Organizations and security leaders must change their recruiting and team-building approaches to have fewer obstacles, be more diverse, and take the long view in the face of the global cybersecurity skills shortage.
The cybersecurity sector continues to be plagued by a global skills shortage. As per PwC’s Global DTI 2021 survey, globally, an estimated three million or more cybersecurity positions are unfilled. Without recruiting firms and CISOs intervening, the gap is unlikely to close. As a result, security executives and organizations must take more strategic approaches to recruiting and team building.
The reality facing enterprises is that there are simply not enough qualified cybersecurity professionals to effectively protect sensitive assets in today’s world. As a result, more companies will need to change their hiring practices for cybersecurity roles.
Clearly, steps are being taken both inside and outside the global cybersecurity industry to help solve the skills gap by facilitating smarter recruiting and team building. But what exactly constitutes a smarter recruitment and team retention strategy for companies, and what effect will it have on businesses and the broader sector?
Remove the need for cybersecurity degrees and qualifications
There is usually a sizeable information gap between academics and real-life operations, so businesses will always have to spend time and effort getting them up to speed with current technologies in use. Furthermore, a degree or qualification may not include people who are capable to perform the duties needed in their position but have chosen not to pursue further education. To include talent that goes beyond degrees, hiring should be based on talent and the right attitude first and foremost. Rather than looking for the most polished CVs, hiring managers should be looking at the applicants’ problem solving capabilities and their ability to adapt learning and development methodologies.
Take a long-term approach to security team growth and training
Taking a long-term approach to cybersecurity recruiting and team building is important. The emphasis of any recruiting strategy should be on how skills can be improved and individuals invested in over time, rather than on the immediacy of their skills and contributions, as is typical of most hiring approaches.
Leaders who take this approach must devote time and resources to the training and growth of the individuals they employ. It would be unfair to expect someone who needs skill development to produce the same results as someone who has done similar work before.
Make security teams that are inclusive and diverse
One of the main goals of smarter cybersecurity recruiting is to foster a diverse community within security teams.
Diverse teams perform better than homogeneous ones. In the face of dynamic and varied modern cyber threats, diversity of thinking, viewpoint, and experience can be extremely beneficial. Businesses can miss how an attacker is thinking if they have a team full of people who think the same way. If the team has a dissimilar range of work and life experiences, on the other hand, they are likely to remain one step ahead of even the most subtle attacks, by virtue of their ability to think horizontally, cover all risks and the variety of ways in which they can anticipate attacks.
However, fostering diversity necessitates more than just making security roles more open and appealing. There must also be a strong inclusion theory. It’s all well and good to hire workers from various backgrounds, but companies must have the infrastructure in place to enable these employees to succeed, and as they get better at what they do, companies benefit.