Just as all companies are now technology companies, all companies are security companies. Demand for cybersecurity professionals has grown exponentially in recent years. Globally, demand for qualified security employees exceeds interested job seekers. As this imbalance looks likely to continue to grow, let’s look at ways in which companies can address the problem.
The gap between openings and qualified job seekers exists across all areas of cybersecurity. A report from Cisco estimates that there are currently one million unfilled openings in the field. Symantec has estimated that the number of unfilled positions will grow by 50 percent to 1.5 million. Understanding these gaps is crucial for companies to effectively staff their cybersecurity departments.
Understanding the Problem
The cybersecurity hiring gap varies across geographies. For instance, the overall difference between available cybersecurity professionals and job openings is greatest in Israel, Ireland, and the U.K., and lowest in the U.S. and Canada. However, interest in ethical hacker positions exceeds the supply of openings in a few countries, including the U.K.
Other positions also show large variations between job seeker interest and hiring company openings. Notably, one study shows that interest in chief information security officer positions in the U.S. is more than double the available positions. It is not clear, however, if this mismatch is due to a large available pool of qualified professionals or (more likely) strong interest driven by the high salaries and prestige such jobs command.
Examining Potential Solutions
Given the growing unmet need for qualified cybersecurity professionals, how can companies ensure that they can attract, hire, and retain the IT talent they need?
Companies can start by clearly understanding and defining their cybersecurity needs. What tasks can possibly be outsourced and what skills are crucial to develop in-house? Rather than creating one broadly-scoped position that requires a mythical unicorn to fill, breaking the position into multiple, tightly-defined positions increases the likelihood of finding individuals with matching IT skills and experience.
Expanding a talent search globally is another approach that could yield results. For instance, companies in countries seeking CISOs where there are few applicants might look to the U.S. or Canada for qualified candidates. Companies in search of system administrators could turn to Ireland where there is a surplus of interested job seekers for cybersecurity talent.
Allowing cybersecurity professionals to work remotely is another way companies might boost hiring and employee satisfaction/retention. One study found that 41 percent of IT talent rated the ability to work from home as their top perk desired from employers. Offering remote work options also supports the ability of companies to look beyond their geographic boundaries for workers, thus increasing their odds of hiring qualified employees. Remote work also offers a safer way to deal with the visa restrictions that are becoming commonplace today.
Developing the cybersecurity pipeline through internships is an important component in addressing the skills deficit. Universities that are a general source of engineering talent might not offer students the specific security training companies need. Business can partner with schools to create opportunities for students to be introduced to, become interested in, and start learning the fundamentals of cybersecurity to better prepare them to fill entry-level openings as the number of openings continues to grow.
Similarly, companies could look to providing in-house training to assist existing employees in expanding their cybersecurity knowledge. There are a growing number of institutions offering online courses businesses might partner with and make available to staff. Providing incentives to take classes, covering or sharing the cost of education, and creating paths for advancement based on demonstrated learning are ways employers can potentially boost both cybersecurity skills and employee retention.
Looking beyond college degrees is another creative approach to finding qualified cybersecurity talent. Specific skills certifications can better indicate a candidate’s ability to perform a job. Competitions and testing are other methods of determining a potential employee’s fitness rather than looking for a broad university education.
In addition to potentially outsourcing some cybersecurity tasks, there are a growing number of automation and software options that can reduce the need to hire employees. Automated software solutions can handle some jobs, such as routine monitoring of systems or evaluation and escalation of alerts and notifications. Artificial intelligence solutions are increasingly able to predict and stop attacks before they happen. By using automation, workers have increased time available to focus on strategic initiatives. Also, using software in this way can reduce the need for administrative positions therefore helping meet the hiring demand.
The bottom line for all companies is that they need to take seriously the increasing difficulty in hiring qualified cybersecurity professionals. As all businesses grow their connection to the cloud, build digital databases, and increase their use of internet connected devices, so will they need employees who are trained to secure valuable assets. Creative approaches to filling the cybersecurity pipeline will be essential for companies to succeed in our increasingly connected world.