabilities much faster than humans could perform the task. It also provides straightforward results that don’t require skilled analysts to interpret. Let systems perform mundane or repeatable work to free up security experts to focus on more difficult problems.
Finally, an additional strategy for contending with the cyberskills shortage is to outsource specialized security functions for which in-house skills are lacking. One common area to outsource is mobile app security penetration testing. For instance, the NowSecure services team can deliver cost-effective advanced mobile app penetration testing and also provides mobile app security certification for commercial use.
